[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 426
  • Last Modified:

Script to update attributes in AD

I am looking for a powershell or vbscript which will update below from CSV file

Samaccountname,employeeId,Title,Manager - Csv file header format

I would like to search based on Samaccountname and update EmployeeID, Title, Manager for all users in Forest

I can do this specific to domain but i would like to search entire forest and use a single script to update all users. ( i don't want to run this on individual domains as we have multiple child domains)

As you know Manager needs to be DN (distinguished name) not sure how to search this in forest and update users

Can this also be customised for updating muti valued attribute also if needed to change attributes in future?

Should get some kind of logging too so that if existing attribute for user manager or employeeID or Title is equal to CSV file just say "No changes or no update required" and if there is any error updating "Error for this sameaccountname" and if successful "successfully udpated"

is it possible to create 3 logs file for 3 attributes?
0
chandru_sol
Asked:
chandru_sol
  • 16
  • 15
1 Solution
 
SubsunCommented:
Check this and see if it works for you..
Note : Test the script on lab servers before running in production..

You need to have Quest ActiveRoles Management Shell for Active Directory to run this script..

<#
Provide input CSV with following headers and add samaccount of manager to Manager column.
Samaccountname,employeeId,Title,Manager
Replace your root domain name with your.domain.com
#>
Connect-QADService your.domain.com -GC
import-csv -Path c:\users.csv | foreach {
Try{
get-qaduser -SamAccountName $_.SamAccountName | set-qaduser -manager (get-qaduser -SamAccountName $_.manager) -ErrorAction Stop
Write-Host "Successfully Updated Manager of $_.SamAccountName"
}
Catch {Write-Host "Not able to Update Manager of $_.SamAccountName" -BackgroundColor Yellow -ForegroundColor Red}
Try{
Get-qaduser -SamAccountName $_.SamAccountName | set-qaduser -title $_.Title -ErrorAction Stop
Write-Host "Successfully Updateed Title of $_.SamAccountName"
}
Catch{Write-Host "Not able to Update Title of $_.SamAccountName" -BackgroundColor Yellow -ForegroundColor Red}
Try{
Get-qaduser -SamAccountName $_.SamAccountName | set-qaduser -objectattributes @{employeeId=$_.employeeId} -ErrorAction Stop
Write-Host "Successfully Updateed employeeId of $_.SamAccountName"
}
Catch{Write-Host "Not able to Update employeeId of $_.SamAccountName" -BackgroundColor Yellow -ForegroundColor Red}
}

Open in new window

0
 
chandru_solAuthor Commented:
Thanks Subsun!!

With this script it is going to change information every time even it has correct information already right

-KC
0
 
SubsunCommented:
Yes...
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
chandru_solAuthor Commented:
Can it be modified so that it compares and only updates changes?

-KC
0
 
SubsunCommented:
Try this... You need to have an account which has permission across the forest to run this script.. If you have seperate accounts for each domain then we need to add the credentials to the script...

<#
Provide input CSV with following headers and add samaccount of manager to Manager column.
Samaccountname,employeeId,Title,Manager
Replace your root domain name with your.domain.com
#>
$RootDomain = "your.domain.com"
$Inputfile = "c:\users.csv"
import-csv -Path $Inputfile | foreach {
Connect-QADService $RootDomain -GC
$User = Get-QADUser -IncludeAllProperties $_.SamAccountName
$Manager = get-qaduser $_.manager
If ($user -ne $null)
{Connect-QADService $User.Domain.Dnsname
#Writing Manager
if ($User.Manager -eq $Manager.dn)
{Write-host "No need to update Manager for "$User.SamAccountName}
Else{Try{get-qaduser $user | set-qaduser -manager $manager -ErrorAction Stop | out-null
Write-Host "Successfully Updated Manager of "$User.SamAccountName}
Catch {Write-Host "Not able to Update Manager of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}
#Writing title
if ($User.Title -eq $_.Title)
{Write-host "No need to update Title for "$User.SamAccountName}
Else{Try{get-qaduser $user | set-qaduser -title $_.Title -ErrorAction Stop | out-null
Write-Host "Successfully Updated Title of "$User.SamAccountName}
Catch{Write-Host "Not able to Update Title of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}
#Writing employeeId
if ($User.employeeId -eq $_.employeeId)
{Write-host "No need to update employeeId for "$User.SamAccountName}
Else{Try{get-qaduser $user | set-qaduser -objectattributes @{employeeId=$_.employeeId} -ErrorAction Stop | out-null
Write-Host "Successfully Updated employeeId of "$User.SamAccountName}
Catch{Write-Host "Not able to Update employeeId of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}
}Else {Write-Host "Not able to find User "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}
}

Open in new window

0
 
chandru_solAuthor Commented:
Just wanted to confirm can we do this with powershell in Exchange or AD rather than using Quest AD shell

-KC
0
 
SubsunCommented:
Yes it's possible, As I always use Quest CMDLETs I am addicted to it.. ;-) .. It's really Simpler, Easier and More Effective ...
0
 
chandru_solAuthor Commented:
Thanks Subsun!

I will try and get back to you

Advise on how to learn powershell. I am more interested in learning stuffs and trying out


-KC
0
 
SubsunCommented:
0
 
chandru_solAuthor Commented:
Thanks Subsun!! Sorry for delay. Can this be updated to write to log file?
0
 
SubsunCommented:
Yes, you can use Add-Content instead of Write-host to write error to a log file..

Ref: http://technet.microsoft.com/en-us/library/ee156791.aspx
0
 
chandru_solAuthor Commented:
Subsun,

EmployeeID attribute comparision between AD and CSV file doesn't work

as this is not default attribute we need to define and then compare? Can you shed some light on this?

Thanks
C
0
 
SubsunCommented:
The EmployeeID in csv should not contain and extra space, if it's there then it may not match. Else it should match if it is same..
0
 
chandru_solAuthor Commented:
I checked and confirmed there is no space but seeing that it doesn't match

when i check in debug i see EmployeeID is null and not pull attribute. Do we need to include EmployeeID attribute separately?
0
 
SubsunCommented:
You mean the EmployeeID value from AD is null?
0
 
chandru_solAuthor Commented:
$User.employeeId is null even after we are trying to get all attributes in below line

$User = Get-QADUser -IncludeAllProperties $_.SamAccountName

I confirm there is employeeID in AD and no space in CSV with employeeID
0
 
SubsunCommented:
Are you getting the employeeID listed when you run...
Get-QADUser -IncludeAllProperties username  | FL emp*
0
 
chandru_solAuthor Commented:
Yes i see it when i run below

Get-QADUser -IncludeAllProperties username  | FL emp*
0
 
SubsunCommented:
In that case it should work.. I am not seeing any issue with script however, I will test it in my lab when I get a chance and let you know..
0
 
SubsunCommented:
Try this and let me know what you get as result.. replace 12345 with the employee ID of user which has issue with script..

Connect-QADService "your.domain.com" -GC
$User = Get-QADUser -IncludeAllProperties username 
$User.employeeId -eq "12345"

Open in new window

0
 
chandru_solAuthor Commented:
Thanks! is there anyway we can test if CSV output for employeeID is working fine for input or it is sent as null
0
 
SubsunCommented:
Simple method, you can just print the var inside the script and see what is the value..
Write-Host "AD employeeId - "$User.employeeId
Write-Host "CSV employeeId - "$_.employeeId

Open in new window

0
 
chandru_solAuthor Commented:
I see that when i run the entire script User.employeeId is not working

I added below to script and i get AD employeeId as blank. Weird

Write-Host "AD employeeId - "$User.employeeId
Write-Host "CSV employeeId - "$_.employeeId
0
 
SubsunCommented:
It seems the employeeId attribute is not replicating to GC.. Try this..
<#
Provide input CSV with following headers and add samaccount of manager to Manager column.
Samaccountname,employeeId,Title,Manager
Replace your root domain name with your.domain.com
#>
$RootDomain = "your.domain.com"
$Inputfile = "c:\users.csv"
import-csv -Path $Inputfile | foreach {
Connect-QADService $RootDomain -GC
$User = Get-QADUser $_.SamAccountName
$Manager = get-qaduser $_.manager

If ($user -ne $null)
 {Connect-QADService $User.Domain.Dnsname
  $User = Get-QADUser -IncludeAllProperties $_.SamAccountName

#Writing Manager
 if ($User.Manager -eq $Manager.dn)
  {Write-host "No need to update Manager for "$User.SamAccountName} Else{
   Try{get-qaduser $user | set-qaduser -manager $manager -ErrorAction Stop | out-null
     Write-Host "Successfully Updated Manager of "$User.SamAccountName}
   Catch {Write-Host "Not able to Update Manager of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}

#Writing title
 if ($User.Title -eq $_.Title)
  {Write-host "No need to update Title for "$User.SamAccountName}Else{
   Try{get-qaduser $user | set-qaduser -title $_.Title -ErrorAction Stop | out-null
     Write-Host "Successfully Updated Title of "$User.SamAccountName}
   Catch{Write-Host "Not able to Update Title of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}

#Writing employeeId
 if ($User.employeeId -eq $_.employeeId)
  {Write-host "No need to update employeeId for "$User.SamAccountName}Else{
   Try{get-qaduser $user | set-qaduser -objectattributes @{employeeId=$_.employeeId} -ErrorAction Stop | out-null
     Write-Host "Successfully Updated employeeId of "$User.SamAccountName}
   Catch{Write-Host "Not able to Update employeeId of "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}}
 }Else {Write-Host "Not able to find User "$_.SamAccountName -BackgroundColor Yellow -ForegroundColor Red}
}

Open in new window

0
 
chandru_solAuthor Commented:
Thanks!

EmployeeID seems fine now but Manager has issues. It is trying to find manager from csv only in domain where user exist but manager is part of another domain
0
 
SubsunCommented:
Hmm.. I have attached the updated script.. Please try and let me know how it goes..
PS.txt
0
 
chandru_solAuthor Commented:
Thank you. Works now

Would you reocmmend some books for powershell starters?
0
 
chandru_solAuthor Commented:
Thank you for your patience! i learned few things from this script and would like to learn more
0
 
SubsunCommented:
I have the following books, you can try it out... There may be sample chapters available in net which you can read it before you get it..

Learn Windows PowerShell in a Month of Lunches - D. Jones
Windows.PowerShell.Cookbook -OReilly
Windows Powershell in Action By Bruce Payette
0
 
chandru_solAuthor Commented:
One last thing it doesn't work for all child domains. Only for machine where i am connected to by default

any reason?

QAD-Connectservice ?
0
 
SubsunCommented:
What do you mean by it doesn't work for all child domains? is not making changes or any other issue?
Basically we need to connect to GC using QAD-Connectservice to pull information about the objects from any domain in forest. and when making change you need to connect to the user domain. That's what we have done in script..
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 16
  • 15
Tackle projects and never again get stuck behind a technical roadblock.
Join Now