locked
Test if AD Group exits before creation RRS feed

  • Question

  • Hello

    I have a script where $ErrorActionPrefrence = "stop" so if i encounter any errors i want to break.

    My problem is i need to create an AD Group, but before i create it i want to check if its already created.

    I do this with the following, but because of my $ErrorActionPrefrence i get an error while trying to get the AD object.

    Does anyone have an method that does not cause the cmdlet to throw and error when nothing is found.

    $getGroup = $null

    $getGroup = Get-ADGroup -Identity "CN=TestGroup,OU=MyGroups,DC=testcorp,DC=local" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
     
    if ($getGroup -eq $null){write-output "Create new group"}
    else
    {write-output "Groups exits"}

    Friday, November 7, 2014 1:21 PM

Answers

  • You can use the error to drive the logic using Try/Catch:

    $getGroup = $null
    
    Try {
          Get-ADGroup -Identity "CN=TestGroup,OU=MyGroups,DC=testcorp,DC=local" -WarningAction SilentlyContinue
          write-output "Groups exits"
        }
    
    Catch {
            write-output "Create new group"
           }

    As soon as the Get-ADGroup throws an error, the Try block will be exited and the Catch block invoked.  

    If there are no errors, the Catch block will not run.

    Or, you can use the -Filter parameter instead of -Identity and if the group isn't found it will quietly return $null:

    $getGroup = $null
    
    $getGroup = Get-ADGroup -filter "distinguishedname -eq 'CN=TestGroup,OU=MyGroups,DC=testcorp,DC=local'" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
      
    if ($getGroup -eq $null){write-output "Create new group"}
    else
    {write-output "Groups exits"}


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "



    • Edited by mjolinor Friday, November 7, 2014 2:06 PM
    • Marked as answer by RFalken Friday, November 7, 2014 2:24 PM
    Friday, November 7, 2014 1:47 PM

All replies

  • You can use the error to drive the logic using Try/Catch:

    $getGroup = $null
    
    Try {
          Get-ADGroup -Identity "CN=TestGroup,OU=MyGroups,DC=testcorp,DC=local" -WarningAction SilentlyContinue
          write-output "Groups exits"
        }
    
    Catch {
            write-output "Create new group"
           }

    As soon as the Get-ADGroup throws an error, the Try block will be exited and the Catch block invoked.  

    If there are no errors, the Catch block will not run.

    Or, you can use the -Filter parameter instead of -Identity and if the group isn't found it will quietly return $null:

    $getGroup = $null
    
    $getGroup = Get-ADGroup -filter "distinguishedname -eq 'CN=TestGroup,OU=MyGroups,DC=testcorp,DC=local'" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
      
    if ($getGroup -eq $null){write-output "Create new group"}
    else
    {write-output "Groups exits"}


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "



    • Edited by mjolinor Friday, November 7, 2014 2:06 PM
    • Marked as answer by RFalken Friday, November 7, 2014 2:24 PM
    Friday, November 7, 2014 1:47 PM
  • My experience is:

    When I use  Get-ADGroup -Identity <DistinguishedName>  an exception is thrown if the DN doesnt exist.

    When I use Get-ADGroup -Filter { name -eq "groupname" }   then the result is $null if the group name is not found, but no exception.

    Walter 

    Friday, November 7, 2014 2:23 PM
  • Thanks for the quick answer :) it Works like a charm.

    BR

    René

    Friday, November 7, 2014 2:25 PM
  • You're welcome :) 

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Friday, November 7, 2014 2:26 PM