小贝子编程

Powershell 尝试/捕获/最终执行不正确(或者我已经完全冲洗了它)



我有一个检查循环组的脚本。
该脚本采用域中的所有组(父组(,检查这些组的成员身份,并将 objectClass 为"group"的任何成员添加到数组(子组(。

然后,该脚本检查子组以查看父组是否是子组的成员(是的,这是允许的,但仍然不是一个好主意(。

我添加了一个 try/catch/finally 块,以便我可以获取实际的组名称,而不是 PowerShell 返回的截断错误消息。

问题是,脚本在遇到的第一个错误时停止,而不是继续。

这是我第一次尝试/捕获,所以请耐心等待。

下面是脚本:

$original_ErrorActionPreference = 'Continue'
$ErrorActionPreference = 'Stop'
Import-Module -Name ActiveDirectory
$domains = @('corp.com', 'dom1.corp.com', 'dom2.corp.com')

foreach($domain in $domains){
Write-Host $domain -ForegroundColor Yellow
$parents = Get-ADGroup -server $domain -Properties name,objectclass -Filter * #get all domain groups
write-host $parents.count
$table = @()
$pGroupCount = @($parents).Count
$record = @{
'Parent' = ''
'Child' = ''
'Nester' = ''
}
foreach($parent in $parents){ 
Write-Host $parent.name -ForegroundColor Green

脚本到此为止有效。

这是失败的部分——

try { #get members in the parent that are groups
$children = Get-ADGroupMember -Identity $parent | Where-Object{$_.ObjectClass -eq 'group'} | Select-Object name,distinguishedName,objectClass  
} catch [Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember]{
Write-Host $parent.name ' must be checked manually' -ForegroundColor blue -BackgroundColor Yellow
$parent.distinguishedName | Out-String -Width 4096 | Out-File -FilePath "$env:USERPROFILEdesktop$domain-manualCheck.txt" -Width 5120 -Append
} finally {
$pGroupCount = $pGroupCount - 1
write-host $children.count ' - ' $children.name -ForegroundColor Gray
Write-Host $pGroupCount ' groups to go' -foregroundColor yellow

foreach($child in $children){ #get members in the children that are groups AND that have the same name as the parent
$nested = Get-ADGroupMember $child.name | Where-Object {$_.objectClass -eq 'group' -and $_.name -eq $parent.name} 
$nestedCount = @($nested).count
if ($nestedCount -gt 0){
foreach($nester in $nested){
Write-Host $parent.name -ForegroundColor White
Write-Host $nestedCount -ForegroundColor Magenta
Write-Host $nester.name -ForegroundColor Cyan
$record.'Parent' = $parent.name
$record.'Child' = $child.name
$record.'Nester' = $nester.name
$objRecord = New-Object psobject -Property $record
$table += $objRecord
}
}
}
$table | Export-Csv -Path "$env:USERPROFILEdesktop$domain-Group-Report.csv" -NoTypeInformation
$error | out-string -width 4096 | Out-File -FilePath "$env:USERPROFILEdesktop$domain-Errors.txt" -Width 5120 -Append
}
}
}
$ErrorActionPreference = $original_ErrorActionPreference

一旦脚本命中第一个有问题的组,就会返回以下错误(添加 #comments(:

PS C:Usersadmin_jDesktop> .gtest.ps1
corp.com #current domain
283 #total group count
Exchange Servers #current group
6  -  Exchange Install Domain Servers Exchange Install Domain Servers Exchange Install Domain Servers Exchange Install Domain Servers Exchange Install Domain Servers #6 groups within the parent, groups are from sub-domains
Exchange Install Domain Servers
282  groups to go
Get-ADGroupMember : Cannot find an object with identity: 'Exchange Install Domain Servers' under: 'DC=corp,DC=com'.
At C:Usersadmin_jDesktopgtest.ps1:46 char:15
+     $nested = Get-ADGroupMember $child.name | Where-Object $_.objectClass -eq ' ...
+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (Exchange Install Domain Servers:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'Exchange Install Domain Servers' under: 'DC=corp,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

为什么脚本没有将错误组(在本例中为"Exchange 安装域服务器"下:"DC=corp,DC=com"(写入文件,而是停止了? 该团体确实存在。

我应该添加另一个块来捕获任何"找不到对象"错误并将其发送到文件吗?

谢谢!

正如 Will 的评论所暗示的那样,您确实通过指定与您希望抛出的异常不匹配的类型文本来填充您的catch子句。

catch子句的一般语法如下

catch [catch-type-list] <statement block>

其中[catch-type-list]是异常类型的可选列表,关联的语句块将充当其异常处理程序。

这意味着,这个捕获条款:

catch [Microsoft.ActiveDirectory.Management.Commands.GetADGroupMem‌​ber] {
# ...
}

将只处理由类型[Microsoft.ActiveDirectory.Management.Commands.GetADGroupMem‌​ber]的异常引起的错误 - 这当然不是异常类型,因此关联的语句块永远不会执行。

为了使catch子句在此上下文中有意义,请指定相关的异常类型:

try{
Get-ADGroupMember -Identity $parent
}
catch [Microsoft.ActiveDirectory.Management.ADServerDownException]{
# DC is unreachable, abort
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException]{
# Group identity not resolved, add to list and continue
}
catch {
# Something else, completely unforeseen, happened, you might want to re-throw and return from your function
}

最后一个省略类型列表的catch子句称为常规 catch 子句,它将处理与前面的任何catch 子句不匹配的任何异常。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium