Get-ChildItem Cert:\ PowerShell 脚本问题

Question

我正在处理的 PowerShell 脚本有一个有趣的问题，它会向我们的小组发送一封电子邮件，让我们知道服务器上的证书何时即将到期。在命令行中，每一行代码都能完美运行，但是当脚本运行时，$bodyMid 变量没有返回 Get-ChildItem 命令的结果。

代码：

# Extract information from Server Event Logs
$eventLog = Get-EventLog -LogName Application -EntryType Warning -Newest 1 -Source AutoEnrollment | Select EventID, MachineName, EntryType, Source, Message
$eventString = Out-String -InputObject $eventLog
$msgLength = $eventString.length
Write-Host "Length:" $msgLength
Write-Host "Message Body: " $eventString

# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrint = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrint
$thumbPrint = $thumbPrint.Replace(" ", "")
$thumbPrint = $thumbPrint.Replace("'", "")
Write-Host "Processed Thumbprint: " $thumbPrint

# Extract the Certificate information from the Server
$certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsNameList, PSPath, NotBefore, NotAfter
$bodyMid = Out-String -InputObject $certInfo
$bodyCount = $bodyMid.length
Write-Host "Mid-Body Count: " $bodyCount
Write-Host "Mid-Body: " $bodyMid

当它运行时，结果如下：

PS C:\Scripts> .\ServiceNotify.ps1
Length: 543
Message Body:

EventID     : 64
MachineName : ADFS-01.contoso.com
EntryType   : Warning
Source      : AutoEnrollment
Message     : The description for Event ID '-2147483584' in Source 'AutoEnrollment' cannot be found.  The local computer may not have the
              necessary registry information or message DLL files to display the message, or you may not have permission to access them.
              The following information is part of the event:'local system', '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'

Thumbprint String:  '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'

Processed Thumbprint:  814d26bbef9430253244e1c7bb5192798bc65d29

Mid-Body Count:  0
Mid-Body:

但是当我在脚本外部分配变量并在 PowerShell 中逐行运行它们时，它会正常工作：

PS C:\Scripts> $thumbPrint = "814D26BBEF9430253244E1C7BB5192798BC65D29"
PS C:\Scripts> $certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsName
List, PSPath, NotBefore, NotAfter
PS C:\Scripts> $bodyMid = Out-String -InputObject $certInfo
PS C:\Scripts> $bodyCount = $bodyMid.length
PS C:\Scripts> Write-Host "Mid-Body Count: " $bodyCount
Mid-Body Count:  352
PS C:\Scripts> Write-Host "Mid-Body: " $bodyMid
Mid-Body:

FriendlyName : DC-WC-Cert-2016-2019
Thumbprint   : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList  : {*.contoso.com, contoso.com}
PSPath       : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore    : 3/4/2016 11:00:00 AM
NotAfter     : 6/4/2019 9:59:59 AM

我不反对以不同的方式执行此操作，但我试图了解为什么 cmdlet 不能像我期望的那样在脚本中工作。有什么建议么？谢谢！

Answer 1

感谢您的意见；我想出了如何解决它。指纹还有其他正在返回的隐藏字符，当它被转储到文本文件时，我可以使用 Notepad++ 查看输出。要解决此问题，最简单的方法是保留指纹并删除其余指纹，通过对脚本进行以下调整来完成：

# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrintString = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrintString
$thumbPrintString = $thumbPrintString.Replace(" ", "")
$thumbPrintString = $thumbPrintString.Replace("'", "")
$thumbPrintString = $thumbPrintString.Replace("`n", "")
$thumbPrintLength = $thumbPrintString.length
$thumbPrint = $thumbPrintString.Substring(0,40)

结果给了我一个干净的指纹，然后在运行 Get-ChildItem Cert:\ -Recurse 命令时给了我所需的输出。它现在会发送一封格式化的电子邮件，列出即将过期的证书：

The following event has triggered on ADFS-01: 
 ---------------------------------------------- 

FriendlyName : DC-WC-Cert-2016-2019
Thumbprint   : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList  : {*.contoso.com, contoso.com}
PSPath       : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore    : 3/4/2016 11:00:00 AM
NotAfter     : 6/4/2019 9:59:59 AM

Please look into this issue as soon as possible. This task will repeat ever 12 hours until resolved.