Ensure AD operations finish successfully or interrupt the script if errors occur, with proper logging











up vote
0
down vote

favorite












The following code takes all users from a selected OU. It scans their group membership and if these groups are not under their own OU it creates new groups, adds all members to this group, adds the new group to the old group and removes all members from the old group. This is part of a clean-up.



My concern is to ensure if the group is not created but the users are removed from their old group already, it would cause quite a bit of trouble.



Therefore, I entered the try{}-catch{} blocks and finally also the log file. I am wondering however whether there is a better and safer way to ensure the operation to be running and logging errors properly.



$list = Get-ADUser -Filter * -SearchBase "OU=PrivilegedAccounts,DC=Global,DC=Local"

$IAM = '*OU=PrivilegedAccounts*'

$DA = '*Domain Users*'

$ErrorActionPreference = "Stop"

$Error.Clear()



#Goes through the user list one-by-one

foreach ($user in $list)

    {

#$GroupMembership takes the group membership for each user from the list

    $GroupMembership = $user | Get-ADPrincipalGroupMembership



    foreach ($Group in $GroupMembership)

            {

#Takes every group and checks whether the groups does not contain neither 'PrivilegedAccounts' nor 'Domain Users'

            if (($Group.distinguishedName -notlike 

                 $IAM) -and ($Group.distinguishedName -notlike $DA))

                {

#$NewGroup sets the name for the new 'prefix-'group name

                $NewGroup = $("prefix-" + $Group.name)



#Creates a new AD group in the PREFIX OU structure

                New-ADGroup -Name $NewGroup -Path "OU=PrivilegedAccounts,DC=Global,DC=Local" 

                                                   -GroupScope Global



<#

Adds the new PREFIX group to the old group

Adds the prefix-account to the new PREFIX group

Checks whether any of the functions throw an error. If yes, the script will be exited                

#>

                try{

                    Add-ADGroupMember -Identity $Group.name -Members $NewGroup

                    Add-ADGroupMember -Identity $NewGroup -Members $user.Name

                    Remove-ADGroupMember -Identity $Group.name -Members $user.Name -Confirm:$false

                    }

                   Catch

                        {

                        $_.Exception.Message

                        }



                $Error | Out-File -FilePath C:UsersPublicDesktopAD_errors.txt

                }

            }

    }





error-handling logging powershell active-directory







share|improve this question







New contributor




Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    0
    down vote

    favorite












    The following code takes all users from a selected OU. It scans their group membership and if these groups are not under their own OU it creates new groups, adds all members to this group, adds the new group to the old group and removes all members from the old group. This is part of a clean-up.



    My concern is to ensure if the group is not created but the users are removed from their old group already, it would cause quite a bit of trouble.



    Therefore, I entered the try{}-catch{} blocks and finally also the log file. I am wondering however whether there is a better and safer way to ensure the operation to be running and logging errors properly.



    $list = Get-ADUser -Filter * -SearchBase "OU=PrivilegedAccounts,DC=Global,DC=Local"
    
$IAM = '*OU=PrivilegedAccounts*'
    
$DA = '*Domain Users*'
    
$ErrorActionPreference = "Stop"
    
$Error.Clear()
    

    
#Goes through the user list one-by-one
    
foreach ($user in $list)
    
    {
    
#$GroupMembership takes the group membership for each user from the list
    
    $GroupMembership = $user | Get-ADPrincipalGroupMembership
    

    
    foreach ($Group in $GroupMembership)
    
            {
    
#Takes every group and checks whether the groups does not contain neither 'PrivilegedAccounts' nor 'Domain Users'
    
            if (($Group.distinguishedName -notlike 
    
                 $IAM) -and ($Group.distinguishedName -notlike $DA))
    
                {
    
#$NewGroup sets the name for the new 'prefix-'group name
    
                $NewGroup = $("prefix-" + $Group.name)
    

    
#Creates a new AD group in the PREFIX OU structure
    
                New-ADGroup -Name $NewGroup -Path "OU=PrivilegedAccounts,DC=Global,DC=Local" 
    
                                                   -GroupScope Global
    

    
<#
    
Adds the new PREFIX group to the old group
    
Adds the prefix-account to the new PREFIX group
    
Checks whether any of the functions throw an error. If yes, the script will be exited                
    
#>
    
                try{
    
                    Add-ADGroupMember -Identity $Group.name -Members $NewGroup
    
                    Add-ADGroupMember -Identity $NewGroup -Members $user.Name
    
                    Remove-ADGroupMember -Identity $Group.name -Members $user.Name -Confirm:$false
    
                    }
    
                   Catch
    
                        {
    
                        $_.Exception.Message
    
                        }
    

    
                $Error | Out-File -FilePath C:UsersPublicDesktopAD_errors.txt
    
                }
    
            }
    
    }





    error-handling logging powershell active-directory







    share|improve this question







    New contributor




    Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      The following code takes all users from a selected OU. It scans their group membership and if these groups are not under their own OU it creates new groups, adds all members to this group, adds the new group to the old group and removes all members from the old group. This is part of a clean-up.



      My concern is to ensure if the group is not created but the users are removed from their old group already, it would cause quite a bit of trouble.



      Therefore, I entered the try{}-catch{} blocks and finally also the log file. I am wondering however whether there is a better and safer way to ensure the operation to be running and logging errors properly.



      $list = Get-ADUser -Filter * -SearchBase "OU=PrivilegedAccounts,DC=Global,DC=Local"
      
$IAM = '*OU=PrivilegedAccounts*'
      
$DA = '*Domain Users*'
      
$ErrorActionPreference = "Stop"
      
$Error.Clear()
      

      
#Goes through the user list one-by-one
      
foreach ($user in $list)
      
    {
      
#$GroupMembership takes the group membership for each user from the list
      
    $GroupMembership = $user | Get-ADPrincipalGroupMembership
      

      
    foreach ($Group in $GroupMembership)
      
            {
      
#Takes every group and checks whether the groups does not contain neither 'PrivilegedAccounts' nor 'Domain Users'
      
            if (($Group.distinguishedName -notlike 
      
                 $IAM) -and ($Group.distinguishedName -notlike $DA))
      
                {
      
#$NewGroup sets the name for the new 'prefix-'group name
      
                $NewGroup = $("prefix-" + $Group.name)
      

      
#Creates a new AD group in the PREFIX OU structure
      
                New-ADGroup -Name $NewGroup -Path "OU=PrivilegedAccounts,DC=Global,DC=Local" 
      
                                                   -GroupScope Global
      

      
<#
      
Adds the new PREFIX group to the old group
      
Adds the prefix-account to the new PREFIX group
      
Checks whether any of the functions throw an error. If yes, the script will be exited                
      
#>
      
                try{
      
                    Add-ADGroupMember -Identity $Group.name -Members $NewGroup
      
                    Add-ADGroupMember -Identity $NewGroup -Members $user.Name
      
                    Remove-ADGroupMember -Identity $Group.name -Members $user.Name -Confirm:$false
      
                    }
      
                   Catch
      
                        {
      
                        $_.Exception.Message
      
                        }
      

      
                $Error | Out-File -FilePath C:UsersPublicDesktopAD_errors.txt
      
                }
      
            }
      
    }





      error-handling logging powershell active-directory







      share|improve this question







      New contributor




      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      The following code takes all users from a selected OU. It scans their group membership and if these groups are not under their own OU it creates new groups, adds all members to this group, adds the new group to the old group and removes all members from the old group. This is part of a clean-up.



      My concern is to ensure if the group is not created but the users are removed from their old group already, it would cause quite a bit of trouble.



      Therefore, I entered the try{}-catch{} blocks and finally also the log file. I am wondering however whether there is a better and safer way to ensure the operation to be running and logging errors properly.



      $list = Get-ADUser -Filter * -SearchBase "OU=PrivilegedAccounts,DC=Global,DC=Local"
      
$IAM = '*OU=PrivilegedAccounts*'
      
$DA = '*Domain Users*'
      
$ErrorActionPreference = "Stop"
      
$Error.Clear()
      

      
#Goes through the user list one-by-one
      
foreach ($user in $list)
      
    {
      
#$GroupMembership takes the group membership for each user from the list
      
    $GroupMembership = $user | Get-ADPrincipalGroupMembership
      

      
    foreach ($Group in $GroupMembership)
      
            {
      
#Takes every group and checks whether the groups does not contain neither 'PrivilegedAccounts' nor 'Domain Users'
      
            if (($Group.distinguishedName -notlike 
      
                 $IAM) -and ($Group.distinguishedName -notlike $DA))
      
                {
      
#$NewGroup sets the name for the new 'prefix-'group name
      
                $NewGroup = $("prefix-" + $Group.name)
      

      
#Creates a new AD group in the PREFIX OU structure
      
                New-ADGroup -Name $NewGroup -Path "OU=PrivilegedAccounts,DC=Global,DC=Local" 
      
                                                   -GroupScope Global
      

      
<#
      
Adds the new PREFIX group to the old group
      
Adds the prefix-account to the new PREFIX group
      
Checks whether any of the functions throw an error. If yes, the script will be exited                
      
#>
      
                try{
      
                    Add-ADGroupMember -Identity $Group.name -Members $NewGroup
      
                    Add-ADGroupMember -Identity $NewGroup -Members $user.Name
      
                    Remove-ADGroupMember -Identity $Group.name -Members $user.Name -Confirm:$false
      
                    }
      
                   Catch
      
                        {
      
                        $_.Exception.Message
      
                        }
      

      
                $Error | Out-File -FilePath C:UsersPublicDesktopAD_errors.txt
      
                }
      
            }
      
    }





      error-handling logging powershell active-directory




      error-handling logging powershell active-directory






      share|improve this question







      New contributor




      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 14 mins ago









      Alex_P

      11




      11




      New contributor




      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Alex_P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.



























          active

          oldest

          votes











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Alex_P is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f209051%2fensure-ad-operations-finish-successfully-or-interrupt-the-script-if-errors-occur%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Alex_P is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Alex_P is a new contributor. Be nice, and check out our Code of Conduct.













          Alex_P is a new contributor. Be nice, and check out our Code of Conduct.












          Alex_P is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f209051%2fensure-ad-operations-finish-successfully-or-interrupt-the-script-if-errors-occur%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Costa Masnaga

          Image
          .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m...
          Read more

          Fotorealismo

          Image
          Guerrino Boatto, Venice's St. Barnaba Church and canal Il fotorealismo è un genere di pittura basato sull'uso di una o più fotografie dalle quali l'artista prende le informazioni necessarie da utilizzare poi nel processo della creazione dell'opera, in genere ad olio o ad acrilico, al fine di avere un aspetto finale il più simile possibile alla fotografia. Indice 1 Storia 2 Lista dei fotorealisti 3 Note 4 Voci correlate 5 Altri progetti Storia | Il fotorealismo è un movimento che nasce negli Stati Uniti d'America alla fine degli anni sessanta [1] sulla scia della Pop Art [2] [3] [4] , e insieme condividono il carattere reazionario verso la travolgente ascesa dei media, che alla metà del ventesimo secolo si trasforma in un fenomeno di massa talmente imponente da minacciare il valore dell'immagine nell'arte. [5] [6] Ne consegue così che, colto il gesto d'inizio che fu della Pop Art, i fotorealisti aprono ad un ...
          Read more

          Sidney Franklin

          Image
          Questa voce sull'argomento registi statunitensi è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Sidney Franklin, foto di Carl Van Vechten Oscar alla memoria Irving G. Thalberg 1943 Sidney Franklin , all'anagrafe Sidney Arnold Franklin , (San Francisco, 21 marzo 1893 – Santa Monica, 18 maggio 1972), è stato un regista, produttore cinematografico e attore statunitense. Il 20 giugno 1963, si sposò con l'attrice australiana Enid Bennett. Il matrimonio durò fino alla morte dell'attrice, il 14 maggio 1969 [1] Indice 1 Filmografia 1.1 Regista 1.2 Aiuto regia (parziale) 1.3 Produttore 1.4 Attore (parziale) 2 Note 3 Altri progetti 4 Collegamenti esterni Filmografia | Regista | The Baby , co-regia Chester M. Franklin (1915) The Rivals , co-regia Chester M. Franklin (1915) Little Dick's First Case , co-regia Chester M. Franklin (1915) Her Filmland Hero , co-...
          Read more