I wrote this code which works except for when I tried to add this: -and '$($user.'Manager Email' -notlike '')' to the end of the Get-ADUser Manager section which causes it to fail. What I would like to accomplish is to leave the Manager field blank in AD if the "Manager Email" field is blank within the CSV file. Any help would be greatly appreciated.
$Users = Import-CSV C:\AD-Test\HROrgData202207_2.csv
foreach ($User in $Users)
{$AdUser = Get-ADUser -Filter "EmailAddress -eq '$($user.'Business Email')' -and Enabled -eq '$True'" -Properties mail -ErrorAction SilentlyContinue
$manager = Get-ADUser -Filter "EmailAddress -eq '$($user.'Manager Email')' -and '$($user.'Manager Email' -notlike '')'" -Properties mail -ErrorAction SilentlyContinue
if ($adUser) {
Set-ADUser -Identity $ADUser -Department $user.Department -Title $user.Job -Office $user.Location -Description $user.Position -EmployeeID $user.'Employee ID' -Company $user.'Legal Entity' -Manager $manager
}
else {
Write-Warning "User $($User.'Business Email') could not be found"
}
Related
I have a variable I pull from a form that I need to tie in with a matching display name to retrieve an existing samAccountName.
If (Get-ADUser -Filter { (displayName -eq $user) -AND ($Returner -eq "Yes")} ) {
$Check = Get-ADUser -Filter{displayName -eq $user} -Properties SamAccountName
$sam = $check.SamAccountName
$sam
}
As soon as I have the -AND ($Returner.....) part in there the check fails to execute.
I need that check in there as that is what is passed from the Cherwell form to flag that a user is a returner and then I am going to pull in the current samAccountName for that person.
Can someone assist on how I should be using a check of a parameter in with the Get-ADUser command.
Many thanks
S.
I don't see why you would perform the same Get-ADUser command twice..
You can do this like below:
$adUser = Get-ADUser -Filter "DisplayName -eq '$user'" -Properties DisplayName, SamAccountName
$sam = if (($adUser) -and $Returner -eq "Yes" ) { $adUser.SamAccountName }
$sam
Hope that helps
You are using $Returner inside of the -filter of get-aduser. If I understand correctly, this is a variable created by a form.
You should check for $Returner inside of the if statement:
If ( (Get-ADUser -Filter { displayName -eq $user}) -AND ($Returner -eq "Yes")) {
$Check = Get-ADUser -Filter{displayName -eq $user} -Properties SamAccountName
$sam = $check.SamAccountName
$sam
}
I have created a script for a project with some code which I was given fused with my own. Most of the commands which are great, but unfortunately two commands are not working.
These commands are:
Set-ADUser $UserName -replace #{title="Former Employee" + $title}
Move-ADObject -Identity $UserName -TargetPath "OU=Former Employee,OU=Users,OU=Contoso,DC=Contoso,DC=local"
Any ideas? I appreciate the help!
Here is the full script:
$UserName = Read-Host "Please enter username to be disabled"
if ($UserName) {
''
} Else {
'User not Found'
}
Disable-ADAccount $UserName
Get-ADUser $UserName -Properties MemberOf | ForEach-Object {
$_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false }
$title = get-aduser $UserName -properties title
$title = $title.title
$old=Get-ADuser $UserName -properties Description
$old = $old.description
$new = "DISABLED " + $old
set-aduser $UserName -description $new
set-aduser $UserName -clear "manager"
set-aduser $UserName -clear "telephonenumber"
# these two:
set-aduser $UserName -replace #{title="Former Employee" + $title}
Move-ADObject -Identity $UserName -TargetPath "OU=Former Employee,OU=Users,OU=Contoso,DC=Contoso,DC=local"
I think it's better to clear up a bit of your code. Have a look at this:
$SamAccountName = Read-Host 'Please enter the SamAccountName of the user you want to disable'
$VerbosePreference = 'SilentlyContinue'
$VerbosePreference = 'Continue'
Try {
$ADUser = Get-ADUser -Identity $SamAccountName -Properties MemberOf, Title, Description
Write-Verbose "User '$($ADUser.Name)' found in AD"
}
Catch {
throw "No user found in AD with SamAccountName '$SamAccountName'"
}
Write-Verbose 'Disable user'
Disable-ADAccount $ADUser
foreach ($Group in $ADUser.MemberOf) {
Write-Verbose "Remove user from group '$Group'"
Remove-ADGroupMember -Identity $Group -Members $ADUser -Confirm:$false
}
$NewTitle = "Former Employee {0}" -f $ADUser.Title
Write-Verbose "Set 'Title' to '$NewTitle'"
Set-ADUser -Identity $ADUser -Title $NewTitle
$NewDescription = "DISABLED {0}" -f $ADUser.Description
Write-Verbose "Set 'Description' to '$NewDescription'"
Set-ADUser -Identity $ADUser -Description $NewDescription
foreach ($Property in #('Manager', 'telephonenumber')) {
Write-Verbose "Clear property '$_'"
Set-ADUser -Identity $ADUser -Clear $Property
}
$NewTargetPath = "OU=Former Employee,OU=Users,OU=Contoso,DC=Contoso,DC=local"
Write-Verbose "Move AD User to '$NewTargetPath'"
Move-ADObject -Identity $ADUser -TargetPath $NewTargetPath
Some tips:
Use Write-Verbose to show what is happening in the script. Yuo can disable/enable this by commenting out the VerbosePreference.
Always start with retrieving an object instead of working with text strings ($UserName vs $ADUser). See Get-ADUser as the very first action.
Work with Try/Catch in case things fail.
Always use the parameter names. It makes it more clear on what you're trying to do.
I have written the below script to list all users who are "contractors"(employeetype=contractors) and not part of a particular group like "domain contractors" But it is not working, can some one help :)
$adusers = get-aduser -filter * -searchbase "OU=test,dc=domain,dc=com" -properties employeetype | where {($_.employeetype -like "contractor") -AND ($_.enabled -eq $true)}
foreach ($aduser in $adusers){
$contractorsDn = (Get-ADGroup 'domaincontractors').DistinguishedName
Get-ADUser $aduser -LDAPFilter "(!(memberof=$contractorsDn))"
}
$users = get-aduser -filter {(employeetype -like "contractor") -AND (enabled -eq $true)} -searchbase "dc=domain,dc=COM" -properties employeetype
$group = "Domaincontractors"
$members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty DistinguishedName
ForEach ($user in $users) {
If ($members -contains $user) {
write-host "$user exists" -ForegroundColor Red
} Else {
write-host "$user doesnt exist" -ForegroundColor Green
}}
I am trying to get a script to work that will organize my active directory accounts based off of their display name since all of our accounts have their OU in their name (or a subOU). I am trying to do this with an If statement inside of a ForEach loop in PowerShell. Every time I run it though, it keeps asking me for an identity. Can anyone help me fix this? This is what I have...
Import-Module ActiveDirectory
$OU = "OU=Test, OU=com"
$Test1OU = "OU=Test1, OU=Test, OU=Com"
$Test2OU = "OU=Test2, OU=Test, OU=Com"
$Users = (Get-ADUser -SearchBase $OU -Filter * -Properties samAccountName,DisplayName)
ForEach ($user in $users)
{
If ($($user.DisplayName -like ("*Supply*" -or "*Supplies*"))
{Move-ADObject -Identity $($user.samAccountName -TargetPath $Test1OU}
ElseIf ($($user.DisplayName -like ("*Accounting*" -or "*Accountant*"))
{Move-AdObject -TargetPath $Test2OU}
}
You are running into a few problems here
Like Vesper said you are not passing anything to Move-ADObject hence the error you are getting
$DisplayNames is not a string array of names but an object with a displayname property. That is what -ExpandProperty parameter is for with Select-Object FYI.
You are pulling all the users but only really want to process certain ones. Instead of -Filter * lets use a more targeted approach.
While it is tempting you cant nest -like conditions like that. If you take "*Supply*" -or "*Supplies*" and type that it will evaluate to true. Same as all non zero length strings.
For what we plan on doing we will not have to address all those issues. We should use the pipeline to help with this. Depending on how many variances you have something like a switch statement might be better which is covered below.
$supplyFilter = 'DisplayName -like "*Supply*" -or DisplayName -like "*Supplies*"'
$accountFilter = 'DisplayName -like "*Accounting*" -or DisplayName -like "*Accountant*"'
Get-ADUser -SearchBase $OU -Filter $supplyFilter -Properties displayName | Move-ADObject -TargetPath $Test1OU
Get-ADUser -SearchBase $OU -Filter $accountFilter -Properties displayName | Move-ADObject -TargetPath $Test2OU
You could get freaky with this and make a custom object in a loop with filter and target pairs so that you don't need to repeat the cmdlet call to each Get-ADuser instance.
$moves = #(
#{
Filter = 'DisplayName -like "*Supply*" -or DisplayName -like "*Supplies*"'
OU = "OU=Test1, OU=Test, OU=Com"
},
#{
Filter = 'DisplayName -like "*Accounting*" -or DisplayName -like "*Accountant*"'
OU = "OU=Test2, OU=Test, OU=Com"
}
) | ForEach-Object{New-Object -TypeName PSCustomObject -Property $_}
ForEach($move in $moves){
Get-ADUser -SearchBase $OU -Filter $move.Filter -Properties displayName | Move-ADObject -TargetPath $move.OU
}
You should be able to scale into this easily by adding new $moves. This would be cleaner with PowerShell v3.0 but I do not know what version you have.
Using a switch
If you want something closer to what your currently have I would suggest something like this instead then.
$Users = Get-ADUser -SearchBase $OU -Filter * -Properties DisplayName
ForEach ($user in $users){
switch($user.DisplayName) {
($_ -like "*Supply*" -or $_ -like "*Supplies*"){Move-ADObject -Identity $user -TargetPath $Test1OU}
($_ -like "*Accounting*" -or $_ -like "*Accountant*"){Move-ADObject -Identity $user -TargetPath $Test1OU}
}
}
I'm not able to test currently, but this should do the trick:
Import-Module ActiveDirectory
$OU = "OU=Test, OU=com"
$Test1OU = "OU=Test1, OU=Test, OU=Com"
$Test2OU = "OU=Test2, OU=Test, OU=Com"
$users = (Get-ADUser -SearchBase $OU -Filter * -Properties displayName)
foreach ($user in $users)
{
if ($($user.displayName) -like "*Supply*" -OR $($user.displayName) -like "*Supplies*")){
Move-ADObject -Identity $user -TargetPath $Test1OU
}
elseif ($($user.displayName) -like "*Accounting*" -OR $($user.displayName) -like "*Accountant*")) {
Move-AdObject -Identity $user -TargetPath $Test2OU
}
}
I've Added an Identity Parameter to Move-ADObject also i've changed some of the var names to better reflect their content.
I'm trying to use this powershell script to update AD users. Ideally I'll be updating a bunch of attributes, but for now I'm just trying to get it to update the department just so I get tell if it's working.
Import-Module ActiveDirectory
$dataSource=import-csv "c:\ADupdate.csv"
foreach($dataRecord in $datasource) {
$employeeID=$dataRecord.employeeID
# List of attributes to update
$department=$dataRecord.department
Get-ADUser -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" -Identity $employeeID -Properties department | Set-ADUser -Replace #{department=$department}
}
Figured out my own problem. Here is what I ended up using if anyone else is interested... though I'm using a lot of attributes.
Import-Module ActiveDirectory
$users = Import-Csv -Path c:\update.csv
foreach ($user in $users) {
Get-ADUser -Filter "employeeID -eq '$($user.employeeID)'" -Properties * -SearchBase "ou=Test,ou=OurUsers,ou=Logins,dc=domain,dc=com" |
Set-ADUser -employeeNumber $($user.employeeNumber) -department $($user.department) -title $($user.title) -office $($user.office) -streetAddress $($user.streetAddress) -City $($user.City) -state $($user.state) -postalCode $($user.postalCode) -OfficePhone $($user.OfficePhone) -mobile $($user.mobile) -Fax $($user.Fax) -replace #{"extensionAttribute1"=$user.extensionAttribute1; "extensionAttribute2"=$user.extensionAttribute2; "extensionAttribute3"=$user.extensionAttribute3}
}