Exception Handling with AD PowerShell

Welcome Forums General PowerShell Q&A Exception Handling with AD PowerShell

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
1 month ago.

  • Author
    Posts
  • #123072

    Inactive
    Points: 0
    Rank: Member

    Hey Folks,

    I am building a PowerShell script to create AD Groups (Global and DomainLocal) by Importing their names from a Csv file.
    I am having a hard time handling exceptions that will be generated in case Groups already exist.
    What I want to achieve is if the Groups do not exist by the name in Csv then PS should create them and show message "Groups have been created" and if they already exist then it should display "Groups already exist" line by line so that if one exists and the other one doesn't then it should display the corresponding message.

    What is happening is that PS doesn't display a message when it has created groups and when exception does occur it displays message only for Global Group not Local.

    Please advise

    Here's the code –

    Try
    {
    New-ADGroup -Name TestGlobal -GroupCategory Security -GroupScope Global -ManagedBy TEMP01 -Description "Owner is TEMP01" -Path (Some OU)
    }
    Catch [Microsoft.ActiveDirectory.Management.ADException]
    {
    if ($_ -like "The specified group already exists")
    {
    Write-Host “***!!! GLOBAL GROUP ALREADY EXISTS !!!***”
    }
    elseif ($_ -eq $null)
    {
    Write-Host " GLOBAL GROUP CREATED SUCCESSFULLY "
    }
    }
    Try
    {
    New-ADGroup -Name TestLocal -GroupCategory Security -GroupScope DomainLocal -ManagedBy TEMP02 -Description "Owner is TEMP02" -Path (Some OU)
    }
    Catch [Microsoft.ActiveDirectory.Management.ADException]
    {
    if ($_ -like "The specified group already exists")
    {
    Write-Host “***!!! LOCAL GROUP ALREADY EXISTS !!!***”
    }
    elseif ($_ -eq $null)
    {
    Write-Host " LOCAL GROUP CREATED SUCCESSFULLY "
    }
    }

  • #123125

    Participant
    Points: 316
    Helping Hand
    Rank: Contributor

    First, please use the pre tags around your code under the text tab and instructions above when posting.

    The issue you are running into is that $_ is an object, not a string, so you need to check the actual message:

    if ($_.Exception.Message -like "The specified group already exists") {...
    

    Another option that I typically use is logic like so:

    $groupName = "Group123"
    
    $group = Get-ADGroup -Filter {Name -eq $groupName}
    
    if (!$group) {
        New-AdGroup...
    }
    
  • #123134

    Participant
    Points: 92
    Rank: Member

    A few suggestions added to your code – and a few assumptions:

    $GroupData = Import-Csv -Path ""
    
    foreach($g in $GroupData)
    {
        Try
        {
            $GroupParam = @{
                Name = $g
                GroupCategory = "Security"
                GroupScope    = "Global"
                ManagedBy     = "TEMP01"
                Description = "Owner is TEMP01"
                Path          = "OU=Groups,DC=domain,DC=com"
                ErrorAction = "Stop" # to ensure errors go to a catch block, set this to Stop
            }
            # use parameter splatting to improve readability
            New-ADGroup @GroupParam
    
            Write-Host "$g GLOBAL GROUP CREATED SUCCESSFULLY "
        }
        Catch [Microsoft.ActiveDirectory.Management.ADException]
        {
            if ($_ -like "The specified group already exists")
            {
                Write-Host “***!!! GLOBAL GROUP ALREADY EXISTS !!!***”
            }
            < # This code only runs if there is an error -- if it succeed, it is never hit elseif ($_ -eq $null) { Write-Host " GLOBAL GROUP CREATED SUCCESSFULLY " } #>
        }
    }
    

    Depending upon the control you have, you could greatly simplify your process with the data included in your csv. For example, if you include GroupScope, ManagedBy, Description, OU — you only need to loop the data 1 time.

You must be logged in to reply to this topic.