Error trapping when getting AD objects

How many times have you done this:

£> Get-ADComputer -Identity “bleh”
Get-ADComputer : Cannot find an object with identity: ‘bleh’ under: ‘DC=Manticore,DC=org’.
At line:1 char:1
+ Get-ADComputer -Identity “bleh”
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

Its the same with all of the AD cmdlets – if the object isn’t found you get an error thrown. That’s OK when working interactively but can wreck you script execution – you don’t want to come to work in the morning to find that you script failed on the fifth of fifty (or five hundred) computers.

Your first though might be to use the –ErrorAction parameter:

£> Get-ADComputer -Identity “bleh” -ErrorAction SilentlyContinue
Get-ADComputer : Cannot find an object with identity: ‘bleh’ under: ‘DC=Manticore,DC=org’.
At line:1 char:1
+ Get-ADComputer -Identity “bleh” -ErrorAction SilentlyContinue
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

£> Get-ADComputer -Identity “bleh” -ErrorAction Ignore
Get-ADComputer : Cannot find an object with identity: ‘bleh’ under: ‘DC=Manticore,DC=org’.
At line:1 char:1
+ Get-ADComputer -Identity “bleh” -ErrorAction Ignore
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

Neither SilentlyContinue or Ignore will work – the default is Continue.

You can use the $ErrorActionPreference variable:

£> $ErrorActionPreference = ‘SilentlyContinue’
£> Get-ADComputer -Identity “bleh”
£> $ErrorActionPreference = ‘Continue’

Set the variable to SilentlyContinue, run your command and then remember to set it back!

Another way is to use a try-catch block:

try {
Get-ADComputer -Identity “bleh”
}
catch {}

You can put any code needed to handle the object not been found into the catch block.

The catch works because it will pick up ANY exceptions.  You can use the specific exception if you need to possibly handle other errors.

try {
Get-ADComputer -Identity “bleh”
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Warning “AD computer object not found”
}
catch {}

The trick with using multiple catch blocks is to always ensure that the exceptions start with the most specific and work down to the most generic.  In this case the Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException exception comes first – its what Get-ADComputer uses when it can’t find the object.  If you’re wondering where that information comes from look at the first error message in the post – the exception has been highlighted.

The final catch block will catch any other exceptions that come through.

This entry was posted in PowerShell and Active Directory, Powershell Basics. Bookmark the permalink.

One Response to Error trapping when getting AD objects

  1. LW says:

    Cheers for this! Exactly what I was looking for

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s