powershell - Check for user in a group in a different domain -

i stuck piece of code. have 2 ad domains users , groups in them. trying run script check if user member of group disable ev access , if not member of group add them ev enable group.

i have working 1 domain can't work across 2 domains have. want script check domain1 , add group in domain1 if doesn't find user check domain2 , add group in domain2.

below extract of code have struggling recognise domain controller looks in right domain user.

    foreach ($u in $users){ foreach($domain in $domainlist)     {     $dom =get-addomain $domain.name     $dm = $dom.distinguishedname     $dname = $dom.name     $domname = $dom.dnsroot     $addc = get-addomaincontroller -discover -domain $domname     $dc = $addc.hostname     $user = get-aduser $u.name -server $dc      $enablegroup = "cn=evenable,ou=users , computers," + $dom      $disablegroup = "cn=evdisable,ou=users , computers," + $dom              if ((get-aduser $u.name -server $dc -properties memberof).memberof -eq $disablegroup)         {         $name = $u.name         $dm = $domain.name         write-host "$name member of $dm ev disable group" -f yellow         } 

this not hard @ all!

basically replace 1 line following, , use powershell's try/catch syntax. try first chunk of code, if have error, second part instead.

from

$user = get-aduser $u.name -server $dc  

to

try{ $user = get-aduser $u.name -server $dc -erroraction stop} catch {$user = get-aduser $u.name -server otherdc -erroraction stop        $dom =get-addomain otherdomain} 

the whole goal of structure handle branching logic of try this/if fails, instead, , ensure script keep running after point. so, because you're using $dom in later part of script resolve full path of security group, need change $dom value in catch block, i've done above.

just tweak these values appropriate domain , should just work. used approach similar task of own, , try/catch/finally tool job done.