How to use parameter passing by pipeline in PowerShell?

A

Alexander2017-03-28 17:01:57

PowerShell

Alexander, 2017-03-28 17:01:57

Have a nice day.
I am writing a small cmdlet for myself that will request certificates on behalf of the user (On Behalf Of) from an AD CS CA. I want to implement the functionality of passing the "username" parameter to it through the pipeline using the ADUser object, while retaining the ability to specify a simple username as a string.
Now it's done like this:

function Enroll-OnBehalfOf() {
    [CmdLetBinding()]
    Param (
        [Parameter(Position=0)][string]$Identity,
        [Parameter(ValueFromPipeline)][Microsoft.ActiveDirectory.Management.ADUser]$Users,
        [ValidateSet('OnBehalfofDirectumUserSignatureandEncrypt2003')][Parameter(Mandatory=$True)][string]$TemplateName
    )

    PROCESS {
        if ($Identity.Length -eq 0) {
            $SamAccountName = $Users.SamAccountName
        } else {
            $SamAccountName = $Identity
        }
        # Получаем объект сертификата Request Agent, который нужно предварительно себе выдать (шаблон "Агент подачи заявок" или "Enrollment Agent")
        $signer = New-Object -ComObject X509Enrollment.CSignerCertificate
        $cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where-Object {$_.Extensions | Where-Object {($_.Oid.Value -eq "2.5.29.37") -and ($_.EnhancedKeyUsages["1.3.6.1.4.1.311.20.2.1"])}}
        # Справка по Intialize https://msdn.microsoft.com/en-us/library/aa377669(v=vs.85).aspx
        if ($cert) {
            $signer.Initialize(0, 0, 0xc, $cert.Thumbprint)
        } else {
            Write-Host "У вас нет сертификата 'Агента подачи заявок'"
            break
        }

        # Создаем запрос нового сертификата
        $pkcs10 = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
        # Используем шаблон "OnBehalfofDirectumUserSignatureandEncrypt2003"
        $pkcs10.InitializeFromTemplateName(0x1, $TemplateName)
        $pkcs10.Encode()

        # Упаковка в PKCS7 (судя по всему, от имени можно запросить только так)
        $pkcs7 = New-Object -ComObject X509enrollment.CX509CertificateRequestPkcs7
        $pkcs7.InitializeFromInnerRequest($pkcs10)
        $pkcs7.RequesterName = "$env:USERDOMAIN\$($SamAccountName)"
        $pkcs7.SignerCertificate = $signer

        $Request = New-Object -ComObject X509Enrollment.CX509Enrollment
        $Request.InitializeFromRequest($pkcs7)
        $Request.Enroll()
    }
}

It works as it should, but I want to leave one Identity parameter, but so that it can accept ADUser objects and refuse the piece:

if ($Identity.Length -eq 0) {
            $SamAccountName = $Users.SamAccountName
        } else {
            $SamAccountName = $Identity
        }

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Anatoly, 2017-04-11
@rbobot

[CmdLetBinding()]
Param (
    [Parameter(Position = 0)][string]$Identity = $User.Name,
    [Parameter(ValueFromPipeline, Mandatory)]$User
)

Write-Output $Identity

Conclusion:

PS C:\> $User = @{}
PS C:\> $User.Name = 'Hal9000'
PS C:\> C:\Temp\test.ps1 -User $User
Hal9000