Get AdUser ErrorAction – Check Existence of AD Object

GetAdUser cmdlet in PowerShell gets one or more active directory users. While performing aduser based operation, if an aduser object doesn’t exist and is not handled properly, it may throw an exception as an aduser directory object not found and cause the script to terminate.

ErrorAction parameter values like Continue, Ignore, SilentlyContinue, Stop or Suspend in PowerShell determines how to handle non-terminating errors.

In this article, we will discuss how to check the existence of active directory user objects using the Get-AdUser ErrorAction parameter and handle errors.

Get AdUser ErrorAction

Get-AdUser ErrorAction parameter in Active Directory works great with the try-catch block. We will check it with an example.

If you use the Get-ADUser ErrorAction parameter in the script as given below, it will not work

$adUser = 'aronss'
$testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue

if(!$testuser)
{
           Write-Output -Verbose "User does not exist!"

} 
else
{
      Write-Host 'Get aduser creation date'
      Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated
}

In the above PowerShell script,

The first command gets the aduser and assigns it to the $testuser variable. If the aduser doesn’t exist, the ErrorAction parameter will handle the error using the SilentlyContinue value.

In the second command, it checks for an ad user object and writes output on the terminal.

The problem with the above method is it handles the error but could not suppress the error message.

The output of the above command is given below

Get-ADUser : Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.
At line:2 char:13
+ $testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinu ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (aronss:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Micros 
   oft.ActiveDirectory.Management.Commands.GetADUser
 
User does not exist!

In the above output, it prints the error message “get aduser directory object not found” and prints User does not exist! message on the terminal.

Using try-catch block works great and handles errors as well.

Let’s understand the above example by using the try-catch block

$adUser = 'aronss'
try {
      Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue

      Write-Host 'Get aduser creation date'
      Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated

}
catch {

    Write-Output $_.Exception.Message
}

In the above PowerShell script,

We have put all the code in the try-catch block.

In the try block, if the exception is raised, it will be caught in the catch block and write output to the terminal.

The output of the above PowerShell script is given below

Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.

Conclusion

I hope the above article on how to check the existence of an aduser using the Get-AdUser ErrorAction parameter is helpful to you.

We have learned in the above article, using a try-catch block is great to handle errors like get aduser directory object not found and handling it using the ErrorAction parameter.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment