Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AD User Modification PS script won't update user properties if manager ID is not available in AD

Posted on 2016-10-22
8
Medium Priority
?
132 Views
Last Modified: 2016-10-24
Help required for user modification script on list of users

The script has condition that if user manager is available in AD, set the same along with other properties, if not it should update the other properties

# Start of script
Import-Module ActiveDirectory

# Import File
$Users = Import-Csv "C:\userupdate\users.csv"
#Processing each user
Foreach ($User in $Users) {
    
    try {
        $ADUser = $null

        
        $ADUser = Get-ADUser -Identity $User.Username -ErrorAction SilentlyContinue
        if ($ADUser -ne $null) {
            $Manager = $null
            $Manager = Get-ADUser -Identity $User.ManagerID -ErrorAction SilentlyContinue
            if ($Manager -ne $null) {
                Set-ADUser -Identity $ADUser -Department $User.Department -Manager $user.ManagerID `
                -EmailAddress $User.Email -Company $user.Company -MobilePhone $user.CellPhone -Title $user.Title
                                
            }
            else {
                Set-ADUser -Identity $ADUser -Department $User.Department `
                -EmailAddress $User.Email -Company $user.Company -MobilePhone $user.CellPhone -Title $user.Title
                
            }
        }
       
             "$($ADUser.sAMAccountName), User Modified Successfully" | Out-File -FilePath "C:\userupdate\result.txt" -Append -Force
    }
# Catch error if any
    catch {
        "$($ADUser.sAMAccountName), Failed" | Out-File -FilePath "C:\userupdate\result.txt" -Append -Force
        $error[0] | Out-File "C:\userupdate\errorlog.txt" -Append
    }
}

Open in new window


No matter what I do, if manager ID is not available in AD, script simply won't process that user and don,t update other properties of that user

I wanted that if manager id is not available in AD, still script should process other properties

Any help would be highly appreciated
0
Comment
Question by:Mahesh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 41

Expert Comment

by:footech
ID: 41856186
Try modifying line 23 to
$ADUser | Set-ADUser -Department $User.Department `

Open in new window


Also, why are you setting -ErrorAction to SilentlyContinue?  It pretty much negates the purpose of the try...catch block.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41856284
Does every user in your csv have a ManagerID?
Line 18
if (($Manager -ne $null) -and ($user.ManagerID -ne $nulll) ){
0
 
LVL 38

Author Comment

by:Mahesh
ID: 41856295
Tried that

Still no luck

what should be -Erroraction ?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 38

Author Comment

by:Mahesh
ID: 41856297
yes csv has managerID defined because it is import from some other HRMS tool but those managerID may not available in AD

As soon as script did not find managerID in AD, it simply ignore that user by ignoring all conditions (if else etc)
0
 
LVL 25

Accepted Solution

by:
Coralon earned 1000 total points
ID: 41856381
You might try reworking it.. something like this..
Import-Module -Name ActiveDirectory -ErrorAction SilentlyContinue

$Users = Import-Csv -Path 'C:\userupdate\users.csv'

foreach ($User in $Users)
{
	Try
	{
		$ADUser = Get-ADUser -identity $User.UserName 
		Try
		{
		Set-ADUser -Identity $ADUser -Department $User.Department -EmailAddress $User.Email -Company $user.Company -MobilePhone $user.CellPhone -Title $user.Title
		}
		catch
		{
			"$($ADUser.sAMAccountName), User Modified Successfully (base properties)" | Out-File -FilePath "C:\userupdate\result.txt" -Append -Force
		}
		$ManagerID = $User.ManagerID
		
		if ($ManagerID) 
		{
			Try
			{
				$Manager = Get-ADUser -identity $ManagerID 
				Set-ADUser -identity $ADUser -Manager $Manager 
				"$($ADUser.sAMAccountName), User Modified Successfully" | Out-File -FilePath "C:\userupdate\result.txt" -Append -Force
			}
			catch
			{
				Write-Output "The ManagerID for $($User.username) does not exist in ActiveDirectory"
			}
		}
		else
		{
			Write-Output "No ManagerID specified for $($User.UserName)"
		}
	}
	catch
	{
		"$($ADUser.sAMAccountName), Failed" | Out-File -FilePath 'C:\userupdate\result.txt' -Append -Force
        $error[0] | Out-File 'C:\userupdate\errorlog.txt' -Append
	{
	Remove-Variable ManagerID, Manager
}

Open in new window


Coralon
0
 
LVL 41

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41857481
I take back my comment about the -ErrorAction parameter.  I thought that Get-ADUser threw a non-terminating error, and you had to set -ErrorAction to Stop (making the error terminating) to get Try/Catch to work with it.  But I can't replicate the behavior now, so maybe my memory is faulty.  In any case, what was happening with your original code was that as soon as any error was thrown by the Get-ADUser command, whether on line 13 or 16, the catch block would be called to handle it.

I think Coralon's approach is good using multiple try/catch blocks.  Another way would be to change your Get-ADUser commands to use the -Filter parameter instead of -Identity, which won't through any errors if no matches are found.
0
 
LVL 38

Author Comment

by:Mahesh
ID: 41858038
"Get-Aduser" if identity failed / didn't exists, it will pass on to next line in csv file

Basically if I try to modify "Manager" field along with other attributes, if manager id is not available in AD, it will simply ignore user for attributes as well.

I tried "if else" loop with filter specified for manager id and it also working, but then its unable to generate error code in errorlogfile if manager id is not available in AD

Hence I moved manager id modification to new line and now its started working.
I have modified code as below

# Start of script
Import-Module ActiveDirectory -ErrorAction Stop

# Define result and error log file
$DateTime = Get-Date -Format ddMMyyyy_HHmm
$ResultLogFile = "C:\userupdate\ResultLogFile_$DateTime.txt"
$ErrorLogFile = "C:\userupdate\ErrorLogFile_$DateTime.txt"
# Import File
$Users = Import-Csv "C:\userupdate\users.csv"
#Processing each user
Foreach ($User in $Users) {
    
    try {
        $ADUser = $null

        $ADUser = Get-ADUser -Identity $User.Username -ErrorAction SilentlyContinue
        if ($ADUser -ne $null) {
                Set-ADUser -Identity $ADUser -Department $User.Department -Manager $user.ManagerID `
                -EmailAddress $User.Email -Company $user.Company -MobilePhone $user.CellPhone -Title $user.Title
		        Set-Aduser -Identity $ADUser -Manager $user.ManagerID -ErrorAction SilentlyContinue }
            											       
	"$($ADUser.sAMAccountName), User Modified Successfully" | Out-File -FilePath $ResultLogFile -Append -Force
        }
            
       
# Catch error if any
    catch {
            if($ADUser.SamAccountName -eq $null) 
                { 
                    "$($user.Username),Account does not exists in AD" | Out-File -FilePath $ResultLogFile -Append -Force 
                                                                                                                          }
            else
                    { 
                      "$($ADUser.SamAccountName),User Modified Successfully but failed to update Manager field because its not availabe in AD" | Out-File -FilePath $ResultLogFile -Append -Force 
                                                                                                                                                                                                    }
                $($ADuser.SamAccountName) + " : " + $error[0].ToString() | Out-File $ErrorLogFile -Append
    }
}

Open in new window

0
 
LVL 38

Author Closing Comment

by:Mahesh
ID: 41858039
I am awarding points to Coralon and Footech both because both have provided valid inputs which helps me to resolve the issue
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question