Author Posts

July 7, 2016 at 11:57 pm

I have an issue when using the try/catch block with the ActiveDirectory module thats imported via Implicit Remoting does not use the catch block when an error occurs. This works perfectly when using the local ActiveDirectory module thats supplied via the RSAT tools. Below is an example of this

The Code:

# Setting up implicit remoting, import ActiveDirectory module with Prefix "RPC"
$ComputerName = "ADominController"
$session = New-PSSession -ComputerName $ComputerName
Invoke-Command -Session $session -ScriptBlock {Import-Module activedirectory}
Import-PSSession -Session $session -Module activedirectory -Prefix "RPC"

# Config info
$userList = Import-Csv "C:\Test\ImportUserAccounts.csv"
$AccountPassword = (ConvertTo-SecureString "SomePassword" -AsPlainText -Force)
$OUpath = "OU=Users,OU=Test,DC=Example,DC=Local"

# Testing local ActiveDirectory module with Try/Catch block
Write-Output "This is using the ActiveDirectory module on this computer from the RSAT tools"

foreach($u in $userList)
{
    
    try
    {                              
       new-ADuser  -Name $u.Name `
                   -DisplayName $u.DisplayName `
                   -SamAccountName $u.SamAccountName `
                   -UserPrincipalName $u.UPN `
                   -Description $u.Description `
                   -AccountPassword $AccountPassword `
                   -Enabled $TRUE `
                   -Path $OUpath `
                   -ErrorAction Stop       
    }
    catch
    {
        Write-Warning "An error has occured, check the error log for errors"
       
    }            
}

# Testing ActiveDirectory module with Try/Catch block from imported Cmdlets (Implicit Remoting)
Write-Output "This is  using the ActiveDirectory module via Implicit Remoting imported from a Domain Controller"

foreach($u in $userList)
{
    
    try
    {                              
       New-RPCADUser  -Name $u.Name `
                   -DisplayName $u.DisplayName `
                   -SamAccountName $u.SamAccountName `
                   -UserPrincipalName $u.UPN `
                   -Description $u.Description `
                   -AccountPassword $AccountPassword `
                   -Enabled $TRUE `
                   -Path $OUpath `
                   -ErrorAction Stop     
    }
    catch
    {
        Write-Warning "An error has occured, check the error log for errors"
       
    }            
}

The Results:

This is using the ActiveDirectory module on this computer from the RSAT tools

WARNING: An error has occured, check the error log for errors
WARNING: An error has occured, check the error log for errors
WARNING: An error has occured, check the error log for errors
WARNING: An error has occured, check the error log for errors

This is  using the ActiveDirectory module via Implicit Remoting imported from a Domain Controller

The specified account already exists
    + CategoryInfo          : ResourceExists: (CN=testaccount1...:String) [New-ADUser], ADIdentityAlreadyExistsException
    + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
    + PSComputerName        : dc1
 
The specified account already exists
    + CategoryInfo          : ResourceExists: (CN=testaccount2...,:String) [New-ADUser], ADIdentityAlreadyExistsException
    + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
    + PSComputerName        : dc1
 
The specified account already exists
    + CategoryInfo          : ResourceExists: (CN=testaccount3...,:String) [New-ADUser], ADIdentityAlreadyExistsException
    + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
    + PSComputerName        : dc1
 
The specified account already exists
    + CategoryInfo          : ResourceExists: (CN=testaccount4...:String) [New-ADUser], ADIdentityAlreadyExistsException
    + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
    + PSComputerName        : dc1

July 8, 2016 at 10:32 am

When you use the module via Implicit Remoting the execution of the command is not local so while the command does return an exception the remote execution was successful. Because of this what is a terminating error locally is no longer a terminating error via the pssession.
try this

$erroractionpreference = "Stop"
foreach($u in $userList)
{
    
    try
    {                              
       New-RPCADUser  -Name $u.Name `
                   -DisplayName $u.DisplayName `
                   -SamAccountName $u.SamAccountName `
                   -UserPrincipalName $u.UPN `
                   -Description $u.Description `
                   -AccountPassword $AccountPassword `
                   -Enabled $TRUE `
                   -Path $OUpath `
                   -ErrorAction Stop     
    }
    catch
    {
        Write-Warning "An error has occured, check the error log for errors"
       
    }            
}

July 8, 2016 at 5:04 pm

Thanks for the tip.

In case someone else runs into this I was able to get it to work by using the Global error action preference variable and changing it to stop. And then of course changing it back to continue right after that foreach loop or using a finally block

Works.

$Global:ErrorActionPreference = "Stop"

It must have something to do with the scope of the error...? Since the error is actually remotely generated... but either way this is a workaround.