Author Posts

March 30, 2017 at 1:47 am

I need assistance on creating a regex to differentiate between a Domain and local account. I have the following in my code

$computer = 'servername'
$dom-regexp = "^WinNT://(?\w+)/(?.+)"
$loc-regexp = "^WinNT://\w+/$computer/(?\w+)"

#input strings are as follows:
$dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
$loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)

$loc -match $dom-regexp returns as true because of /.+ in the regex which is not valid data.  I tried playing with assertions but no luck yet.

$matches returns:
Name                           Value
----                           -----
ADObject                       servername/ConfigMgr
Domain                         DOMAIN
0                              WinNT://DOMAIN/servername/ConfigMgr

Local object matches works fine but if the regex could be improved it will be greatly appreciated.

March 30, 2017 at 12:11 pm

Couldn't you either just count the number of backslashes? Or do a -split on the backslash, and then look and see how many pieces you get?

March 30, 2017 at 1:00 pm

Thank you Don. I will give that a try and extract/capture the last string for the User or Group name.

March 30, 2017 at 1:05 pm

How about just using the local regex pattern and using the -notmatch operator?

$computer = 'servername'
$locregexp = "^WinNT://\w+/$computer/(\w+)"

#input strings are as follows:
$dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
$loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)

$loc -match $locregexp
$dom -notmatch $locregexp

True
True

March 30, 2017 at 1:30 pm

Thank you Curtis. My apologies for not providing a clearer picture of my problem but that also will provide me with false positive. I am essentially querying servers based on groups provided during runtime. I will get a list of memberof the group. Which I then need to differentiate between local accounts and domain accounts and extract the local username or ADObject. Once I have this information I query the respective source for that user/group (local or domain).

Your regex works but it will also produce false positive with BuiltIN accounts.

$locregexp = "^WinNT://\w+/$computer/(?\w+)"
$buiregexp = "^WinNT://BUILTIN/(?.+)"
$othregexp ="^WinNT://NT.*/(?.+)"
$domregexp = "^WinNT://(?\w+)/(?.+)"

March 31, 2017 at 8:50 pm

Ok what about using ConfigMgr as your anchor?

$computer = 'servername'
$domregexp = "^WinNT://(\w+)/ConfigMgr"
$locregexp = "^WinNT://\w+/$computer/ConfigMgr"

$dom = "WinNT://Domain/ConfigMgr" #(represents a domain object)
$loc = "WinNT://Domain/$computer/ConfigMgr" #(represents a local object on server)

$dom -match $domregexp
$loc -match $domregexp

Results

True
False