15

I have a bit of code that looks like this:

if (Get-ADUser $DN -EA SilentlyContinue) {
  # Exists
} else {
  # Doesn't Exist
}

Unfortunately, when Get-ADUser the DN fails to find a user (which is fine, it means the object name is not taken), it throws up and spits out an error. I know it will fail, that's fine, which is why I have an -ErrorAction to SilentlyContinue. Unfortunately it seems to do nothing... I still get barf on the script output. The code works, it's just ugly due to the console spitting out the error.

  • Is there a better way for me to test whether a particular object exists?
  • If not, is there a way to get the ErrorAction to properly be silent?
Myrddin Emrys
  • 42,126
  • 11
  • 38
  • 51
  • 1
    `get-aduser -erroraction 'silentlycontinue'` seems to work properly in powershell-v4.0. – user2609980 Dec 30 '15 at 17:48
  • 1
    @user2609980 I don't know about Powershell 4.0 but nobody uses that version anymore anyways, and `get-aduser -erroraction 'silentlycontinue'` definitely throws an error to the shell both in Powershell v5 and v7. – adamency Sep 05 '22 at 14:08

6 Answers6

22

The only way I have found to be working without spitting an error is with the filter parameter:

if (Get-ADUser -Filter {distinguishedName -eq $DN} ) {
  # Exists
} else {
  # Doesn't Exist
}
Shay Levy
  • 121,444
  • 32
  • 184
  • 206
15

You want to catch the exception of the object not being found, but you still want to fail for other reasons like access denied and such, so you need to specify the exact exception to catch.

Try
{
  Get-ADUser $DN -ErrorAction Stop
  # Do stuff if found
}
Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{ 
  # Do stuff if not found
}

To determine the exception type to catch in other use cases, cause an exception and then do:

$Error[0].Exception.GetType().FullName

The output of that goes into: catch [insert exception type here]

Danijel-James W
  • 1,356
  • 2
  • 17
  • 34
Andy Fraley
  • 1,043
  • 9
  • 16
12

It's an exception, you can just try to catch it like this :

$user = $(try {Get-ADUser $DN} catch {$null})
if ($user -ne $null) {
  # Exists
} else {
  # Doesn't Exist
}
JPBlanc
  • 70,406
  • 17
  • 130
  • 175
3

It appears this command is emitting a terminating error. Use a try { ... } catch { ... } to handle/suppress the error.

Keith Hill
  • 194,368
  • 42
  • 353
  • 369
1

I like to use the filter parameter because it returns null instead of throwing an exception if the user does not exist.

Example:

$user = Get-ADUser -Filter "SamAccountName -eq '$username'"

if ($user -eq $null)
{
    #User does not exist
}
else
{
    #User exists
}
tfederer
  • 11
  • 2
0

I would do this like this:

Get-ADUser | ?{$_.id -eq $DN.id}

Id or some other unique identifier.

This will return the user or null and will wrap the exception.

Dmitry Alexandrov
  • 640
  • 5
  • 23
  • 5
    That works, but it's hideously slow if you have even a moderately sized AD. Fetching every object, then filtering is not practical. – Myrddin Emrys Jul 23 '12 at 09:27
  • Yes, this is for smaller set of iterables. Actually it is the same as Shay Levy's but single line. – Dmitry Alexandrov Jul 23 '12 at 09:29
  • 2
    Are you sure of that? I was under the impression that -Filter was passed directly in as an LDAP query, to prevent thousands of results needing to be returned by the server. – Myrddin Emrys Jul 23 '12 at 15:53