Add-ADPrincipalGroupMembership doesn't continue on error

hi guys,

i have groups with the same samaccountname on 2 different domains … so i’m trying to add members to those groups

$csv = Import-Csv C:\Users\user\Desktop\csv.csv
foreach($g in $csv){
try {

    (Get-ADGroupMember -Server domain2 -Identity $g.group).samaccountname | Add-ADPrincipalGroupMembership -MemberOf $g.group -ErrorAction Stop
}
catch {
    Write-Host $Error[0] -ForegroundColor Green
}

}

whenever an error occurs … the cmdlet " Add-ADPrincipalGroupMembership" exits instead of continuing to add other members
so for example if a user1 exists on domain2 but not on domain1 , it won’t add any member to the group …
any idea on how to fix that ?

thanks

I can think of two … :wink:

Either you check the existence of the users you want to add before you try to add them or you use a loop and add them one by one. This way you could skip the ones with errors and continue with the next ones.

Well mate… I’m talking of around 4000 groups and lots and lots of users… So there’s no chance of checking users existence… As for the second suggestion… I could only find this cmdlet to accept pipeline for adding members to group

Oooo wait wait… Actually your idea is brilliant… I will check for each user existence inside the loop… I will try that… And i believe it should solve it… Many thanks bro

I should have been more descriptive, sorry. :wink: To check each single user inside your loop against your AD will be time consuming as hell. Instead you should get ALL users of the target domain in advance, save them to an array and check their existence inside the loop against this array.

With this amount of groups and users you should not consider the second suggestion at all as it wouldn’t be any faster or better in any way I think.

Well basically… All users should exist in both AD… I think I’m gonna gather the errors into a file
Maybe something like

catch {write-output $error[0] | out-file c:\temp\file.txt - append}

Then I’ll fix the errors and run the script again

I’m not sure but I think it might not work as you may think it does. :wink:

Why not making sure all needed users exist in the target domain before you start putting them into the desirde groups? :wink: