时间戳

首页 > 解决方案 > 如何编写以托管 Powershell 中每个循环的唯一结果列表?

powershell - 如何编写以托管 Powershell 中每个循环的唯一结果列表?

问题描述

在下面的代码中,我得到了一个重复值列表。我试图为每个重复的行只有一行,不同的。

这是代码:

# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *

# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-1)

# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.HostName  -after $startDate -InstanceId 4624 | where {$_.ReplacementStrings[5].ToLower() -eq "administrator"}

# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

  foreach ($e in $slogonevents){            
    if ($e.EventID -eq 4624 -and $e.ReplacementStrings[8] -In 3..10){            
      if([ipaddress]::TryParse($e.ReplacementStrings[18],[ref][ipaddress]::Loopback))
      {
        $type = $e.ReplacementStrings[8]
        $ip = $e.ReplacementStrings[18]
        $hostname=([system.net.dns]::GetHostByAddress($ip)).HostName

        write-host "Type:" $type "`tIP Address: " $ip  "`tHost Name: " $hostname             
      }
    }
  }
} Get-Unique #this does not work, also tried Unique

我得到类似于以下的输出“

Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD

我想得到:

Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH

标签: powershell

解决方案

我认为您没有获得唯一值的原因是您foreachUnique. 基本上在它知道是什么之前把它们写出来unique

我要做的是创建一个PSCustomObject并在你的foreach. 这将允许您稍后使用| Select -Unique

# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *

# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-1)

# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security  -after $startDate -InstanceId 4624 | where {$_.ReplacementStrings[5].ToLower() -eq "administrator"}

# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

  foreach ($e in $slogonevents){  
     $report = @() 
    if ($e.EventID -eq 4624 -and $e.ReplacementStrings[8] -In 3..10){            
      if([ipaddress]::TryParse($e.ReplacementStrings[18],[ref][ipaddress]::Loopback))
      {
        $object = New-Object PSCustomObject -Property @{
            type = $e.ReplacementStrings[8]
            ip = $e.ReplacementStrings[18]
            hostname=([system.net.dns]::GetHostByAddress($($e.ReplacementStrings[18]))).HostName        
        }
        $report += $object
      }
    }
  }
}
$report | select -Unique

推荐阅读