I have a small script to retrieve the CAC CN information for our users who have Common Access Cards (CAC Tokens)
[pre]
$users=get-aduser-filter {Enabled-eq'True'} -searchbase'MY OU'-property“Certificates” foreach($userin$users) { $CertInfo=($user.Certificates |select-object-expandpropertySubject) $FormatInfo=($CertInfo-split",",2)[0] $Info=($FormatInfo-replace'CN=','') #Add-Content C:\Outputfiles\CACCNs.csv -value $Info Write-Host$Info }
The code works but, when it encounters a user who has not yet been issued a CAC, the script displays a "blank" line where that user's CAC CN info would normally be displayed, shown in the example output below:
Bob Thomas
Gina Thornton
Tim Givens
Tony Bargram
Lee Story
My initial thought is that I need to use a try/catch routine to record the ($user.name) of those people who do not have a CAC CN but I don't seem to be having any luck so far because "how" I pull the CAC CN information doesn't really lend itself to recording instances where a CAC CN may or may not be present.
I can't put the try/catch on the Get-ADUser command because I'm looking for enabled accounts and everyone returned by the command has an enabled account.
Try/catch doesn't seem to work on the $CertInfo=($user.Certificates line telling me I have an unexpected token (Which is ironic considering I'm looking for people without a token)
Maybe I need to do an If "subject" = NULL? (just grasping at straws here)
Can I get some pointers on where/how to record the username information for users with no token?