多重比较运算符输出错误的结果powershell

Question

这是我的脚本：

#set the root search path
$rootPath = "c:\test\path\"

#get a list of all directories and subdirectories in the root path
$shares = Get-ChildItem -Path $rootPath -Directory

#create empty array to store custom properties later
$obj = @()

#for every folder you find.....
foreach ($share in $shares) {

    #finds all security principals for each share on fileserver that has permissions explicitly assigned   
    $notInherited = Get-Acl -Path $share.FullName |  select -ExpandProperty Access | Where-Object {$_.IsInherited -eq $false} 

    #for every security principal that has explicit permissions assigned....
    foreach ($member in $notInherited) {

        #extract the identity of the resource from the IdentityReference field and convert it to a string object
        [string]$identity = $member.IdentityReference

        #test to see if the extracted resource contains a \ anywhere in the name to ensure we're looking for domain objects
        if ($identity -like '*\*') {

        #retrieve the SAM of the resource by splitting the string object at the \ and returning the 1 field
        $samAccountName = $identity.Split('\')[1]

            #filter out all domain related groups like domain admins, domain users, domain controllers, domain computers
            if ($samAccountName -notlike 'Domain*' -or $samAccountName -notlike 'Administrators') {

                #return AD object info for the resource using it's SAM
                $ADObject = Get-ADObject -Filter ('SamAccountName -eq "{0}"' -f $SamAccountName)

                #test to ensure we're only retrieving groups and not users who are explicitly assigned
                if ($ADObject.ObjectClass -eq 'group') {

                    #create a PS object and append it's properties to the empty array created earlier
                    #assign custom fields to the object (FolderName maps to the share name and GroupName maps to name of group that has access to the share)
                    $obj += [pscustomobject] @{
                    'GroupName' = $ADObject.Name
                    'FolderName' = $share.Name
                    }   
                }
            }
        }
    }
}

#output the contents of the object to the console
Write-Output $obj | ft -AutoSize | out-file C:\Scripts\test02.txt

我想知道为什么这条线会产生错误的结果：

if ($samAccountName -notlike 'Domain*' -or $samAccountName -notlike 'Administrators')

我希望输出不包含任何明确添加了“管理员”或任何以“域”开头的组的文件夹。如果我删除第二半进行测试，以便它只检查“域*”，则输出是正确的。我也需要过滤掉管理员组。我错过了什么？

Answer 1

您的要求：

if ($samAccountName -notlike 'Domain*' -or $samAccountName notlike 'Administrators')

字面意思是“不像 X”或“不像 Y”

我认为您正在寻找的是：

if (!($samAccountName -like 'Domain*' -or $samAccountName -like 'Administrators'))

{ 写主机“是”}

这样，如果 $samAccountName 类似于 'Domain*' - 或 $samAccountName ``-like 'Administrators'，它返回 TRUE，然后 !将其转换为 false。

因此，如果满足任一条件，则结果为 false，并且代码块不会运行。因此，如果用户是域* 或用户是管理员，则不会输出“是”..