• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 133
  • Last Modified:

powershell - check for exisiting AD User

Very simple powershell function (part below) . No matter what the $username variable is I always get the message 'User already exists'. Obviously I am trying with nonsense usernames that definitely don't exist as well as those that do. what's going on?

-----

Function CreateStaff ()
{
# Check if an AD User of that name already exists
$ADUserCheck = get-aduser -Identity $username -ErrorAction SilentlyContinue

    If ($ADUserCheck -eq $null)
      {
        Write-Host "User does not already exist, creating staff user..."
      }
     
    Else
      {
      Write-Warning "$username already exists"
      }
}
0
Pete
Asked:
Pete
  • 2
2 Solutions
 
oBdACommented:
When a cmdlet errors out, it returns nothing, not $Null, so ($ADUserCheck -eq $null) will always be $False.
Just drop the "-eq $Null" and reverse the logic:
Function CreateStaff () {
	# Check if an AD User of that name already exists
	$ADUserCheck = Get-ADUser -Identity $username -ErrorAction SilentlyContinue
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

Open in new window

0
 
PeteAuthor Commented:
OK, now when I enter a unique username (so it should create a user) I get the error:

---

get-aduser : Cannot find an object with identity: 'thisisausername' under: 'DC=domain,DC=LOCAL'.
At .ps1:190 char:16
+ ... UserCheck = get-aduser -Identity $username -ErrorAction SilentlyConti ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (SDFSDFSDFSDFS:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundExcep
   tion,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
SubsunCommented:
Using -ErrorAction SilentlyContinue may not suppress the error, use Try catch method, and you also need to define a parameter.
Function CreateStaff ($Username) {
	$ADUserCheck = Try {Get-ADUser -Identity $username}Catch{}
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

CreateStaff UserA

Open in new window

Or use Filter or LDAPFilter
$ADUserCheck = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"

Open in new window

0
 
oBdACommented:
Catch (only) the ADIdentityNotFoundException, in case something else in AD isn't working:
Function CreateStaff () {
	# Check if an AD User of that name already exists
	Try {
		$ADUserCheck = Get-ADUser -Identity Bla -ErrorAction SilentlyContinue
	} Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
	}
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

Open in new window

0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now