Split into separate try/catch blocks so ManagedBy failure does not block Notes

2026-04-21 15:21:04 +10:00
parent 16adc9825f
commit bf7f0762c1
1 changed files with 111 additions and 85 deletions
@@ -9,6 +9,8 @@
      1. Sets the computer object's "managedBy" attribute to the user's DN
      2. Sets the user object's "info" attribute (Notes / Telephones tab) to the computer name

+    Each operation runs independently - if one fails the other still runs.
+
    PREREQUISITES:
    - AD permissions must be delegated so that Authenticated Users (or Domain Users)
      can WRITE the "managedBy" attribute on Computer objects in the relevant OU(s).
@@ -63,30 +65,26 @@ try {
 # -- Build the notes string ----------------------------------------------------
 $notesValue = "Last logon: $computerName ($loginTimestamp)"

-try {
-    if ($useADModule) {
-        # -- AD Module path ----------------------------------------------------
+# -- Resolve user and computer DNs --------------------------------------------
+$userDN = $null
+$userObj = $null
+$computerDN = $null
+
+if ($useADModule) {
+    try {
        $userObj = Get-ADUser -Identity $currentUser -Properties info -ErrorAction Stop
+        $userDN = $userObj.DistinguishedName
+    } catch {
+        Write-Log "Could not find user '$currentUser' in AD: $($_.Exception.Message)" "ERROR"
+        exit 1
+    }
+    try {
        $computerObj = Get-ADComputer -Identity $computerName -Properties managedBy -ErrorAction Stop
-
-        # Set computer ManagedBy
-        if ($computerObj.managedBy -eq $userObj.DistinguishedName) {
-            Write-Log "ManagedBy already set to $currentUser. No change needed."
-        } else {
-            Set-ADComputer -Identity $computerName -ManagedBy $userObj.DistinguishedName -ErrorAction Stop
-            Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$($userObj.DistinguishedName)'"
+        $computerDN = $computerObj.DistinguishedName
+    } catch {
+        Write-Log "Could not find computer '$computerName' in AD: $($_.Exception.Message)" "ERROR"
    }
-
-        # Set user Notes (info attribute)
-        if ($userObj.info -eq $notesValue) {
-            Write-Log "User notes already current. No change needed."
-        } else {
-            Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
-            Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
-        }
-
-    } else {
-        # -- ADSI fallback (no module required) --------------------------------
+} else {
    $rootDSE = [ADSI]"LDAP://RootDSE"
    $domainDN = $rootDSE.defaultNamingContext

@@ -112,12 +110,22 @@ try {

    if (-not $computerResult) {
        Write-Log "Could not find computer '$computerName' in AD." "ERROR"
-            exit 1
-        }
-
+    } else {
        $computerDN = $computerResult.Properties["distinguishedname"][0]
+    }
+}

-        # Set computer ManagedBy
+# -- Task 1: Set computer ManagedBy (separate try/catch) -----------------------
+if ($computerDN -and $userDN) {
+    try {
+        if ($useADModule) {
+            if ($computerObj.managedBy -eq $userDN) {
+                Write-Log "ManagedBy already set to $currentUser. No change needed."
+            } else {
+                Set-ADComputer -Identity $computerName -ManagedBy $userDN -ErrorAction Stop
+                Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
+            }
+        } else {
            $currentManagedBy = $null
            if ($computerResult.Properties["managedby"].Count -gt 0) {
                $currentManagedBy = $computerResult.Properties["managedby"][0]
@@ -131,8 +139,25 @@ try {
                $computerEntry.SetInfo()
                Write-Log "SUCCESS: Set ManagedBy on '$computerName' to '$userDN'"
            }
+        }
+    } catch {
+        Write-Log "FAILED to set ManagedBy: $($_.Exception.Message)" "ERROR"
+    }
+} else {
+    Write-Log "Skipping ManagedBy - computer object not found." "WARN"
+}

-        # Set user Notes (info attribute)
+# -- Task 2: Set user Notes (separate try/catch) -------------------------------
+if ($userDN) {
+    try {
+        if ($useADModule) {
+            if ($userObj.info -eq $notesValue) {
+                Write-Log "User notes already current. No change needed."
+            } else {
+                Set-ADUser -Identity $currentUser -Replace @{info = $notesValue} -ErrorAction Stop
+                Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
+            }
+        } else {
            $currentNotes = $null
            if ($userResult.Properties["info"].Count -gt 0) {
                $currentNotes = $userResult.Properties["info"][0]
@@ -147,9 +172,10 @@ try {
                Write-Log "SUCCESS: Set Notes on '$currentUser' to '$notesValue'"
            }
        }
-} catch {
-    Write-Log "FAILED: $($_.Exception.Message)" "ERROR"
-    exit 1
+    } catch {
+        Write-Log "FAILED to set Notes: $($_.Exception.Message)" "ERROR"
+    }
 }

+Write-Log "Script finished."
 exit 0