Try/Catch not working for Imported Cmdlets via Implicit Remoting

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Robbie Courtney Robbie Courtney 2 months, 3 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #46159
    Profile photo of Robbie Courtney
    Robbie Courtney
    Participant

    I have an issue when using the try/catch block with the ActiveDirectory module thats imported via Implicit Remoting does not use the catch block when an error occurs. This works perfectly when using the local ActiveDirectory module thats supplied via the RSAT tools. Below is an example of this

    The Code:

    # Setting up implicit remoting, import ActiveDirectory module with Prefix "RPC"
    $ComputerName = "ADominController"
    $session = New-PSSession -ComputerName $ComputerName
    Invoke-Command -Session $session -ScriptBlock {Import-Module activedirectory}
    Import-PSSession -Session $session -Module activedirectory -Prefix "RPC"
    
    # Config info
    $userList = Import-Csv "C:\Test\ImportUserAccounts.csv"
    $AccountPassword = (ConvertTo-SecureString "SomePassword" -AsPlainText -Force)
    $OUpath = "OU=Users,OU=Test,DC=Example,DC=Local"
    
    # Testing local ActiveDirectory module with Try/Catch block
    Write-Output "This is using the ActiveDirectory module on this computer from the RSAT tools"
    
    foreach($u in $userList)
    {
        
        try
        {                              
           new-ADuser  -Name $u.Name `
                       -DisplayName $u.DisplayName `
                       -SamAccountName $u.SamAccountName `
                       -UserPrincipalName $u.UPN `
                       -Description $u.Description `
                       -AccountPassword $AccountPassword `
                       -Enabled $TRUE `
                       -Path $OUpath `
                       -ErrorAction Stop       
        }
        catch
        {
            Write-Warning "An error has occured, check the error log for errors"
           
        }            
    }
    
    # Testing ActiveDirectory module with Try/Catch block from imported Cmdlets (Implicit Remoting)
    Write-Output "This is  using the ActiveDirectory module via Implicit Remoting imported from a Domain Controller"
    
    foreach($u in $userList)
    {
        
        try
        {                              
           New-RPCADUser  -Name $u.Name `
                       -DisplayName $u.DisplayName `
                       -SamAccountName $u.SamAccountName `
                       -UserPrincipalName $u.UPN `
                       -Description $u.Description `
                       -AccountPassword $AccountPassword `
                       -Enabled $TRUE `
                       -Path $OUpath `
                       -ErrorAction Stop     
        }
        catch
        {
            Write-Warning "An error has occured, check the error log for errors"
           
        }            
    }
    

    The Results:

    This is using the ActiveDirectory module on this computer from the RSAT tools
    
    WARNING: An error has occured, check the error log for errors
    WARNING: An error has occured, check the error log for errors
    WARNING: An error has occured, check the error log for errors
    WARNING: An error has occured, check the error log for errors
    
    This is  using the ActiveDirectory module via Implicit Remoting imported from a Domain Controller
    
    The specified account already exists
        + CategoryInfo          : ResourceExists: (CN=testaccount1...:String) [New-ADUser], ADIdentityAlreadyExistsException
        + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
        + PSComputerName        : dc1
     
    The specified account already exists
        + CategoryInfo          : ResourceExists: (CN=testaccount2...,:String) [New-ADUser], ADIdentityAlreadyExistsException
        + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
        + PSComputerName        : dc1
     
    The specified account already exists
        + CategoryInfo          : ResourceExists: (CN=testaccount3...,:String) [New-ADUser], ADIdentityAlreadyExistsException
        + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
        + PSComputerName        : dc1
     
    The specified account already exists
        + CategoryInfo          : ResourceExists: (CN=testaccount4...:String) [New-ADUser], ADIdentityAlreadyExistsException
        + FullyQualifiedErrorId : The specified account already exists,Microsoft.ActiveDirectory.Management.Commands.NewADUser
        + PSComputerName        : dc1
    
    #46184
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant

    When you use the module via Implicit Remoting the execution of the command is not local so while the command does return an exception the remote execution was successful. Because of this what is a terminating error locally is no longer a terminating error via the pssession.
    try this

    $erroractionpreference = "Stop"
    foreach($u in $userList)
    {
        
        try
        {                              
           New-RPCADUser  -Name $u.Name `
                       -DisplayName $u.DisplayName `
                       -SamAccountName $u.SamAccountName `
                       -UserPrincipalName $u.UPN `
                       -Description $u.Description `
                       -AccountPassword $AccountPassword `
                       -Enabled $TRUE `
                       -Path $OUpath `
                       -ErrorAction Stop     
        }
        catch
        {
            Write-Warning "An error has occured, check the error log for errors"
           
        }            
    }
    
    #46276
    Profile photo of Robbie Courtney
    Robbie Courtney
    Participant

    Thanks for the tip.

    In case someone else runs into this I was able to get it to work by using the Global error action preference variable and changing it to stop. And then of course changing it back to continue right after that foreach loop or using a finally block

    Works.

    $Global:ErrorActionPreference = "Stop"
    

    It must have something to do with the scope of the error...? Since the error is actually remotely generated... but either way this is a workaround.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.