locked
Continue after error RRS feed

  • Question

  • Hi all,

    I am running few tasks on every user account found previously by some filter. Everything runs find till the moment error occurs . At this point script stops. 

    I tried to play with "ErrorAction" placement, but the result is always the same.

    Please have a look and tell me where is the catch.

    Thanks

    Try
    {
    	ForEach ($User in $ListInactive.SamAccountName) {
    		Disable-ADAccount -Identity $User
    		Set-ADAccountExpiration -Identity $User -TimeSpan 0.0:0:0.0
            Get-ADUser $User | Move-ADObject -TargetPath $DismissedOU -ErrorAction SilentlyContinue
    	}
    }	
    Catch
    {
    	"Error log:" | Out-File $SetUsersInactive -Append -Encoding ASCII
    	$_ | Out-File $SetUsersInactive -Append -Encoding ASCII
        Continue
    }
    

    Monday, October 30, 2017 10:56 AM

All replies

  • Hey

    Please try adding:

    $ErrorActionPreference= 'silentlycontinue'

    At the begging of Your script to overwrite all errors with SilentlyContinue behavior, this should solve Your issues.

    Please remember that this way You wont have any insight in errors that might occur.

    Best Regards

    Martin


    Please remember to mark the replies as an answers if they help. Proposed solutions are delivered as is and with the best of my knowledge, but You use it at Your own risk.

    • Proposed as answer by MartinITPro Monday, October 30, 2017 11:37 AM
    Monday, October 30, 2017 11:37 AM
  • thanks for the reply, but this was one of the first things I tried and script exits anyway and I do receive error output is as usual 
    Monday, October 30, 2017 11:41 AM
  • Could You post error details? 


    Please remember to mark the replies as an answers if they help. Proposed solutions are delivered as is and with the best of my knowledge, but You use it at Your own risk.

    Monday, October 30, 2017 11:59 AM
  • Error log:
    Move-ADObject : Access is denied
    At D:\ScriptTests\ADWeeklyInactive.ps1:125 char:28
    + ... ser $User | Move-ADObject -TargetPath $DismissedOU -ErrorAction Silen ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (CN=USER...=DOMAIN,DC=com:ADUser) [Move-ADObject], UnauthorizedAccessException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
    Monday, October 30, 2017 12:01 PM
  • I would suggest to try capture specific user to variable with get-aduser at the beginning and then try to execute actions on it only if the User is actually found - it might happen that the list You have is outdated so a small if($aduser){} could eliminate these issue. Also if You would have captured User into variable You wouldn't have to do "|" but just simply Move-adobject -identity $aduser ...

    Also we can see that the permission is denied, do You run Your script with administrative powershell? Do Your User account have permissions to perform this kind of move? please try to do it with Active Directory Users and Computers for example on one test User to get to know if that is the issue.

    Please give this solution a try and let me know the output. 

    Please also give a look to this article: 

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/ab0363eb-5803-47be-a724-8e68e0c56e7a/trycatch-not-continuing-after-error?forum=winserverpowershell

    Looks like there are some issues with try-catch, You could not use it and capture errors to variable as it is suggested in this article and later on save them or display on screen.

    Best Regards

    Martin


    Please remember to mark the replies as an answers if they help. Proposed solutions are delivered as is and with the best of my knowledge, but You use it at Your own risk.


    • Edited by MartinITPro Monday, October 30, 2017 12:19 PM adding reference to other similar topic
    Monday, October 30, 2017 12:15 PM
  • - list of users for the procedure is created in the same script - so it is the most current

    - Get_AdUser piped into Move-Adobject solved some minor issues I had with correct info passing to the Move-Adobject

    - script sis supposed to move\change only accounts where executing IT employee is permitted to do so and should skip the ones where the permissions are inadequate (and instead it exits )

    - script is stopping on any type of error (not found, duplicate, permissions... - I really tried every option I was able to imagine)

    Monday, October 30, 2017 12:39 PM
  • so at the end it looks like it ignores ErrorAction anyway, please try to put all of the logic into for or foreach instead of try-catch, maybe that will solve this issue.


    Please remember to mark the replies as an answers if they help. Proposed solutions are delivered as is and with the best of my knowledge, but You use it at Your own risk.

    Monday, October 30, 2017 12:42 PM
  • If you like to catch some error you will have to set "erroraction" to "stop". Otherwise your catch block will not execute.

    You're running 3 or 4 different actions in your try block. You might split up your actions in single try catch blocks to determine what exactly the error causes.


    Best regards (79,108,97,102|%{[char]$_})-join''

    Monday, October 30, 2017 12:56 PM
  • You cannot trap terminating errors.  AD CmdLets will throw terminating errors under many circumstances. "Access Denied" is a terminating error.


    \_(ツ)_/

    Monday, October 30, 2017 1:38 PM
  • completely hands up .....

    i tried to split the block and created TRY <> CATCH of it's own for each command

    Try
    {
    	ForEach ($User in $ListInactive.SamAccountName) {
    		Get-ADUser $User | Move-ADObject -TargetPath $DismissedOU
    	}
    }	
    Catch
    {
    	"Error log:" | Out-File $SetUsersInactive -Append -Encoding ASCII
    	$_ | Out-File $SetUsersInactive -Append -Encoding ASCII
        }

    next I omitted TRY\CATCH and run without trying to trap the errors...

    $ListInactive |  ForEach-Object (Get-ADUser $_.SamAccountName | Move-ADObject -TargetPath $DismissedOU)

    all the same , whenever "terminating error" (@jrv - 10x for the term) occurs, script goes flat

    Monday, October 30, 2017 2:09 PM
  • You cannot trap non-terminating errors without "Stop" and you cannot trap terminating errors in any way.


    \_(ツ)_/

    Monday, October 30, 2017 2:15 PM
  • so basically there is no way to run this script - process what is possible and skip what is not ?

    Monday, October 30, 2017 2:33 PM
  • First you have to set up a OneGet compatible repository.  That takes a few steps and some extra resources.

    This PS Team blog article will explain how to do this:

    https://blogs.msdn.microsoft.com/powershell/2014/05/20/setting-up-an-internal-powershellget-repository/


    \_(ツ)_/

    Monday, October 30, 2017 2:58 PM
  • yet another interesting PS corner...

    the script should run from any computer, so setting up repository does not seem as an option

    Monday, October 30, 2017 3:52 PM
  • another direction- is there any way to check if I have permission over the account I am trying  to process and if not go to the next one ?
    Monday, October 30, 2017 3:54 PM
  • Your question is very convoluted.  Start by just running part of your code.  DO not use Try/Catch and be sure each command works as expected.

    If a single terminating error occurs on a command the command will terminate but the loop wil not terminate.  JUst check the last error for the error condition.

    if(-not $?){
         # an error occurred in last command
    }

    The loop continues.


    \_(ツ)_/

    Monday, October 30, 2017 4:56 PM
  • omitting TRY\CATCH was one of the tries before

    I'll check "$?" 

    anyway for now we solved it by elevating permissions on AD, so the script runs smoothly, but it is just workaround not a solution


    thank you very much
    • Edited by peTerko1 Tuesday, October 31, 2017 10:50 AM
    Tuesday, October 31, 2017 10:49 AM
  • Hi,

    Good to hear that you have solved this issue by yourself. In addition, thanks for sharing your solution in the forum as it would be helpful to anyone who encounters similar issues.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 1, 2017 8:05 AM