Get-AdUser cmdlet in PowerShell gets one or more active directory users. While performing aduser based operation, if an aduser object doesn’t exist and is not handled properly, it may throw an exception as an aduser directory object not found and cause the script to terminate.
ErrorAction parameter values like Continue, Ignore, SilentlyContinue, Stop or Suspend in PowerShell determines how to handle non-terminating errors.
In this article, we will discuss how to check the existence of active directory user objects using the Get-AdUser ErrorAction parameter and handle errors.
Get AdUser ErrorAction
The Get-AdUser ErrorAction parameter in Active Directory works great with the try-catch block. We will check it with an example.
If you use the Get-ADUser ErrorAction parameter in the script as given below, it will not work
$adUser = 'aronss'
$testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue
if(!$testuser)
{
Write-Output -Verbose "User does not exist!"
}
else
{
Write-Host 'Get aduser creation date'
Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated
}
In the above PowerShell script,
The first command gets the aduser and assigns it to the $testuser variable. If the aduser doesn’t exist, the ErrorAction parameter will handle the error using the SilentlyContinue value.
In the second command, it checks for an ad user object and writes output on the terminal.
The problem with the above method is it handles the error but could not suppress the error message.
The output of the above command is given below
Get-ADUser : Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.
At line:2 char:13
+ $testuser = Get-ADUser -Identity $adUser -ErrorAction SilentlyContinu ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (aronss:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Micros
oft.ActiveDirectory.Management.Commands.GetADUser
User does not exist!In the above output, it prints the error message “get aduser directory object not found” and prints User does not exist! message on the terminal.
Using a try-catch block works great and handles errors as well.
Let’s understand the above example by using the try-catch block
$adUser = 'aronss'
try {
Get-ADUser -Identity $adUser -ErrorAction SilentlyContinue
Write-Host 'Get aduser creation date'
Get-ADUser $adUser -Properties whenCreated | Select Name,whenCreated
}
catch {
Write-Output $_.Exception.Message
}
In the above PowerShell script,
We have put all the code in the try-catch block.
In the try block, if the exception is raised, it will be caught in the catch block and write output to the terminal.
The output of the above PowerShell script is given below
Cannot find an object with identity: 'aronss' under: 'DC=SHELLPRO,DC=LOCAL'.Cool Tip: How to fix the Get-AdUser: Directory Object not found in PowerShell!
Conclusion
I hope the above article on how to check the existence of an aduser using the Get-AdUser ErrorAction parameter is helpful to you.
We have learned in the above article, that using a try-catch block is great to handle errors like get aduser directory object not found and handling it using the ErrorAction parameter.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.