PowerShell Repeatedly calling a function - function

The task at hand is to compare permissions from a source folder with a target folder, and this for all its sub folders. I've already created the function that does this check on one folder, which returns $True or $False.
I would like to know if it's possible to create a function that calls itself to be executed on every sub folder it finds to call Test-ACLequalHC. So that when it blocks or errors out in one of the sub folders, due to permission issues or something else, it can still continue with the others.
Something like a crawler, if that makes sense. Ideally it would be great if it could run in parallel. I read that a Workflow is most suited for this, but I've never used it before.
Unfortunately it's not possible to just do $AllSubFolders = Get-ChildItem -Recurse followed by a foreach, because there are over thousands of files and folders under the root folder. So it needs to be dynamically so that we can do extra stuff on every folder it finds, like say if Test-ACLequalHC results in $False on one folder, we can still call other functions to set the permissions correct or add the result to a CSV.
Permission test:
Function Test-ACLequalHC {
[CmdletBinding(SupportsShouldProcess=$True)]
Param(
[parameter(Mandatory=$true,Position=0)]
[ValidateScript({Test-Path $_})]
[String]$Source,
[parameter(Mandatory=$true,Position=1)]
[ValidateScript({Test-Path $_})]
[String]$Target,
[parameter(Mandatory=$true,Position=2)]
[ValidateSet('Access','Owner','All')]
[String]$Type
)
Begin {
$Props = Switch ($Type) {
'Access' {'Access', 'AreAccessRulesProtected'}
'Owner' {'Owner'}
'All' {'sddl'}
}
}
Process {
$CompParams = #{
Property = $Props
ReferenceObject = Get-Acl $Source #| Sort-Object
DifferenceObject = Get-Acl $Target #| Sort-Object
PassThru = $True
}
$Result = Compare-Object #CompParams
if ($Result -ne $null) {
Write-Output $false
}
else {
Write-Output $True
}
}
}
It would be great if it could check files to, for inheritance and that no extra permissions are added. But I'll add that stuff later on myself if I find out how to make such a crawler thingy that digs its way through the folder structure.
Thank you for your help.


Ok, I think your aversion of doing Get-ChildItem -Recurse is something you're going to need to get over. If you are only looking at directories use the -directory switch for Get-ChildItem. It's a provider level switch so it will speed things up dramatically.
Next, what I think you need to consider is the Ad--Member cmdlet. Something like this:
$Source = C:\GoodFolder
$AllFolders = GCI C:\ -Directory -Recurse
$AllFolders | ForEach{Add-Member -InputObject $_ -NotePropertyName "ACLGood" -NotePropertyValue (Test-ACLequalHC $source $_.fullname all)}
Then you can just filter on that for folders that have issues and address them as needed.
$AllFolders | Where{!$_.ACLGood} | ForEach{ Do stuff to fix it }

Related

New-Item messing up my variable PowerShell [duplicate]

This question already has an answer here:
Powershell Join-Path showing 2 dirs in result instead of 1 - accidental script/function output
(1 answer)
Closed 1 year ago.
I wrote a very simple script to acquire a random free drive letter.
The function finds a random free letter , creates a new empty text file of that drive letter name eg. Q.txt
I then return the value as $new_letter but when it comes out of the function somehow newly file created path is a part of the variable C:\AppPack\Logs\Q.txt Q
Is it something New-Item messing up with my $new_letter variable ?
function get_drive_letter()
{
$letter_acquired = $false
Do
{
$new_letter = Get-ChildItem function:[h-z]: -Name | ForEach-Object { if (!(Test-Path $_)){$_} } | random -Count 1 | ForEach-Object {$_ -replace ':$', ''}
write-host ("RIGHT AFTER " + $new_letter)
if (!(test-path "C:\AppPack\Logs\$new_letter.txt"))
{
New-Item -Path C:\AppPack\Logs\ -Name "$new_letter.txt" -ItemType "file"
write-host ("FROM FUNCTION " + $new_letter)
$letter_acquired = $true
return $new_letter
}
else
{
write-host ("LETTER USED ALREADY")
write-host ($new_letter)
}
}
while($letter_acquired = $false)
}
$drive_letter = $null
$drive_letter = get_drive_letter
write-host ("RIGHT AFTER FUNCTION " + $drive_letter)
OUTPUT :
RIGHT AFTER Q
FROM FUNCTION Q
RIGHT AFTER FUNCTION C:\AppPack\Logs\Q.txt Q

A PowerShell function outputs everything, not just the result of the expression right after return!
The additional file path you see is the output from New-Item ... - it returns a FileInfo object for the file you just created.
You can suppress output by assigning it to the special $null variable:
# Output from New-Item will no longer "bubble up" to the caller
$null = New-Item -Path C:\AppPack\Logs\ -Name "$new_letter.txt" -ItemType "file"
return $new_letter
Or by piping to Out-Null:
New-Item ... |Out-Null
Or by casting the entire pipeline to [void]:
[void](New-Item ...)
Although I recommend explicitly handling unwanted output at the call site, you can also work around this behavior with a hoisting trick.
To demonstrate, consider this dummy function - let's say we "inherit" it from a colleague who didn't always write the most intuitive code:
function Get-RandomSquare {
"unwanted noise"
$randomValue = 1..100 |Get-Random
"more noise"
$square = $randomValue * $randomValue
return $square
}
The function above will output 3 objects - the two garbage strings one-by-one, followed by the result that we're actually interested in:
PS ~> $result = Get-RandomSquare
PS ~> $result
unwanted noise
more noise
6400
Let's say we've been told to make as few modifications as possible, but we really need to suppress the garbage output.
To do so, nest the entire function body in a new scriptblock literal, and then invoke the whole block using the dot-source operator (.) - this forces PowerShell to execute it in the function's local scope, meaning any variable assignments persist:
function Get-RandomSquare {
# suppress all pipeline output
$null = . {
"unwanted noise"
$randomValue = 1..100 |Get-Random
"more noise"
$square = $randomValue
return $square
}
# variables assigned in the block are still available
return $square
}

Powershell not returning correct value

As some background, this should take an excel file, and convert it to PDF (and place the PDF into a temporary folder).
E.g. 'C:\Users\gjacobs\Desktop\test\stock.xlsx'
becomes
'C:\Users\gjacobs\Desktop\test\pdf_merge_tmp\stock.pdf'
However, the new file path does not return correctly.
If I echo the string $export_name from within the function, I can see that it has the correct value: "C:\Users\gjacobs\Desktop\test\pdf_merge_tmp\stock.pdf".
But once $export_name is returned, it has a different (incorrect value): "C:\Users\gjacobs\Desktop\test\pdf_merge_tmp C:\Users\gjacobs\Desktop\test\pdf_merge_tmp\stock.pdf".
function excel_topdf{
param(
$file
)
#Get the parent path
$parent = Split-Path -Path $file
#Get the filename (no ext)
$leaf = (Get-Item $file).Basename
#Add them together.
$export_name = $parent + "\pdf_merge_tmp\" + $leaf + ".pdf"
echo ($export_name) #prints without issue.
#Create tmp dir
New-Item -Path $parent -Name "pdf_merge_tmp" -ItemType "Directory" -Force
$objExcel = New-Object -ComObject excel.application
$objExcel.visible = $false
$workbook = $objExcel.workbooks.open($file, 3)
$workbook.Saved = $true
$xlFixedFormat = “Microsoft.Office.Interop.Excel.xlFixedFormatType” -as [type]
$workbook.ExportAsFixedFormat($xlFixedFormat::xlTypePDF, $export_name)
$objExcel.Workbooks.close()
$objExcel.Quit()
return $export_name
}
$a = excel_topdf -file 'C:\Users\gjacobs\Desktop\test\stock.xlsx'
echo ($a)

The issue you're experiencing is caused by the way how PowerShell returns from functions. It's not something limited to New-Item cmdlet. Every cmdlet which returns anything would cause function output being altered with the value from that cmdlet.
As an example, let's take function with one cmdlet, which returns an object:
function a {
Get-Item -Path .
}
$outputA = a
$outputA
#### RESULT ####
Directory:
Mode LastWriteTime Length Name
---- ------------- ------ ----
d--hs- 12/01/2021 10:47 C:\
If you want to avoid that, these are most popular options (as pointed out by Lasse V. Karlsen in comments):
# Assignment to $null (or any other variable)
$null = Get-Item -Path .
# Piping to Out-Null
Get-Item -Path . | Out-Null
NOTE: The behavior described above doesn't apply to Write-Host:
function b {
Write-Host "bbbbbb"
}
$outputB = b
$outputB
# Nothing displayed
Interesting thread to check if you want to learn more.

powershell add objects via -outvariable +variable in a function

I am running in an imported session window. Not sure if that matters.
I am trying to add a few variable values to an array in a function.
$Session = New-PsSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://emailserver/powershell/" -Authentication Kerberos
Import-PsSession $Session -allowclobber
Add-PsSnapin Microsoft.SharePoint.PowerShell
$group1 = "Accounting"
$group2 = "HR"
function AddUsersToGroups {
Write-output $Group1 -outvariable +Adgroups
Write-output $Group2 -outvariable +Adgroups
}
When I highlight and run the lines from a Powershell ISE they work fine and create the Variable $AdGroups and the combined data is in there.
But when I run the function all I see is the output and no variable gets created.
PS C:\Windows\system32> AddUserToGroups
Group1
Group2
Kinda Stumped. I tried to create a variable $AdGroups = #() as the first line but it fails also.

Not sure exactly what you are trying to achieve, but the AdGroups variable will be available only in the scope of the AddUsersToGroups function.
One way of solving this would be add the script: scope, like below:
Function AddUsersToGroups{
Write-output $Group1 -outvariable +script:Adgroups
Write-output $Group2 -outvariable +script:Adgroups
}
Now you should be able to access $Adgroups outside after the function is called.

Extraneous data returned from Invoke-Command

I'm working with PowerShell to gather data from a list of remote servers which I then turn into a JSON object. Everything is working fine, but I get some really weird output that I can't seem to exclude.
I've tried piping the Invoke-Command results and excluding properties. I've also tried removing the items manually from the returned hash file, but I can't seem to make them go away.
What am I missing?
EDIT:
For the sake of figuring out what's wrong here is a simplified, but still broken, script:
$returnedServer = #{}
$pass = cat "C:\...\securestring.txt" | convertto-securestring
$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "UserName",$pass
$s = #("xx.xxx.xxx.xxx","xx.xxx.xxx.xxx")
foreach($server in $s)
{
$returnedServer.$server += ,(Invoke-Command -ComputerName $server -ScriptBlock
{
1
}-credential $mycred | select -ExcludeProperty PSComputerName,RunSpaceID,PSShowComputerName)
$returnedServer| ConvertTo-Json
Which outputs:
{
"xx.xxx.xxx.xxx": [
{
"value": 1,
"PSComputerName": "xx.xxx.xxx.xxx",
"RunspaceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"PSShowComputerName": xxxx
}
],
"xx.xxx.xxx.xxx": [
{
"value": 1,
"PSComputerName": "xx.xxx.xxx.xxx",
"RunspaceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"",
"PSShowComputerName": xxxx
}
]
}

This post is really old, but I was unable to find an acceptable answer 6 years later, so I wrote my own.
$invokeCommandResults | ForEach-Object {
$_.PSObject.Properties.Remove('PSComputerName')
$_.PSObject.Properties.Remove('RunspaceId')
$_.PSObject.Properties.Remove('PSShowComputerName')
}

You need to use Select-Object to limit the result to just the properties you want to show up in the JSON output:
$returnedServers.$server += ,(Invoke-Command -ComputerName $server -ScriptBlock
{
...$serverHash = various look ups and calculations...
$serverHash
} | select PropertyA, PropertyB, ...)
For a more thorough answer you need to go into far more detail about your "various look ups and calculations" as well as the actual conversion to JSON.

After some testing, it seems the problem is the object type. I was able to get your test script to work by explicitly casting the returned result.
$returnedServer = #{}
$pass = cat "C:\...\securestring.txt" | convertto-securestring
$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "UserName",$pass
$s = #("xx.xxx.xxx.xxx","xx.xxx.xxx.xxx")
foreach($server in $s)
{
$returnedServer.$server += ,[int](Invoke-Command -ComputerName $server -ScriptBlock {1} -credential $mycred)
}
$returnedServer| ConvertTo-Json

You could try this... instead of attempting to exclude extraneous property values, just be specific and "call" or "grab" the one(s) you want.
Quick Code Shortcut Tip! BTW, the Invoke-Command -Computer $server -Scriptbock {command} can be greatly simplified using: icm $server {command}
Now, getting back on track...
Using your original post/example, it appears that you are attempting to utilize one "value" by excluding all other values, i.e. -ExcludeProperty (which it is ultra-frustrating).
Let's start by removing and replacing the only exclusion section:
select -ExcludeProperty PSComputerName,RunSpaceID,PSShowComputerName
And instead, attempt to use one of the following:
1st Method: using the modified original command...
$returnedServer.$server += ,(Invoke-Command -ComputerName $server -ScriptBlock {1}-credential $mycred).value
2nd Method: using the "icm" version...
$returnedServer.$server += ,(icm $server {1} -credential $mycred).value
Essentially, you are "picking out" the value(s) you need (vs. excluding property values, which is, again, pretty frustrating when it does NOT work).
Related Example(s) follows:
Here is a typical system Powershell/WMIC command call:
icm ServerNameGoesHere {Get-CimInstance -ClassName win32_operatingsystem}
But what if I only want the "version" from the object glob:
(icm ServerNameGoesHere {Get-CimInstance -ClassName win32_operatingsystem}).version
But, hold on, now I only want the "lastbootuptime" from the object glob:
(icm ServerNameGoesHere {Get-CimInstance -ClassName win32_operatingsystem}).lastbootuptime
Indecisively, I want to be more flexible:
$a=icm ServerNameGoesHere {Get-CimInstance -ClassName win32_operatingsystem}
$a.version
$a.lastbootuptime
$a.csname
(Makes sense?)
Good luck,
~PhilC

powershell ip address csv file

I am trying to dump the contents of only the live adapters to a csv file, for later importing.
The issue was the usage of $_. below.
$colNicConfigs = Get-WMIObject Win32_NetworkAdapterConfiguration | where { $_.IPEnabled -eq "TRUE" }
#loop over each adapter
foreach ($objNicConfig in $colNicConfigs)
{
$objnic=Get-WMIObject Win32_NetworkAdapter | where {$_.deviceID -eq "$objNicConfig.Index" }
#$strname=$objnicconfig.description.split(":")[0]
#replace strname above when testing against actual server since no dot1q defined on my wks
$strname="MGMT:Something"
$connid=$_.NetworkConnectionID
$ipaddr=$_.IPAddress(0)
$ipsm=$_.IPSubnet(0)
$dg=$_.DefaultIPGateway
}
# create dictionary entries
$report = #()
$report += New-Object psobject -Property #{Name=$strname;ConnID=$connid;IP=$ipaddr;SM=$ipsm;DG=$dg}
$report | export-csv .\nic.csv

Your initial issues are the use of "$underscore" within your foreach loop. If you want to reference properties of the $objNicConfig you will use that in place of the "$underscore". So instead of $connid=$_.networkConnectionID you would use $connid=$objNicConfig.networkConnectionID
Also IpAddress and IPSubnet are not methods they are properties, so dropping the (0) will return the write info. If your NIC has multiple IPs I cannot attest to how this will display as my machine does not, that I'm testing on.
Other things I see is that you will need to nest another foreach loop in there in order to reference both WMI namespaces...so something like:
$colNicConfigs = Get-WMIObject Win32_NetworkAdapterConfiguration | where { $_.IPEnabled -eq "TRUE" }
foreach ($objNicConfig in $colNicConfigs)
{
foreach($objnic in (gwmi win32_networkadapter | where {$_.DeviceID -eq $objNicConfig.Index}))
{
$strName = "MGMT:Something"
$objNicConfig.NetworkConnectionID
$objNicConfig.IpAddress
$objNic.IPSubnet
$objNicConfig.DefaultIPGateway
}
}
The above code is what I used to return info on the NICs of my computer.
Now with the "dictionary entries" section. You will not be able to reference the variables within your foreach loop in the manner of adding a psobject. You are only going to capture the last one found within the foreach loop code. If you want to first collect the information in your foreach loop and then use it later down in your script I would suggest looking at hash tables for this.