I'm running into trouble trying to automate a task on our Domain Controllers using a PowerShell script.
To make a long story short: I wrote a PowerShell script that retrieves the contents of specific attribute in a users account in Active Directory, and performs an action depending on result of some comparisons. It uses the "Get-ADUser" and "Select-Object" cmdlet to retrieve a value, then a "Switch" statement to evaluate and act on some comparisons. However, if no value is retrieved by the 'query', then the switch statement fails to work entirely.
First, I initialize a variable named "$CurrentADValue" and assign it the output of the the Get-ADUser command.
$CurrentADValue = Get-ADUser "first.last" -Properties * | select-object -ExpandProperty altSecurityIdentities
A switch statement then compares the contents of the "$CurrentADValue" variable, and performs an action depending on the results of the comparisons.
Switch ($CurrentADValue) {
$null {Write-OutPut "Doing X." ; Break}
{$CurrentADValue -ne $Expected_Value} {Write-OutPut "Doing X."}
$Expected_Value {Write-OutPut "Doing Y."}
}
My intention was if the field is empty ($null) or an unexpected value, I'd like to do X. If it's an expected value, I'd like to do Y. No biggie.
I ran the script against a user that I know has an empty "altSecurityIdentities" field - Lo and behold, nothing happened. I figured the $CurrentADValue contained something other than null, so I added a quick comparison after the variable initialization to confirm it wasn't (or wasn't) null:
PS C:\Users\Me> @script.ps1
$CurrentADValue = Get-ADUser "first.last" -Properties * | select-object -ExpandProperty altSecurityIdentities
$CurrentADValue -eq $null
True
PS C:\Users\Me>
That threw me for a loop, as my Switch statement should evaluate to True in it's first comparison if it really is $null, but that just wasn't happening!
So, I pulled up PowerShell ISE and wrote a small script to confirm I wasn't crazy:
PS C:\Windows\system32> $CurrentADValue = Get-ADUser "first.last" -Properties * | select-object -ExpandProperty altSecurityIdentities
Write-OutPut "CurrentADValue is:""$CurrentADValue""`n"
Write-Output '$CurrentADValue -eq $null ='($CurrentADValue -eq $null)
Write-Output "Switch output (Below):"
Switch ($CurrentADValue) {
$null {Write-OutPut "`nCurrentADValue is Null 1"}
{$CurrentADValue -eq $null} {Write-OutPut "`nCurrentADValue is Null 2"}
{$CurrentADValue -eq ""} {Write-Output "`nThere is nothing in CurrentADValue"}
{$CurrentADValue -ne $null} {Write-OutPut "`nCurrentADValue is NOT Null"}
}
The output of which is:
CurrentADValue is:""
$CurrentADValue -eq $null =
True
Switch output (Below):
PS C:\Windows\system32>
After some random fuzzing, I added this to the 4th line: If ($CurrentADValue -eq $null) {$CurrentADValue = $null} and ran it again:
PS C:\Windows\system32> $CurrentADValue = Get-ADUser "first.last" -Properties * | select-object -ExpandProperty altSecurityIdentities
Write-OutPut "CurrentADValue is:""$CurrentADValue""`n"
Write-Output '$CurrentADValue -eq $null ='($CurrentADValue -eq $null)
If ($CurrentADValue -eq $null) {$CurrentADValue = $null}
Write-Output "Switch output (Below):"
Switch ($CurrentADValue) {
$null {Write-OutPut "`nCurrentADValue is Null 1"}
{$CurrentADValue -eq $null} {Write-OutPut "`nCurrentADValue is Null 2"}
{$CurrentADValue -eq ""} {Write-Output "`nThere is nothing in CurrentADValue"}
{$CurrentADValue -ne $null} {Write-OutPut "`nCurrentADValue is NOT Null"}
}
CurrentADValue is:""
$CurrentADValue -eq $null =
True
Switch output (Below):
CurrentADValue is Null 1
CurrentADValue is Null 2
PS C:\Windows\system32>
By then, I'd lost my mind.
Can anyone explain this to me? How does the null output of the command, equal null in one comparison statement, but no in the switch statement, unless it's manually assigned $null?
I'm at a loss, and would greatly appreciate some clarification.