From fe4429ba3ed7469feece8b79bf742f82eb906e63 Mon Sep 17 00:00:00 2001 From: Hans-Joachim Kliemeck Date: Tue, 12 Jan 2016 09:52:08 +0100 Subject: [PATCH] fixed problems related to userpricincipalname (user@domain) and undefined variables fixed variable capitalization --- windows/win_acl.ps1 | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/windows/win_acl.ps1 b/windows/win_acl.ps1 index 4ea4a2e7c6b..2e20793e1fe 100644 --- a/windows/win_acl.ps1 +++ b/windows/win_acl.ps1 @@ -27,52 +27,49 @@ #Functions Function UserSearch { - Param ([string]$AccountName) + Param ([string]$accountName) #Check if there's a realm specified - if ($AccountName.Split("\").count -gt 1) + + $searchDomain = $false + $searchDomainUPN = $false + if ($accountName.Split("\").count -gt 1) { - if ($AccountName.Split("\")[0] -eq $env:COMPUTERNAME) - { - $IsLocalAccount = $true - } - Else + if ($accountName.Split("\")[0] -ne $env:COMPUTERNAME) { - $IsDomainAccount = $true - $IsUpn = $false + $searchDomain = $true + $accountName = $accountName.split("\")[1] } - } - Elseif ($AccountName.contains("@")) + Elseif ($accountName.contains("@")) { - $IsDomainAccount = $true - $IsUpn = $true + $searchDomain = $true + $searchDomainUPN = $true } Else { #Default to local user account - $accountname = $env:COMPUTERNAME + "\" + $AccountName - $IsLocalAccount = $true + $accountName = $env:COMPUTERNAME + "\" + $accountName } - if ($IsLocalAccount -eq $true) + if ($searchDomain -eq $false) { # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too - $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $AccountName} + $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $accountName} if ($localaccount) { return $localaccount.SID } } - ElseIf ($IsDomainAccount -eq $true) + Else { #Search by samaccountname $Searcher = [adsisearcher]"" - If ($IsUpn -eq $false) { - $Searcher.Filter = "sAMAccountName=$($accountname.split("\")[1])" + If ($searchDomainUPN -eq $false) { + $Searcher.Filter = "sAMAccountName=$($accountName)" } Else { - $Searcher.Filter = "userPrincipalName=$($accountname)" + $Searcher.Filter = "userPrincipalName=$($accountName)" } $result = $Searcher.FindOne()