asked on

Edit Ad Users Powershell Script

Hi All,

I have this powershell script that edits ad users based on a csv.

#Known Issues:
#Source CSV should not have fields that are null. Remove any rows with null data. Email and Directorate are common. (HR to fix)
#Source CSV has duplicates. Fine. First will be overwritten with second. (HR to fix or not)
#Source CSV has shop accounts. Remove them. It breaks O365 (In Cloud) accounts. Remove any @crshop.org.uk emails.
#Source CSV has emails with apostrophe in, which do not work. Remove any emails with apostrophes in.
#Source CSV has headers with excess spaces after the names, such as "Department " instead of "Department". Correct this. 
#Test before running on a couple of accounts.

# Import AD Module             
Import-Module ActiveDirectory            
Write-Host 'Starting to update AD Attributes.......' -NoNewline -ForegroundColor Black -BackgroundColor Cyan

# Gets the date, data sting and import CSV into variable $users           
$date = Get-Date -format "dd/MM/yyyy"
$dateString = $date.ToString()
$users = Import-Csv -Path "path\test.csv"

foreach ($user in $users) {
    #Search for Managers DistinguishedName using the managers EmployeeNumber 
    $Mgr = Get-ADUser -Filter "employeeNumber -eq '$($user."Manager Employee Number")'" | Select -ExpandProperty DistinguishedName
    #Get User emails from CSV file and update attributes on AD           
    Get-ADUser -Filter "EmailAddress -eq '$($user.email)'" | Set-ADUser -Office $($user.location) -employeeNumber $($user."Employee Number") -department $($user."department")  -division $($user."directorate") -company "Marie Curie" -title $($user."Post Ldesc") -Description $($user."Post Ldesc") -manager ($Mgr) -Replace @{employeeType = $($user."type 1"); extensionAttribute1 = ($dateString);}
}

Write-Host 'The attributes have been updated' -ForegroundColor Green

Open in new window

Below are is example of the csv that its importing:

Email	Employee Number	Surname	First name	Post Ldesc	Location	Type 1	Directorate	Department 	Manager Employee Number
howard.price@crshop.org.uk	100012	Price	Howard	Registered Nurse	England & Wales	Permanent-As & When	Caring Services	Caring Services - Patient Services	639

Open in new window

The problem is :
1) If you do not remove all rows with NULL fields, the script uses the last rows data which populates AD with incorrect data for that user.
2) email must be crshop.org.uk
3) sometimes email contains ' special character (apostrophe) and this breaks the script

please help!

Kelly Garcia

ASKER

if the $mgr does not exist the script give me this error:

Get-ADUser : The search filter cannot be recognized
At line:3 char:12
+ $Mgr = Get-ADUser -Filter "employeeNumber -eq '$($user."Manager E ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : The search filter cannot be recognized,Microsoft
.ActiveDirectory.Management.Commands.GetADUser

how can I put a statement to say that if this blank just ignore it and do the rest?

Kelly Garcia

ASKER

I've tried this an it fails:

if ($user.'Manager Employee Number' -ne "NULL")
{
$Mgr = Get-ADUser -Filter "employeeNumber -eq '$($user."Manager Employee Number")'" | Select -ExpandProperty DistinguishedName
}

Kelly Garcia

ASKER

is there a better way of writing the code below, this works:

 try {
    $Mgr = Get-ADUser -Filter "employeeNumber -eq '$($user."Manager Employee Number")'" | Select -ExpandProperty DistinguishedName
        }

    catch {  Write-Verbose $Error[0].ToString() }
    
    try {
    #Get User emails from CSV file and update attributes on AD           
    Get-ADUser -Filter "EmailAddress -eq '$($user.email)'" | Set-ADUser -Office $($user.location) -employeeNumber $($user."Employee Number") -department $($user."department")  -division $($user."directorate") -company "Marie Curie" -title $($user."Post Ldesc") -Description $($user."Post Ldesc") -manager ($Mgr) -Replace @{employeeType = $($user."type 1"); extensionAttribute1 = ($dateString);}
         }

    catch { Write-Verbose $Error[0].ToString() }

Open in new window

Kelly Garcia

ASKER

is there a way I can put if statements on the -office -employeenumber, etc. I only want those commands to be run if it exists in the csv. hope this makes sense.

Set-ADUser -Office $($user.location) -employeeNumber $($user."Employee Number") -department $($user."department") -division $($user."directorate") -company "Marie Curie" -title $($user."Post Ldesc") -Description $($user."Post Ldesc") -manager ($Mgr) -Replace @{employeeType = $($user."type 1"); extensionAttribute1 = ($dateString);}

David Johnson, CD

not a proper csv you probably copy/pasted from excel

#Known Issues:
#Source CSV should not have fields that are null. Remove any rows with null data. Email and Directorate are common. (HR to fix)
#Source CSV has duplicates. Fine. First will be overwritten with second. (HR to fix or not)
#Source CSV has shop accounts. Remove them. It breaks O365 (In Cloud) accounts. Remove any @crshop.org.uk emails.
#Source CSV has emails with apostrophe in, which do not work. Remove any emails with apostrophes in.
#Source CSV has headers with excess spaces after the names, such as "Department " instead of "Department". Correct this. 
#Test before running on a couple of accounts.

# Import AD Module             
#Import-Module -Name ActiveDirectory            
Write-Verbose -Message 'Starting to update AD Attributes.......'

# Gets the date, data sting and import CSV into variable $users           
$date = Get-Date -format 'dd/MM/yyyy'
$dateString = $date.ToString()
$users = Import-Csv -Path '.\test.csv'
$users | Format-List
foreach ($user in $users) {
    #Search for Managers DistinguishedName using the managers EmployeeNumber 
    $Mgr = Get-ADUser -Filter $user.employeeNumber -eq $user."Manager Employee Number"| Select-Object -ExpandProperty DistinguishedName
    #Get User emails from CSV file and update attributes on AD           
    $selectedUser = Get-ADUser -Filter (EmailAddress -eq $user.email)
    $user.email = $user.email  -Replace("!","")
    Set-ADUser  -identity $selectedUser -Office $user.location -employeeNumber $user.'Employee Number'`
    -department $user.department.trim() `
    -division $user.directorate `
    -company 'Marie Curie' `
    -title $user.'Post Ldesc' `
    -Description $user.'Post Ldesc' `
    -manager = ($user.'Manager Employee Number') `
    -extensionAttribute1 = $dateString `
    -emailAddress = $user.email
    }

Write-Verbose -Message 'The attributes have been updated'

Open in new window

Email,Employee Number,Surname,First name,Post Ldesc,Location,Type 1,Directorate,Department,Manager Employee Number
howard.price@crshop.org.uk,100012,Price,Howard,Registered Nurse,England & Wales,Permanent-As & When,Caring Services,Caring Services,-,Patient Services.639

Open in new window

check the csv since it think manager should be Patient Services.639

Kelly Garcia

ASKER

the above script does not work, it fails on many lines.

Kelly Garcia

ASKER

below is a solution I have implemented, I know need to add reporting to it, the ones that are successful and the ones that have failed:

$users = Import-Csv -Path "testcsv.csv" | Where-Object { ($_.PSObject.Properties | ForEach-Object {$_.Value}) -ne ""}


foreach ($user in $users) {
    #Search for Managers DistinguishedName using the managers EmployeeNumber 

         #Get User emails from CSV file and update attributes on AD           
         #Get-ADUser -Filter "EmailAddress -eq '$($user.email)'" | Set-ADUser -Office $($user.location) -employeeNumber $($user."Employee Number") -department $($user."department")  -division $($user."directorate") -company "Marie Curie" -title $($user."Post Ldesc") -Description $($user."Post Ldesc") -manager ($Mgr) -Replace @{employeeType = $($user."type 1"); extensionAttribute1 = ($dateString);}
       

       #Update User Department
       if ($user.'Department' -ne "")
            {


            Try {

                Get-ADUser -Filter "EmailAddress -eq '$($user.email)'" | Set-ADUser -department $($user."department") 
                Write-Host 'User Department has been updated' -ForegroundColor Green
                
                }

            Catch { Write-Verbose $Error[0].ToString() }

             }

        Else { Write-Host 'User Department is Null' -ForegroundColor red } 


       #Update Manager Information

       if ($user.'Manager Employee Number' -ne "")
            {


            Try {

                    $Mgr = Get-ADUser -Filter "employeeNumber -eq '$($user."Manager Employee Number")'" | Select -ExpandProperty DistinguishedName
                    
                    Get-ADUser -Filter "EmailAddress -eq '$($user.email)'" | Set-ADUser -manager ($Mgr)
                       
                    Write-Host "$user.first Name" + "Manager information has been updated" -ForegroundColor Green


                }

            Catch { 
                     
                     write-host "Caught an exception on Manager Information :" -ForegroundColor Red
                     write-host "Exception Type: $($_.Exception.GetType().FullName)" -ForegroundColor Red
                     write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red

     
                      }

             }

        Else { Write-Host 'Manager Employee Number is Null' -ForegroundColor red }
        

    

}

Open in new window

ASKER CERTIFIED SOLUTION

David Johnson, CD

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial