regex for a string occuring between a known string and first close bracket

Question

I'm attempting to regex some strings that occurs between a pair of markers. Can't seem to figure it out, or even find a relevant article about it.

Any help would be appreciated, even just a link to something pointing in the right direction / concept i'm missing.

Thanks

"$pwdLastSet" should be string starting after "(pwdLastSet=" and end before the first close parenthesis

and the same idea for "$status" but should start after "(status=" and end before before the first close parenthesis

eg.

$pwdLastSet = '2011-10-17 23:06'

$status     = 'Enabled'

non-working code

# from impacket secretsdump.py outputfile
$testString = 'domain.name\user01:xxxx:yyyyyyyyyyyyyyyy:zzzzzzzzzzzzzzzzzzz::: (pwdLastSet=2011-10-17 23:06) (status=Enabled)'
Write-Host $testString

# https://learn.microsoft.com/en-us/dotnet/api/system.text.regularexpressions.regex
$pwdLastSet = (([regex]::Match( $testString , '(pwdLastSet=)(.*)(\)){1}')).Groups | Where-Object -FilterScript {$PSItem.Name -eq 2}).Value
$status     = (([regex]::Match( $testString , '(status=)(.*)(\)){1}')).Groups | Where-Object -FilterScript {$PSItem.Name -eq 2}).Value


Write-Host
Write-Host "pwdLastSet: $pwdLastSet"
Write-Host "status:     $status"
Write-Host

results

pwdLastSet: 2011-10-17 23:06) (status=Enabled
status:     Enabled

Answer 1

Add a question mark to the * in (pwdLastSet=)(.*)(\)){1} to make it non-greedy, meaning it will stop at the first closing bracket it finds, not the last one. So now you have (pwdLastSet=)(.*?)(\)){1}