powershell - check for exisiting AD User

Very simple powershell function (part below) . No matter what the $username variable is I always get the message 'User already exists'. Obviously I am trying with nonsense usernames that definitely don't exist as well as those that do. what's going on?

-----

Function CreateStaff ()
{
# Check if an AD User of that name already exists
$ADUserCheck = get-aduser -Identity $username -ErrorAction SilentlyContinue

    If ($ADUserCheck -eq $null)
      {
        Write-Host "User does not already exist, creating staff user..."
      }
     
    Else
      {
      Write-Warning "$username already exists"
      }
}
LVL 1
PeteAsked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
Catch (only) the ADIdentityNotFoundException, in case something else in AD isn't working:
Function CreateStaff () {
	# Check if an AD User of that name already exists
	Try {
		$ADUserCheck = Get-ADUser -Identity Bla -ErrorAction SilentlyContinue
	} Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
	}
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

Open in new window

0
 
oBdACommented:
When a cmdlet errors out, it returns nothing, not $Null, so ($ADUserCheck -eq $null) will always be $False.
Just drop the "-eq $Null" and reverse the logic:
Function CreateStaff () {
	# Check if an AD User of that name already exists
	$ADUserCheck = Get-ADUser -Identity $username -ErrorAction SilentlyContinue
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

Open in new window

0
 
PeteAuthor Commented:
OK, now when I enter a unique username (so it should create a user) I get the error:

---

get-aduser : Cannot find an object with identity: 'thisisausername' under: 'DC=domain,DC=LOCAL'.
At .ps1:190 char:16
+ ... UserCheck = get-aduser -Identity $username -ErrorAction SilentlyConti ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (SDFSDFSDFSDFS:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundExcep
   tion,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
SubsunConnect With a Mentor Commented:
Using -ErrorAction SilentlyContinue may not suppress the error, use Try catch method, and you also need to define a parameter.
Function CreateStaff ($Username) {
	$ADUserCheck = Try {Get-ADUser -Identity $username}Catch{}
    If ($ADUserCheck) {
		Write-Warning "$username already exists"
	} Else {
		Write-Host "User does not already exist, creating staff user..."
	}
}

CreateStaff UserA

Open in new window

Or use Filter or LDAPFilter
$ADUserCheck = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.