Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1338
  • Last Modified:

Powershell error handling

I have a script that lists the directories in a specific location, then goes through and sets the ACLs on them (using get-acl and set-acl). Basically, it takes the name of the folder, which happens to be the name of the user who owns the folder (Home Directories), and gives them modify permissions and sets the folder to inherit from the root folder.

However, when running the script, it errors out when it comes to a folder for which there is no matching user (in the case of terminated employees). I'm looking for a way to ignore that folder and simply move on. The "-ea silentlycontinue" parameter won't work unfortunately, as it's not actually a cmdlet that's erroring out. Attached is the code, and any help is appreciated!

I know I could write some code that would check if the user exists in AD before attempting to modify the ACL, but we're only talking about 3-4 out of ~2000, so that seems kind of like overkill at this point. If that's the best solution though, I'll go with that.

It errors out on the 3rd to last line, $ACLBase.SetAccessRule($AccessRule).
cls
Set-Location d:\Data\Home
$Inherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propogation = [System.Security.AccessControl.PropagationFlags]"None"
$Foldername = Get-ChildItem * | Where-Object {$_.attributes -match "Directory"}
 
foreach ($Fullpath in $Foldername) {
$ACLBase = Get-Acl d:\Data\Home\
#Uncomment the following line to verify default permissions during step debugging
#Set-Acl -Path $Fullpath -AclObject $ACLBase
$username = $Fullpath.Name
$AddACL = "advocatesinc\$username", "Modify", $Inherit, $propogation, "Allow"
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $AddACL
$ACLBase.SetAccessRule($AccessRule)
$ACLBase | Set-Acl $Fullpath 
}

Open in new window

0
tilbard
Asked:
tilbard
1 Solution
 
Chris DentPowerShell DeveloperCommented:

You might also consider checking for the user as below. It uses the Quest CmdLets but could be done natively if it's an appealing method.

http://www.quest.com/powershell/

Otherwise... examples below.

Chris
# Checking for a user
 
...
$username = $Fullpath.Name
# An "IsNull" type check
If (Get-QADUser $username) {
  # Set the permissions
}
 
# Just Ignore It...
 
...
$ErrorActionPreference = "SilentlyContinue"
$ACLBase.SetAccessRule($AccessRule)
$ErrorActionPreference = "Continue"
...
 
# Catching the Exception - allowing it to be handled
 
Set-Variable -Name ErrMsg -Value "OK" -Scope Script;
Trap [Exception] {
  Write-Host "Error occurred, ignoring it"
  # Might set a variable so we can check for the error outside of Trap
  $Script:ErrMsg = ($_.Exception.Message.ToString()).Trim();
  # Or just write the message here
  Write-Host $Script:ErrMsg
  Continue;
}
$ACLBase.SetAccessRule($AccessRule)

Open in new window

0
 
tilbardAuthor Commented:
Thanks again, that's twice today now! Catching the exception with Trap worked, though just ignoring it by setting the ErrorActionPreference still errored out the script.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now