input object from csv into active directory attribute

This topic contains 2 replies, has 2 voices, and was last updated by  Jeff Scharfenberg 1 month, 4 weeks ago.

  • Author
    Posts
  • #73075

    Jeff Scharfenberg
    Participant

    I have a script that inputs users employeeID's into a specific active directory attribute.

    I'm noticing that it's not working for new users since their field is blank to start. Now i'm not sure if I need to modify the code to have the field -eq "$null" or something as right now it's -eq "".

    
    #Gets the EmployeeID of the user from AD
                    $existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
                                    
    #Check if the employee ID is already set and set to ID given by Oracle
                    if ($existingEmployeeID -eq "") {
                
                        #Set Employee ID of user in AD - only if it was previously unset
                        Set-ADUser $adUserByEmail -EmployeeID $employeeID
                        write-host "TRIED TO WRITE NEW ID"
    

    What do you think?

    I should also add that is if add $existingEmployeeID -ne "" in the if statement then it works, but i really don't want to make it rewrite to AD everytime. HR may screw up the employeeID's which could be an issue.
    thanks

  • #73091

    Rob Simmers
    Participant

    By default the AD attribute should be NULL ($null). However, if anyone is setting values in AD by setting them to "" versus a Set-ADUser -Clear EmployeeID, then you could run into some false positives. Rather than checking if the value is null, you may want to consider checking to see if it's a pattern. For instance, say the employee ID is 5 numeric digits, you could do a regex pattern like this:

    $ids = "23456", "234dg", "1234", "55352", "1234456"
    
    foreach ($id in $ids) {
        New-Object -TypeName PSObject -Property @{
            ID = $id;
            Match = ($id -match "^\d{5}$")
        }
    }
    

    Output:

    ID      Match
    --      -----
    23456    True
    234dg   False
    1234    False
    55352    True
    1234456 False
    
  • #73250

    Jeff Scharfenberg
    Participant

    Thanks for the help Rob.

    What i ended up doing was an AD employeeid check against the Spreadsheet and also include $null.

    So

       #Sets the format of EmployeeID to Oracle CSV
                    $employeeid = $employee.emplid
                     Write-Host "Employee ID: " $employeeid
                    
                    #Gets the EmployeeID of the user from AD
                    $existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
                                    
                    #Check if the employee ID is already set and set to ID given by Oracle
                    if ($existingEmployeeID -ne $employeeid -or $null) {
                
                        #Set Employee ID of user in AD - only if it was previously unset or set to wrong ID
                        Set-ADUser $adUserByEmail -EmployeeID $employeeID
                        write-host "TRIED TO WRITE NEW ID"
    

    that way it covers if it's a new hire with no employeeid and if HR somehow types in the wrong one at hire.

You must be logged in to reply to this topic.