The Get-AdUser cmdlet in PowerShell gets one or more active directory users. While performing aduser based operation, if an aduser object doesn’t exist and is not handled properly, it may throw an exception as an aduser directory object not found and cause the script to terminate.
ErrorAction parameter values like Continue, Ignore, SilentlyContinue, Stop, or Suspend in PowerShell determine how to handle non-terminating errors.
In this article, we will discuss how to check the existence of active directory user objects using the Get-AdUser ErrorAction parameter and handle errors.
Get AdUser ErrorAction
The Get-AdUser ErrorAction parameter in Active Directory works great with the try-catch block. We will check it with an example.
If you use the Get-ADUser ErrorAction parameter in the script as given below. If the get aduser fails, then it will throw an exception “Get-ADUser: Cannot find an object with identity:”.
$adUser = 'aronss' $testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue if(!$testuser) { Write-Output -Verbose "User does not exist!" } else { Write-Host 'Get aduser creation date' Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated }
In the above PowerShell script,
The first command gets the aduser and assigns it to the $testuser
variable. If the aduser doesn’t exist, the ErrorAction parameter will handle the error using the SilentlyContinue value.
In the second command, it checks for an ad user object and writes output on the terminal.
The problem with the above method is it handles the error but cannot suppress the error message.
The output of the above command is given below
Get-ADUser : Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.
At line:2 char:13
+ $testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinu ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (aronss:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Micros
oft.ActiveDirectory.Management.Commands.GetADUser
User does not exist!
In the above output, it prints the error message “Get-ADUser: Cannot find an object with identity ” and prints User does not exist! message on the terminal.
Using the Get-Aduser
command with a try-catch block works great and handles errors as well.
Let’s understand the above example by using the try-catch block with Get-AdUser cmdlet.
$adUser = 'aronss' try { Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue Write-Host 'Get aduser creation date' Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated } catch { Write-Output $_.Exception.Message }
In the above PowerShell script,
We have put all the code in the try-catch block.
In the try block, if the exception is raised, it will be caught in the catch block and write output to the terminal.
The output of the above PowerShell script is given below.
Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.
Cool Tip: How to fix the Get-AdUser: Directory Object not found in PowerShell!
Conclusion
I hope the above article on how to check the existence of an aduser using the Get-AdUser ErrorAction parameter is helpful to you.
We have learned in the above article, that using a try-catch block is great for handling errors like get aduser directory object not found and handling it using the ErrorAction parameter.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.