Categories

Error trapping when getting AD objects

How many times have you done this:

£> Get-ADComputer -Identity "bleh"
Get-ADComputer : Cannot find an object with identity: 'bleh' under: 'DC=Manticore,DC=org'.
At line:1 char:1
+ Get-ADComputer -Identity "bleh"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

Its the same with all of the AD cmdlets – if the object isn’t found you get an error thrown. That’s OK when working interactively but can wreck you script execution – you don’t want to come to work in the morning to find that you script failed on the fifth of fifty (or five hundred) computers.

Your first though might be to use the –ErrorAction parameter:

£> Get-ADComputer -Identity "bleh" -ErrorAction SilentlyContinue
Get-ADComputer : Cannot find an object with identity: 'bleh' under: 'DC=Manticore,DC=org'.
At line:1 char:1
+ Get-ADComputer -Identity "bleh" -ErrorAction SilentlyContinue
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

£> Get-ADComputer -Identity "bleh" -ErrorAction Ignore
Get-ADComputer : Cannot find an object with identity: 'bleh' under: 'DC=Manticore,DC=org'.
At line:1 char:1
+ Get-ADComputer -Identity "bleh" -ErrorAction Ignore
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (bleh:ADComputer) [Get-ADComputer], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADComputer

Neither SilentlyContinue or Ignore will work – the default is Continue.

You can use the $ErrorActionPreference variable:

£> $ErrorActionPreference = 'SilentlyContinue'
£> Get-ADComputer -Identity "bleh"
£> $ErrorActionPreference = 'Continue'

Set the variable to SilentlyContinue, run your command and then remember to set it back!

Another way is to use a try-catch block:

try {
Get-ADComputer -Identity "bleh"
}
catch {}

You can put any code needed to handle the object not been found into the catch block.

The catch works because it will pick up ANY exceptions.  You can use the specific exception if you need to possibly handle other errors.

try {
Get-ADComputer -Identity "bleh"
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Warning "AD computer object not found"
}
catch {}

The trick with using multiple catch blocks is to always ensure that the exceptions start with the most specific and work down to the most generic.  In this case the Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException exception comes first – its what Get-ADComputer uses when it can’t find the object.  If you’re wondering where that information comes from look at the first error message in the post – the exception has been highlighted.

The final catch block will catch any other exceptions that come through.

Leave a Reply