多个比较运算符输出错误的结果powershell_Powershell_Comparison Operators

多个比较运算符输出错误的结果powershell

powershell

多个比较运算符输出错误的结果powershell,powershell,comparison-operators,Powershell,Comparison Operators,这是我的剧本： #set the root search path $rootPath = "c:\test\path\" #get a list of all directories and subdirectories in the root path $shares = Get-ChildItem -Path $rootPath -Directory #create empty array to store custom properties later $obj = @() #fo

这是我的剧本：

#set the root search path
$rootPath = "c:\test\path\"

#get a list of all directories and subdirectories in the root path
$shares = Get-ChildItem -Path $rootPath -Directory

#create empty array to store custom properties later
$obj = @()

#for every folder you find.....
foreach ($share in $shares) {

    #finds all security principals for each share on fileserver that has permissions explicitly assigned   
    $notInherited = Get-Acl -Path $share.FullName |  select -ExpandProperty Access | Where-Object {$_.IsInherited -eq $false} 

    #for every security principal that has explicit permissions assigned....
    foreach ($member in $notInherited) {

        #extract the identity of the resource from the IdentityReference field and convert it to a string object
        [string]$identity = $member.IdentityReference

        #test to see if the extracted resource contains a \ anywhere in the name to ensure we're looking for domain objects
        if ($identity -like '*\*') {

        #retrieve the SAM of the resource by splitting the string object at the \ and returning the 1 field
        $samAccountName = $identity.Split('\')[1]

            #filter out all domain related groups like domain admins, domain users, domain controllers, domain computers
            if ($samAccountName -notlike 'Domain*' -or $samAccountName -notlike 'Administrators') {

                #return AD object info for the resource using it's SAM
                $ADObject = Get-ADObject -Filter ('SamAccountName -eq "{0}"' -f $SamAccountName)

                #test to ensure we're only retrieving groups and not users who are explicitly assigned
                if ($ADObject.ObjectClass -eq 'group') {

                    #create a PS object and append it's properties to the empty array created earlier
                    #assign custom fields to the object (FolderName maps to the share name and GroupName maps to name of group that has access to the share)
                    $obj += [pscustomobject] @{
                    'GroupName' = $ADObject.Name
                    'FolderName' = $share.Name
                    }   
                }
            }
        }
    }
}

#output the contents of the object to the console
Write-Output $obj | ft -AutoSize | out-file C:\Scripts\test02.txt

我想知道为什么这一行会产生错误的结果：

if ($samAccountName -notlike 'Domain*' -or $samAccountName -notlike 'Administrators')

我希望输出不包括任何明确添加了“管理员”或以“域”开头的任何组的文件夹。如果我删除第二部分进行测试，以便它只检查“Domain*”，则输出是正确的。我也需要过滤掉管理员组。我遗漏了什么？

您的请求：

if ($samAccountName -notlike 'Domain*' -or $samAccountName notlike 'Administrators')

字面意思是“不像X”或“不像Y”

我想你要找的是：

if (!($samAccountName -like 'Domain*' -or $samAccountName -like 'Administrators'))

{写入主机“是”}

这样，如果$samAccountName类似于'Domain*'-或$samAccountName``类似于'Administrators'，则返回TRUE，然后返回！将其转换为false

因此，如果满足任一条件，则结果为false，并且代码块不会运行。因此，如果用户是域*或用户是管理员，它将不会输出“是”。

尝试-而不是-或

if（$samAccountName-不类似于'domain*'-和$samAccountName-不类似于'Administrators'）

lol失败。我可以发誓我做到了——第一次，它没有起作用……无论如何，这解决了我的问题。谢谢