Foreach logic question

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Lance Rosser Lance Rosser 1 year, 10 months ago.

  • Author
    Posts
  • #22040
    Profile photo of Lance Rosser
    Lance Rosser
    Participant

    I have a CSV that has the following column headings:

    UserID Name GroupName LogonRestrictions

    UserID is the sAMAccountName.

    GroupName is the name of an AD group

    LogonRestrictions is a machine name.

    My current script is as follows:

    $inputFile = "\\NP1SECR016v\SECRpt\LogonRestrictionConfig\SSLVPN_Users.csv"

    $complist = Import-Csv -Path $inputFile | ForEach-Object {$_.Logonrestrictions}

    foreach($comp in $complist){

    $comparray += ","+$comp

    }

    Set-ADUser -Identity "H139616" -LogonWorkstations $comparray

    #End Script

    this works great if all the records are for the same UserID. However, the csv that I am given has multiple user accounts. In other words the first 10 records will be for userA with a unique logonrestriction value (10 unique computer names). The next 20 records will be for user B with an entirely different list of computer names. I have like 27 unique user IDs and the total record count is 1800.

    Is there a clever way to built the $comparray for the first unique user ID then run the set-aduser command and then build the $comparray for the next unique user ID and so on and so on?

  • #22042
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You'll probably want to use the Group-Object command. Something along these lines:

    $inputFile = "\\NP1SECR016v\SECRpt\LogonRestrictionConfig\SSLVPN_Users.csv"
    
    $data = Import-Csv -Path $inputFile
    
    $userGroups = $data | Group-Object -Property UserID
    
    foreach ($userGroup in $userGroups)
    {
        $comparray = $userGroup.Group | Select-Object -ExpandProperty LogonRestrictions
        $complist = $comparray -join ','
    
        Set-ADUser -Identity $userGroup.Name -LogonWorkstations $complist
    }
    
  • #22044
    Profile photo of Lance Rosser
    Lance Rosser
    Participant

    Dave – this is exactly what I needed. Excellent! One more question, is it possible to do group-object nesting?

    The object of the scrip is to do the following...

    for each unique user:

    1. Add the machines listed in the LogonRestrictions column to the LogonRestrictions attribute

    2. Add the user account to the groups listed in the GroupName column.

    Note: the GroupName might have the group name value repeated (same value) or it could be a different value. So I guess I would use the group-object to pull the unique values from the GroupName column.

    Does that make sense?

  • #22045
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You can have nested loops and nested calls to Group-Object if you like, but what you're describing doesn't sound like you need a second call to Group-Object. Instead, for each user, you just want to create a list of unique computer names and group names (which can be done with Select-Object, rather than Group-Object). For example:

    $inputFile = "\\NP1SECR016v\SECRpt\LogonRestrictionConfig\SSLVPN_Users.csv"
     
    $data = Import-Csv -Path $inputFile
     
    $userGroups = $data | Group-Object -Property UserID
     
    foreach ($userGroup in $userGroups)
    {
        $comparray = $userGroup.Group | Select-Object -ExpandProperty LogonRestrictions -Unique
        $complist = $comparray -join ','
     
        Set-ADUser -Identity $userGroup.Name -LogonWorkstations $complist
    
        $groupArray = $userGroup.Group | Select-Object -ExpandProperty GroupName -Unique
        Add-ADPrincipalGroupMembership -Identity $userGroup.Name -MemberOf $groupArray
    }
    
  • #22059
    Profile photo of Lance Rosser
    Lance Rosser
    Participant

    Very clean. Thank you Dave 🙂

You must be logged in to reply to this topic.