Suppressing Errors in Functions Using ErrorActionPreference

I’ve run into an odd issue that on the surface (to this newbie at least) appears unique to PSAD. Again, not a PowerShell guru so this could be lack of understanding on my part.

I wrote a function to quickly enumerate group membership:

Function Get-CurrentUserGroupMembership
        $CurrentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
        $private:PreviousErrorActionPreference = $ErrorActionPreference
        $ErrorActionPreference = 'SilentlyContinue'
        $Groups = $CurrentUser.Groups | foreach-object { $_.Translate([Security.Principal.NTAccount]) }
        if($private:PreviousErrorActionPreference) { $ErrorActionPreference = $PreviousErrorActionPreference }
        Return $Groups

When running the code in the PowerShell ISE or a console it works fine. However after adding it to AppDeployToolkitMain.ps1 and testing by way of calling an actual test installation, it fails with:

Deploy-Application.ps1 : Module [AppDeployToolkitMain.ps1] failed to load:
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At AppDeployToolkitMain.ps1:8960 char:41
+         $Groups = $CurrentUser.Groups | foreach-object { $_.Translate([Security. ...
+                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At line:1 char:1
+ . "Deploy-Application.ps1" ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Deploy-Application.ps1

How can I properly suppress errors in a Function within PSAD? Or more specifically how can I get this Function to work within PSAD the same way it works in the ISE or a console?

It doesn’t have anything to do with the PSADT. The error states that there was a problem translating one of the identity references. It’s never a good idea to just suppress an error instead of trying to deal with it in a Try/Catch block. $ErrorActionPreference only suppresses non-terminating errors. It cannot suppress terminating, resource not found, or permissions errors. You have to deal with those by using a Try/Catch block. The account you used to run the script probably can’t translate one of the Group names because it doesn’t have the appropriate permissions because maybe the Group is a domain admin account. I have no idea, but the first step would be figuring out which SID failed to translate.

I would recommend reading this to fully understand how error trapping works:

I apologize for the short message - in a rush but wanted to say a couple of things:

First of all thanks for the reply and I appreciate that link! I skimmed it very briefly, looks incredibly useful and I’m going to drill into it on my lengthy flight. (hence why I’m in a rush.)

Second, I just wanted to reiterate:

  • when I copy/paste the code within the function in a console (or ISE) be it elevated or not, it works fine.
  • when I copy/paste the function and call it in a consoleor ISE) be it elevated or not, it works fine.
  • its only when I run the Deploy-Application.ps1 script that it fails. And that’s happening as the same user as the first two steps above, in the same console no less. That’s what prompted me to post here for guidance, otherwise I would have taken it to TechNet or

Having said that, and to your point though, I should figure out which SID failed to translate and I intend to do so. It just bugs me that it works outside of PSADT but fails within PSADT. Make sense?

Again, many thanks for that link as [proper] error handling is something I can always use a help with.
I’ll me out of pocket for a few days so my responses will be delayed. Thanks again!

Regardless, I don’t think a SID translation failure has anything to do with the toolkit. I’m not sure what, but I think something else is going on.

Here’s a link on why a SID translation failure might occur:

This code should help you get to the bottom of what is failing:

Function Get-CurrentUserGroupMembership {
	$CurrentUserGroupSIDs = [Security.Principal.WindowsIdentity]::GetCurrent().Groups
	ForEach ($GroupSID in $CurrentUserGroupSIDs) {
		Try {
			$CurrentUserGroupNTAccounts += $GroupSID.Translate([Security.Principal.NTAccount])
		Catch {
			Write-Error -Message "Failed to translate current user group SID [$GroupSID]: $($_.Exception.Message)"
	Write-Output -InputObject $CurrentUserGroupNTAccounts