Powershell 脚本跳过一些用户
Powershell script skipping some users
我有以下脚本应该 运行 通过 Sailpoint IdentityIQ 的所有身份,并删除成员资格,但它随机不会影响用户,我们在日志中看到它正确处理了一个用户并且然后下一个开始,但脚本然后从下一个用户开始,而不更新之前的用户。
我们可以加锁或重试直到完成吗?
这是我们已有的代码。
谢谢!
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | where {$_.Name -ne "Domain Users"}
if ($ADgroups -ne $null){
try{
Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false
wlog "info" "Removed all assigned AD groups." $mainfn
} catch { }
}
如前所述,您当前的代码不会输出错误,因为您在 catch 块中未执行任何操作。此外,通过不指定 -ErrorAction Stop,并非所有错误都会使代码执行 catch 块中的任何内容..
尝试
# assuming the variable $adUser is a valid AD object or the DistinguishedName, GUID, SID or SamAccountName
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | Where-Object {$_.Name -ne "Domain Users"}
# force $ADgroups to be an array here so you can use its .Count property
if (@($ADgroups).Count) {
try {
# append ErrorAction STop to also capture non-terminating errors in the catch block
Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false -ErrorAction Stop
# log success
wlog "info" "Removed all assigned AD groups." $mainfn
}
catch {
# log error
wlog "error" $_.Exception.Message $mainfn
}
}
我有以下脚本应该 运行 通过 Sailpoint IdentityIQ 的所有身份,并删除成员资格,但它随机不会影响用户,我们在日志中看到它正确处理了一个用户并且然后下一个开始,但脚本然后从下一个用户开始,而不更新之前的用户。
我们可以加锁或重试直到完成吗?
这是我们已有的代码。
谢谢!
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | where {$_.Name -ne "Domain Users"}
if ($ADgroups -ne $null){
try{
Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false
wlog "info" "Removed all assigned AD groups." $mainfn
} catch { }
}
如前所述,您当前的代码不会输出错误,因为您在 catch 块中未执行任何操作。此外,通过不指定 -ErrorAction Stop,并非所有错误都会使代码执行 catch 块中的任何内容..
尝试
# assuming the variable $adUser is a valid AD object or the DistinguishedName, GUID, SID or SamAccountName
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | Where-Object {$_.Name -ne "Domain Users"}
# force $ADgroups to be an array here so you can use its .Count property
if (@($ADgroups).Count) {
try {
# append ErrorAction STop to also capture non-terminating errors in the catch block
Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false -ErrorAction Stop
# log success
wlog "info" "Removed all assigned AD groups." $mainfn
}
catch {
# log error
wlog "error" $_.Exception.Message $mainfn
}
}