获取ChildItem证书：\n PowerShell脚本出现问题

我正在编写的PowerShell脚本有一个有趣的问题，它会向我们的组发送一封电子邮件，让我们知道服务器上的证书何时即将过期。在命令行中，每一行代码都能正常工作，但是当脚本运行时，$bodyMid变量不会返回Get ChildItem命令的结果

代码：

# Extract information from Server Event Logs
$eventLog = Get-EventLog -LogName Application -EntryType Warning -Newest 1 -Source AutoEnrollment | Select EventID, MachineName, EntryType, Source, Message
$eventString = Out-String -InputObject $eventLog
$msgLength = $eventString.length
Write-Host "Length:" $msgLength
Write-Host "Message Body: " $eventString

# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrint = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrint
$thumbPrint = $thumbPrint.Replace(" ", "")
$thumbPrint = $thumbPrint.Replace("'", "")
Write-Host "Processed Thumbprint: " $thumbPrint

# Extract the Certificate information from the Server
$certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsNameList, PSPath, NotBefore, NotAfter
$bodyMid = Out-String -InputObject $certInfo
$bodyCount = $bodyMid.length
Write-Host "Mid-Body Count: " $bodyCount
Write-Host "Mid-Body: " $bodyMid

运行时，结果如下：

PS C:\Scripts> .\ServiceNotify.ps1
Length: 543
Message Body:

EventID     : 64
MachineName : ADFS-01.contoso.com
EntryType   : Warning
Source      : AutoEnrollment
Message     : The description for Event ID '-2147483584' in Source 'AutoEnrollment' cannot be found.  The local computer may not have the
              necessary registry information or message DLL files to display the message, or you may not have permission to access them.
              The following information is part of the event:'local system', '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'

Thumbprint String:  '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'

Processed Thumbprint:  814d26bbef9430253244e1c7bb5192798bc65d29

Mid-Body Count:  0
Mid-Body:

但是，当我在脚本外部分配变量并在PowerShell内部逐行运行它们时，它的工作方式应该是：

PS C:\Scripts> $thumbPrint = "814D26BBEF9430253244E1C7BB5192798BC65D29"
PS C:\Scripts> $certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsName
List, PSPath, NotBefore, NotAfter
PS C:\Scripts> $bodyMid = Out-String -InputObject $certInfo
PS C:\Scripts> $bodyCount = $bodyMid.length
PS C:\Scripts> Write-Host "Mid-Body Count: " $bodyCount
Mid-Body Count:  352
PS C:\Scripts> Write-Host "Mid-Body: " $bodyMid
Mid-Body:

FriendlyName : DC-WC-Cert-2016-2019
Thumbprint   : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList  : {*.contoso.com, contoso.com}
PSPath       : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore    : 3/4/2016 11:00:00 AM
NotAfter     : 6/4/2019 9:59:59 AM

---

我并不反对以不同的方式执行此操作，但我正在尝试理解为什么cmdlet在脚本中没有像我预期的那样工作。有什么建议吗？谢谢

感谢您的投入；我想出了解决这个问题的办法。指纹还有其他被返回的隐藏字符，当它被转储到文本文件中时，我可以使用Notepad++查看输出。要解决此问题，最简单的方法是保留指纹并删除其余指纹，通过对脚本进行以下调整来完成：

# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrintString = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrintString
$thumbPrintString = $thumbPrintString.Replace(" ", "")
$thumbPrintString = $thumbPrintString.Replace("'", "")
$thumbPrintString = $thumbPrintString.Replace("`n", "")
$thumbPrintLength = $thumbPrintString.length
$thumbPrint = $thumbPrintString.Substring(0,40)

结果给了我一个干净的指纹，然后在运行Get-ChildItem Cert:\-Recurse命令时给了我所需的输出。它现在会发送一封格式化的电子邮件，列出即将过期的证书：

The following event has triggered on ADFS-01: 
 ---------------------------------------------- 

FriendlyName : DC-WC-Cert-2016-2019
Thumbprint   : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList  : {*.contoso.com, contoso.com}
PSPath       : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore    : 3/4/2016 11:00:00 AM
NotAfter     : 6/4/2019 9:59:59 AM

Please look into this issue as soon as possible. This task will repeat ever 12 hours until resolved.

---

你在用什么编写脚本，ISE？调试会很快得到答案。使用编辑器VSCode/PowerShell ISE执行此操作。