Need help reading from .csv and updating AD

This topic contains 6 replies, has 3 voices, and was last updated by  RaiderLALaker 6 days, 18 hours ago.

  • Author
    Posts
  • #98157

    RaiderLALaker
    Participant

    Hello,
    I'm stuck and hopefully someone can give me some direction. Every 2 weeks I receive a .csv for HR. I use it to sync employee info to AD. I have a script that has been working:

    foreach ($user in $users) {            
    Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local" |            
      Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) 
    }

    I now need to add user's “manager” to AD. So, I did this:

    foreach ($user in $users) {            
    Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local" |            
      Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($user.Manager) 
    }

    However, ADUser -Manager only accepts 4 attributes. The only that makes sense for me is SamAccountName. Unfortunately, our SamAccountName does not match our UPN and it is not included in the .cvs I'm given. I do have the employee's manager's email address, which is the same as the UPN so, I did this to get the SamAccountName of the employee's manager:

    foreach ($user in $users) {            
    Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select SamAccountName
     }

    This works and I get a list of each emplyee's mager's SamAccountName.
    However, I cannot figure out have to feed these results into -Manager $($user.Manager)
    Everything I tried has failed. Mostly because I'm not sure of the correct approach. Any help would be greatly appreciated!

  • #98850

    Don Jones
    Keymaster

    As a quick note, $($user.EmployeeNumber) is unnecessary; just $user.EmployeeNumber would be fine. There's no need for the subexpression syntax here.

    Your difficulty is that you're trying to sort of cram everything into a one-liner, which is a common hiccup for a lot of people. You need to move to a more procedural script. You've got all the pieces already.

    foreach ($user in $users) {            
      $user = Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local"
      $manager = Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select SamAccountName
                
      $user | Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($manager.samaccountname) 
    }
    

    Or something like that. Just store the objects in variables so that you can work with them independently.

    • #98917

      RaiderLALaker
      Participant

      Thanks so much for your help and advice. I'll give that a try.

  • #98928

    David Schmidtberger
    Participant

    Just to add, I would highly recommend some error handling in here, as well as logging changes you made to the ad accounts.
    It will greatly ease your life when questions arise about how a user got changed.
    As well, allows you to report on over-all change, and these types of activities tend to grow almost exponentially once you have proven the ability to handle the changes.

    • #99042

      RaiderLALaker
      Participant

      Yes, you're correct. Logging changes has already been requested. I have considered this but since I'm writing to AD the attributes included in the spreadsheet, the log will just reflect what is in the spreadsheet. Not sure how to log what was replaced. Did not consider error checking. Do you have any examples of logging changes and error checking?

  • #99060

    David Schmidtberger
    Participant

    just a fast update, use at your own risk, but this would be minimum i'd look to do.
    validate your info as provided is accurate with the if statement
    the else would indicate that you couldn't find a user in ad with the get-aduser
    then wrap the set-aduser statement in try/catch
    after the set-aduser send some output to the success log
    in the catch, send text out to the error log.

    foreach ($user in $users)
    {
        $user = Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local"
        $manager = Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select-Object SamAccountName
        if ($user -and $manager)     
        {   
            try
            {
                $user | Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($manager.samaccountname) 
                "set $($user.samaccountname), Division $($user.Division), Department $($user.Department), EmployeeNumber $($user.employeenumber), Title $($user.job), Manager $($manager.samaccountname)"|out-file Successlog.txt -append
            }
            catch
            {
                "Error Updating $($user.Samaccountname)"|out-file ERRORLOG.TXT -append
            }
        }
        else
        {
            "Error finding $($user.email) or $($user.manageremail)in AD"|out-file ERRORLOG.TXT -append
        }
    }
    
    • #99171

      RaiderLALaker
      Participant

      OK, thanks for the example. I'll play around with adding try/catch to my working script.

You must be logged in to reply to this topic.