locked
Need to modify this script to continue on error RRS feed

  • Question

  • Get-ADUser -filter * -SearchBase 'ou path' -Properties HomeDirectory| ForEach-Object{ $homedir=$_.HomeDirectory $_|Get-ADPrincipalGroupMembership | select-object -Property name,GroupCategory | Out-File -width 80 $homedir\GroupMembership.txt }

    Do I add {continue} to the end, or to the out-file pipe which will be where the error will likely occur?


    Wednesday, July 20, 2016 3:52 PM

Answers

  • Here's a version that's more tolerant of various errors:


    $params = @{
      "Filter" = { samAccountName -like "*" }
      "SearchBase" = "<enter your search base>"
      "Properties" = "homeDirectory","memberOf"
    }
    $users = Get-ADUser @params
    foreach ( $user in $users)  {
      $dn = $user.DistinguishedName
      $homeDir = $user.homeDirectory
      if ( $homeDir ) {
        if ( Test-Path -LiteralPath $homeDir ) {
          $user.memberOf | ForEach-Object {
            Get-ADGroup $_ | Select-object Name,GroupCategory
          } | Export-Csv (Join-Path $homeDir "GroupMembership.csv") -NoTypeInformation
        }
        else {
          Write-Warning "User '$dn' homeDirectory '$homeDir' does not exist'"
        }
      }
      else {
        Write-Warning "User '$dn' does not have homeDirectory attribute set"
      }
    }
    

    This does not use Get-ADPrincipalGroupMembership because that cmdlet errors out when user names contain certain characters (it shouldn't, but it does). It also doesn't list the primary group in the group membership, but in practice this shouldn't be much of a limitation (this should normally be set to Domain Users and not changed).


    -- Bill Stewart [Bill_Stewart]



    • Edited by Bill_Stewart Wednesday, July 20, 2016 9:28 PM
    • Proposed as answer by Bill_Stewart Monday, July 25, 2016 3:13 PM
    • Marked as answer by tj cooper Monday, July 25, 2016 5:14 PM
    Wednesday, July 20, 2016 9:23 PM

All replies

  • There was an account that had the incorrect home folder path, which stopped the loop.

    I want to overwrite the file, its a list of group memberships and should be current.

    Wednesday, July 20, 2016 5:51 PM
  • There was an account that had the incorrect home folder path, which stopped the loop.

    I want to overwrite the file, its a list of group memberships and should be current.


    Not an answer to your question.  Yu are just avoiding the issue.  THe file will also end up with only one group and will be missing data.

    \_(ツ)_/

    Wednesday, July 20, 2016 6:21 PM
  • The file has all the groups and whether they are security or distribution.

    Its working, with the exception of error handling.

    Wednesday, July 20, 2016 6:23 PM
  • First you have to define what the error is.


    \_(ツ)_/

    Wednesday, July 20, 2016 6:30 PM
  • Its returning an error when it tries to output a file to a path that doesnt exist.

    I was hoping I could use { return; } or something. I wasn't sure where it would go.

    Wednesday, July 20, 2016 8:40 PM
  • Here's a version that's more tolerant of various errors:


    $params = @{
      "Filter" = { samAccountName -like "*" }
      "SearchBase" = "<enter your search base>"
      "Properties" = "homeDirectory","memberOf"
    }
    $users = Get-ADUser @params
    foreach ( $user in $users)  {
      $dn = $user.DistinguishedName
      $homeDir = $user.homeDirectory
      if ( $homeDir ) {
        if ( Test-Path -LiteralPath $homeDir ) {
          $user.memberOf | ForEach-Object {
            Get-ADGroup $_ | Select-object Name,GroupCategory
          } | Export-Csv (Join-Path $homeDir "GroupMembership.csv") -NoTypeInformation
        }
        else {
          Write-Warning "User '$dn' homeDirectory '$homeDir' does not exist'"
        }
      }
      else {
        Write-Warning "User '$dn' does not have homeDirectory attribute set"
      }
    }
    

    This does not use Get-ADPrincipalGroupMembership because that cmdlet errors out when user names contain certain characters (it shouldn't, but it does). It also doesn't list the primary group in the group membership, but in practice this shouldn't be much of a limitation (this should normally be set to Domain Users and not changed).


    -- Bill Stewart [Bill_Stewart]



    • Edited by Bill_Stewart Wednesday, July 20, 2016 9:28 PM
    • Proposed as answer by Bill_Stewart Monday, July 25, 2016 3:13 PM
    • Marked as answer by tj cooper Monday, July 25, 2016 5:14 PM
    Wednesday, July 20, 2016 9:23 PM
  • Thank you, I will take a look at it. I see you have a test for path. 
    Monday, July 25, 2016 5:15 PM