I'm trying to validate the output of the Get-AzADGroup command from the Az.Resources PowerShell module. When provided with a group display name, I want to make sure that command outputs a group object that:
- Exists
- Is assigned (static) membership type
- Is not synced from on-prem AD (cloud only group).
The command Get-AzADGroup does not produce an error when using a non-existent group name as the DisplayName parameter.
I've tried using a switch statement to validate the output:
$AzADGroupName = "non_existent_group"
$AzADGroupObject = Get-AzADGroup -DisplayName $AzADGroupName
switch ($AzADGroupObject)
{
{$_.GroupType -eq "DynamicMembership"} {Write-Error "Group is dynamic."}
{$_.AdditionalProperties.onPremisesSecurityIdentifier} {Write-Error "Group is synced from on-prem."}
{!$_.Id} {Write-Error "Group does not exist"}
}
The first two cases in the switch statement work fine, but if the group does not exist, the last case does not match, even though the $AzADGroupObject appears to be empty/null. I've tried various other methods to detect whether or not the Get-AzADGroup command has populated the variable with an actual object. Using $null as the value in the switch statement doesn't work. Using the OutVariable parameter on the Get-AzADGroup command to set the AzADGroupObject variable also makes no difference.
What am I missing?
