PowerShell脚本跳过了一些用户

发布于 2025-01-19 14:57:26 字数 548 浏览 3 评论 0原文

我有以下脚本，应该运行 Sailpoint IdentityIQ 中的所有身份，并删除成员资格，但它不会随机影响用户，我们在日志中看到它正确处理一个用户，然后启动下一个用户，但该脚本然后从下一个用户开始，不更新之前的用户。

我们可以添加锁或重试直到完成吗？

这是我们已有的代码。

谢谢你！

    $ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | where {$_.Name -ne "Domain Users"}
        if ($ADgroups -ne $null){
          try{
            Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false
            wlog  "info"  "Removed all assigned AD groups." $mainfn
          } catch { }
        }

原文

I have the following script that should run through all identities from Sailpoint IdentityIQ, and remove the membership, but it randomly don't affect users, we saw in the logs that it process one user correctly and then the next one starts but the script then start with the next user not updating the one before.

Can we add a lock or retry until it's done?

Here's the code we already have.

Thank you!

    $ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | where {$_.Name -ne "Domain Users"}
        if ($ADgroups -ne $null){
          try{
            Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false
            wlog  "info"  "Removed all assigned AD groups." $mainfn
          } catch { }
        }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一笑百媚生 2025-01-26 14:57:26

正如已经评论过的，您当前的代码不会输出错误，因为您在 catch 块中没有执行任何操作。另外，通过不指定 -ErrorAction Stop，并非所有错误都会使代码执行 catch 块中的任何内容。

尝试

# assuming the variable $adUser is a valid AD object or the DistinguishedName, GUID, SID or SamAccountName
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | Where-Object {$_.Name -ne "Domain Users"}
# force $ADgroups to be an array here so you can use its .Count property
if (@($ADgroups).Count) {
    try {
        # append ErrorAction STop to also capture non-terminating errors in the catch block
        Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false -ErrorAction Stop
        # log success
        wlog  "info"  "Removed all assigned AD groups." $mainfn
    } 
    catch { 
        # log error
        wlog  "error"  $_.Exception.Message $mainfn
    }
}

As already commented, your current code does not output errors, because you do nothing in the catch block. Also, by not specifying -ErrorAction Stop, not all errors will make the code execute whatever is in the catch block..

Try

# assuming the variable $adUser is a valid AD object or the DistinguishedName, GUID, SID or SamAccountName
$ADgroups = Get-ADPrincipalGroupMembership -Identity $adUser | Where-Object {$_.Name -ne "Domain Users"}
# force $ADgroups to be an array here so you can use its .Count property
if (@($ADgroups).Count) {
    try {
        # append ErrorAction STop to also capture non-terminating errors in the catch block
        Remove-ADPrincipalGroupMembership -Identity $adUser -MemberOf $ADgroups -Confirm:$false -ErrorAction Stop
        # log success
        wlog  "info"  "Removed all assigned AD groups." $mainfn
    } 
    catch { 
        # log error
        wlog  "error"  $_.Exception.Message $mainfn
    }
}

回复收藏 0 原文

~没有更多了~