John Savills Frequently Asked Questions on IT Pro: Windows

FAQs: PowerShell Errors; Billing Data in Azure; Password Changes on Azure AD Accts

Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions. Read through the FAQ archives, or send him your questions via email.

Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.

Read through the FAQ archives, or send him your questions via email.

A selection of FAQs related to error handling in PowerShell, viewing billing data in Azure and understanding password change restrictions for replicated Azure AD accounts.

----------

Q. I want to run a PowerShell command and suppress any errors. What is the best way to do this?
Dept - PowerShell

A. Within a PowerShell script you can set an error action to say always silently continue however the problem with this is that all errors are suppressed which may actually hide errors we want to see. Instead you can set an error action on specific commands using the -ErrorAction parameter, for example:

$NSG = Get-AzureRmNetworkSecurityGroup -Name "AdminVM" -ResourceGroupName "MigrationLab" -ErrorAction SilentlyContinue

Now even if the command fails, for example the object does not exist, there will be no error and the script will just continue. You can then handle whatever problem there is in your code.

Also don't forget you can use try {} catch {}. For example:

$ErrorActionPreference = 'Stop'

try
{
    $NSG = Get-AzureRmNetworkSecurityGroup -Name "AdminVMd" -ResourceGroupName "MigrationLab"
}
catch
{
    write-output "broken"
}

This enables you to suppress the standard error and then handle it with your own logic.

Q. What permissions are required to access billing data for an Azure subscription?
Dept - Azure

A. To view billing data for an Azure subscription you need one of the roles outlined at https://docs.microsoft.com/en-us/azure/billing/billing-manage-access. The most minimal role that enables the billing access would be via the Billing Reader role.

Q. I'm using Azure AD Connect to replicate users from AD to Azure AD with password hash replication but users can't change their passwords for 24 hours. Why?
Dept - Azure AD

A. By default Active Directory has a policy that says a users password can only be changed once every 24 hours (Minimum password age). This is stop people just constantly changing their password back to a single password they use forever. Normally you set a flag that says for new users they must change their password on first logon which overrides this setting however for accounts replicated to Azure AD with the password this does not happen and people cannot change their password.

One solution is for the first logon and password change do this against a regular AD joined machine.

If this is not possible you can change the policy to 0 (which removes the 1 day wait) and then people can change their passwords straight away via the myapps.microsoft.com site.

To change the policy navigate to Computer Configuration - Policies - Windows Settings - Security Settings - Account Policies - Password Policy - Minimum password age then set to 0. You can also set Enforce password history so the last certain number of passwords are remembered so cannot be reused.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish