If statement not working showing correct results in foreach array

Question

I created a foreach loop with a if..else statement which should check whether a variable is null/empty or not. Everything seems to work fine. However, the results returned all have one outcome despite some variables being empty and some other not.

I tried using different bits within the if..else statement such as

if ([string]::IsNullOrWhiteSpace($password))

or

if ($password -eq $null)

or

if ($password.length -gt 2)

but I had no luck whatsoever.

I started working on this to find quickly which computers didn't have LAPS working to investigate why. The issue is fixed but this script is still bugging me as I can't understand what I am doing wrong.

This is my code, tried to use both the ms-mcs-admpwd attribute and the LAPS built-in get-admpwd, no difference.

$computers = Get-ADComputer -Filter * -SearchBase $OU -Properties * |
             Select-Object Name, ms-mcs-admpwd

foreach ($computer in $computers) {
    $password = Get-ADComputer $computer.Name -Properties * |
                Select ms-mcs-admpwd

    if ($password) {
        Write-Host "LAPS password on $computer present"
    } else {
        Write-Host "LAPS password on $computer not present"
    }

    Write-Host $password
    Write-Host " "
}

This is the outcome:

LAPS password on @{Name=Computer1; ms-mcs-admpwd=} present
@{ms-mcs-admpwd=}
LAPS password on @{Name=Computer2; ms-mcs-admpwd=8CG1]8,q.j} present
@{ms-mcs-admpwd=8CG1]8,q.j}
LAPS password on @{Name=Computer3; ms-mcs-admpwd=P2v94d+05q} present
@{ms-mcs-admpwd=P2v94d+05q}
LAPS password on @{Name=Computer4; ms-mcs-admpwd=} present
@{ms-mcs-admpwd=}

As you can see Computer1 and Computer4 have no ms-mcs-admpwd attribute, yet the outcome is the same as Computer2 and Computer3.

The object in the variable `$computer` already has the `ms-mcs-admpwd` attribute, so there's no need to do *another* AD query for each computer. Use `$password = $computer.'ms-mcs-admpwd'` or `$password = $computer | Select-Object -Expand ms-mcs-admpwd` to assign just the value of that attribute to the variable. — Ansgar Wiechers, Jan 26 '19 at 12:51

score 0 · Accepted Answer · edited Jan 26 '19 at 14:24

0

Get-ADComputer $computer.name -Properties * | Select ms-mcs-admpwd

is returning an object not the string that I think you're looking for. You need $password.'ms-mcs-admpwd'

If($password.'ms-mcs-admpwd')
    {write-host "LAPS password on $computer present"}

Else {Write-host "LAPS password on $computer not present"}

Write-host $password.'ms-mcs-admpwd'

edited Jan 26 '19 at 14:24

mklement0

382,024
64
607
775

answered Jan 25 '19 at 21:05

Justin Cooksey

311
2
5

It makes sense - thanks for the explanation Justin! – Mjago Jan 25 '19 at 21:36
1

Note that for dot-access to work you MUST put the property name in quotes if it contains hyphens or other special characters: `$password.'ms-mcs-admpwd'`. – Ansgar Wiechers Jan 26 '19 at 12:48

score 0 · Answer 2 · answered Jan 25 '19 at 21:06

Your issue is the $password variable is not null, empty, or false so it will always be evaluated as true. For the code as written you'll want to change the evaluation to:

If($password.'ms-mcs-admpwd')
{write-host "LAPS password on $computer present"}

In addition running Get-ADComputer twice is unneeded since the $computers variable already has the information you need.

If statement not working showing correct results in foreach array

2 Answers2