我使用Powershell远程处理来创建一些组。 我想检查这些组是否已经存在。无论我尝试什么(尝试/捕获,AND错误操作静默继续),错误一直出现在输出上,这导致脚本在我的自动化系统中失败(RES自动化管理器)。
这里是剧本:
#Create Domain Local Groups for this computer
[string]$compname = $env:COMPUTERNAME
$dc = $env:LOGONSERVER -replace “\\”, “”
$dom = $env:USERDNSDOMAIN.Split(".")
$doml = $dom[0].Substring(0,1)
$Groups = @{}
$Groups.Add("L_$($doml)_" + $compname + "_LAABJ", "SeBatchLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_DLAABJ", "SeDenyBatchLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_LOL", "SeInteractiveLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_DLOL", "SeDenyInteractiveLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_LAAS", "SeServiceLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_DLAAS", "SeDenyServiceLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_ATCFTN", "SeNetworkLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_DATCFTN", "SeDenyNetworkLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_ALTRDP", "SeRemoteInteractiveLogonRight")
$Groups.Add("L_$($doml)_" + $compname + "_DLTRDP", "SeDenyRemoteInteractiveLogonRight")
$GroupDescriptions = @{}
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_LAABJ", "Logon As A Batch Job")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_DLAABJ", "Deny Logon As A Batch Job")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_LOL", "Logon Locally")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_DLOL", "Deny Logon Locally")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_LAAS", "Logon As A Service")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_DLAAS", "Deny Logon As A Service")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_ATCFTN", "Access This Computer From The Network")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_DATCFTN", "Deny Access This Computer From The Network")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_ALTRDP", "Allow Logon Through Remote Desktop Protocol")
$GroupDescriptions.Add("L_$($doml)_" + $compname + "_DLTRDP", "Deny Logon Through Remote Desktop Protocol")
#Import Active Directory Commands from ActiveDirectory Module from the DC
$session = New-PSSession -computerName $dc
Invoke-command { import-module activedirectory } -session $session
Export-PSSession -session $session -commandname *-AD* -outputmodule RemAD -allowclobber -Force
Import-Module RemAD -prefix Rem
#Maak de groepen aan.
foreach ($group in $Groups.GetEnumerator())
{
Write-Host "Creating Group $($group.Key)"
try
{
[string]$global:name = $group.Key
$err=@()
$User = Get-ADGroup -Identity $name -ea 'SilentlyContinue' -ev err
if ($User -eq $null)
{
New-ADGroup -Name $group.Key -SamAccountName $group.Key -GroupCategory Security -GroupScope DomainLocal -DisplayName $group.Value -Path "OU=Local Security Groups,OU=Beheer,DC=$($dom[0]),DC=$($dom[1])" -Description $GroupDescriptions[$group.Key] -ErrorAction 'SilentlyContinue'
}
else
{
Write-Host $group.Key already exists.
}
}
catch
{
Write-Host Catch
}
}
#Wait for Groups to be created
Write-Host Waiting 10 seconds...
Start-Sleep -s 10
当一个组不存在时,它会引发错误,即使我认为我没有;也不想要错误。它会引发这个错误:
Cannot find an object with identity: 'L_T_DTEST_LAAS' under: 'DC=domain,DC=local'.
答案 0 :(得分:0)
如果指定了未找到的标识,则Get-ADGroup cmdlet将抛出未处理的异常。
您可以使用try / catch“
Try { $User = Get-ADGroup -Identity $name }
Catch { Continue }
或切换到检查该组是否存在过滤器:
$User = Get-ADGroup -filter "name -eq '$name'"
如果过滤器没有找到任何内容,则只返回$ null。