Powershell 脚本跳过一些用户

Powershell script skipping some users

我有以下脚本应该 运行 通过 Sailpoint IdentityIQ 的所有身份,并删除成员资格,但它随机不会影响用户,我们在日志中看到它正确处理了一个用户并且然后下一个开始,但脚本然后从下一个用户开始,而不更新之前的用户。

我们可以加锁或重试直到完成吗?

这是我们已有的代码。

谢谢!

    $ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | where {$_.Name -ne "Domain Users"}
        if ($ADgroups -ne $null){
          try{
            Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false
            wlog  "info"  "Removed all assigned AD groups." $mainfn
          } catch { }
        }

如前所述,您当前的代码不会输出错误,因为您在 catch 块中未执行任何操作。此外,通过不指定 -ErrorAction Stop,并非所有错误都会使代码执行 catch 块中的任何内容..

尝试

# assuming the variable $adUser is a valid AD object or the DistinguishedName, GUID, SID or SamAccountName
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | Where-Object {$_.Name -ne "Domain Users"}
# force $ADgroups to be an array here so you can use its .Count property
if (@($ADgroups).Count) {
    try {
        # append ErrorAction STop to also capture non-terminating errors in the catch block
        Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false -ErrorAction Stop
        # log success
        wlog  "info"  "Removed all assigned AD groups." $mainfn
    } 
    catch { 
        # log error
        wlog  "error"  $_.Exception.Message $mainfn
    }
}