Regex to Match Domain or Local object

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of Curtis Smith Curtis Smith 2 months, 4 weeks ago.

  • Author
    Posts
  • #67578
    Profile photo of Geraldo Quezada
    Geraldo Quezada
    Participant

    I need assistance on creating a regex to differentiate between a Domain and local account. I have the following in my code

    $computer = 'servername'
    $dom-regexp = "^WinNT://(?\w+)/(?.+)"
    $loc-regexp = "^WinNT://\w+/$computer/(?\w+)"
    
    #input strings are as follows:
    $dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
    $loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)
    
    $loc -match $dom-regexp returns as true because of /.+ in the regex which is not valid data.  I tried playing with assertions but no luck yet.
    
    $matches returns:
    Name                           Value
    ----                           -----
    ADObject                       servername/ConfigMgr
    Domain                         DOMAIN
    0                              WinNT://DOMAIN/servername/ConfigMgr
    

    Local object matches works fine but if the regex could be improved it will be greatly appreciated.

  • #67585
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Couldn't you either just count the number of backslashes? Or do a -split on the backslash, and then look and see how many pieces you get?

  • #67590
    Profile photo of Geraldo Quezada
    Geraldo Quezada
    Participant

    Thank you Don. I will give that a try and extract/capture the last string for the User or Group name.

  • #67591
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    How about just using the local regex pattern and using the -notmatch operator?

    $computer = 'servername'
    $locregexp = "^WinNT://\w+/$computer/(\w+)"
    
    #input strings are as follows:
    $dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
    $loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)
    
    $loc -match $locregexp
    $dom -notmatch $locregexp
    
    True
    True
  • #67593
    Profile photo of Geraldo Quezada
    Geraldo Quezada
    Participant

    Thank you Curtis. My apologies for not providing a clearer picture of my problem but that also will provide me with false positive. I am essentially querying servers based on groups provided during runtime. I will get a list of memberof the group. Which I then need to differentiate between local accounts and domain accounts and extract the local username or ADObject. Once I have this information I query the respective source for that user/group (local or domain).

    Your regex works but it will also produce false positive with BuiltIN accounts.

    $locregexp = "^WinNT://\w+/$computer/(?\w+)"
    $buiregexp = "^WinNT://BUILTIN/(?.+)"
    $othregexp ="^WinNT://NT.*/(?.+)"
    $domregexp = "^WinNT://(?\w+)/(?.+)"

  • #67690
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    Ok what about using ConfigMgr as your anchor?

    $computer = 'servername'
    $domregexp = "^WinNT://(\w+)/ConfigMgr"
    $locregexp = "^WinNT://\w+/$computer/ConfigMgr"
    
    $dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
    $loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)
    
    $dom -match $domregexp
    $loc -match $domregexp

    Results

    True
    False

You must be logged in to reply to this topic.