none
Error handling in powershell

    Dotaz

  • So i've written a simple powershell script which reads two columns from a csv file (department name and associated distribution list group name) and then searches AD for users with that department and adds them to the relevent group.

    This works fine the first time i run it. But then for subsequent runs, it goes through, finds the first user in AD matching the department and then errors saying the user is a member of the group already and goes onto the next group - so i can't add new people without first removing everyone from that group.

    any help to get around this issue would be appreciated...script below..


    #Import the ActiveDirectory module for powershell
    import-module ActiveDirectory

    #Imports data from CSV file containing department names and group names

    import-csv c:\dldata.csv | foreach {

    #Adds users to group based on attributes
    $dept = $_.DeptName
    $user = Get-ADUser -filter {Department -like $dept}

    $DistGroup = $_.DistListName
    $group = Get-AdGroup $DistGroup

    Add-ADGroupMember $group -member $user
    }


    Denis Cooper MCITP EA - MCT

    21. března 2012 21:40

Odpovědi

  • Won't Get-ADUser return a collection of users? Since you have PowerShell V2, you can use a Try/Catch to handle the possible error if any user is already a member of the group. You could also check first if the user is a member, before attempting to use Add-ADGroupMember.

    I would code for the possibility that several users have the specified department. For example (not tested):

    #Import the ActiveDirectory module for powershell
    import-module ActiveDirectory
     
    #Imports data from CSV file containing department names and group names
     
    import-csv c:\dldata.csv | foreach {
        #Adds users to group based on attributes
        $dept = $_.DeptName
        $DistGroup = $_.DistListName
        $group = Get-AdGroup $DistGroup
        $users = Get-ADUser -filter {Department -like $dept}
        ForEach ($User In $Users)
        {
            Try {Add-ADGroupMember $group -member $user}
            Catch {# User must already be a member}
        }
    }

    -----



    Richard Mueller - MVP Directory Services

    21. března 2012 22:16
    Moderátor

Všechny reakce

  • $user is all users that match not just one user.

    It will probably break teh grou unless you use 'AddRange'


    ¯\_(ツ)_/¯

    21. března 2012 22:15
  • Won't Get-ADUser return a collection of users? Since you have PowerShell V2, you can use a Try/Catch to handle the possible error if any user is already a member of the group. You could also check first if the user is a member, before attempting to use Add-ADGroupMember.

    I would code for the possibility that several users have the specified department. For example (not tested):

    #Import the ActiveDirectory module for powershell
    import-module ActiveDirectory
     
    #Imports data from CSV file containing department names and group names
     
    import-csv c:\dldata.csv | foreach {
        #Adds users to group based on attributes
        $dept = $_.DeptName
        $DistGroup = $_.DistListName
        $group = Get-AdGroup $DistGroup
        $users = Get-ADUser -filter {Department -like $dept}
        ForEach ($User In $Users)
        {
            Try {Add-ADGroupMember $group -member $user}
            Catch {# User must already be a member}
        }
    }

    -----



    Richard Mueller - MVP Directory Services

    21. března 2012 22:16
    Moderátor
  • Generally I would check before attempting to write anything to AD on the off-chance that something goes wrong. Maybe I am overly cautious but I would prefer an if-statement here. So the command would like:

        {
             $checkmembership = $false        
             $user.memberof | foreach-object {if ($_ -eq $group) { $checkmembership = $true } }
            if ($checkmembership) { add-adgroupmember $group -member $user }
        }


    22. března 2012 7:37
    Moderátor
  • Jaap, I agree completely. I check membership all the time in PowerShell V1 before attempting to add (or remove). PowerShell V2 doesn't seem to have a good method to check. Your solution is interesting, but shouldn't you invoke Add-ADGroupMember only if $checkmembership is $False?


    Richard Mueller - MVP Directory Services

    22. března 2012 13:56
    Moderátor