Maybe someone can to help?
I have a script it take parameters from scv and put them to AD, script work without mistakes but I`m does not have results from some reasone.
Please help!
Import-CSV -Path "$home\desktop\Scripts\test4.scv" | ForEach-Object -process {Write-Host $_ }
{Set-ADuser|]= -Identity $_.DisplayName -extensionattribute5 $_.extensionattribute5}
example scv
According to the docs, the -Identity parameter on Set-ADUser must be one of
A distinguished name
A GUID (objectGUID)
A security identifier (objectSid)
A SAM account name (sAMAccountName)
This means that you cannot use the DisplayName property from the CSV for this parameter.
Try:
Import-CSV -Path "$home\desktop\Scripts\test4.scv" | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" -Properties DisplayName -ErrorAction SilentlyContinue
if ($user) {
Write-Host "Setting extensionattribute5 property for user $($_.DisplayName)"
$user | Set-ADuser -Add #{extensionattribute5=$_.extensionattribute5}
}
else {
Write-Warning "User $($_.DisplayName) could not be found"
}
}
Instead of -Add #{extensionattribute5=$_.extensionattribute5}, you may rather want -Replace #{extensionattribute5=$_.extensionattribute5}. This isn't clear in the question
Try this:
Import-CSV -Path "$home\desktop\Scripts\test4.scv" | ForEach {
Write-Host $_
Set-ADuser -Identity $_.DisplayName -Add #{extensionattribute5=$_.extensionattribute5}
}
Your code was broken. Bracing was incorrect. Also Extended attributes are added with a hash table using -Add parameter.
Related
I want to replace AD attribute "userPrincipalName" value according to CSV file header value
here is what csv file(group.csv) contains
sAMAccountName
--------------
test.user1
test.user2
below the script
$data = Import-Csv -Path .\group.csv -Header 'sAMAccountName'
foreach($user in $data){
Get-ADUser -Filter {sAMAccountName -eq "$($user.sAMAccountName)"} | Set-ADUser -Replace #{userPrincipalName="$($user.sAMAccountName)#RES.GROUP"}
}
here I want to replace AD attribute "userPrincipalName" with the value of sAMAccountName from csv file, something like sAMAccountName#RES.GROUP
this script does not work, can anyone please correct it?
Ok, since your comment shows the CSV file indeed does not have a header, I would suggest changing the code to:
$data = Import-Csv -Path .\group.csv -Header 'sAMAccountName'
foreach($user in $data) {
$adUser = Get-ADUser -Filter "SamAccountName -eq '$($user.sAMAccountName)'" -ErrorAction SilentlyContinue
if ($adUser) {
$newUPN = '{0}#res.group' -f $user.sAMAccountName
$adUser | Set-ADUser -UserPrincipalName $newUPN
}
else {
Write-Warning "No user with SamAccountName '$($user.sAMAccountName)' could be found.."
}
}
This way, any mistakes in the file will not make the code quit when a user with that samaccountname cannot be found. Instead, in that case you will see a warning about it and the code will continue with the rest of the data.
It might be worth mentioning that you can use parameter -Server on both the Get-ADUser and Set-ADUser cmdlets to make sure you use the same domain server (DC) to set the new UPN. Otherwise, you can set it on one DC, but are looking at another which doesn't show the change immediately because the servers need time to synchronize..
Now that we have cleared up the question about the CSV and to answer your comment:
If you want to do this as a two-script solution, here's how you can do that
step 1: get all users in the search OU that have a UserPrincipalName ending in '*#test.group'
$searchBase = "OU=Teams,OU=Prod,DC=RES,DC=TEST,DC=GROUP"
Get-ADUser -SearchBase $searchBase -Filter "UserPrincipalName -like '*#test.group'" |
# select ony the SamAccountName and write to CSV with column header
Select-Object SamAccountName | Export-Csv -Path .\group.csv -NoTypeInformation
step 2: read the csv created above and
$searchBase = "OU=Teams,OU=Prod,DC=RES,DC=TEST,DC=GROUP"
$data = Import-Csv -Path .\group.csv
$result = foreach($user in $data) {
$adUser = Get-ADUser -SearchBase $searchBase -Filter "SamAccountName -eq '$($user.sAMAccountName)'" -ErrorAction SilentlyContinue
# if we have a user object AND its UserPrincipalName is not as desired go ahead and change that
if ($adUser) {
if ($adUser.UserPrincipalName -notlike '*#res.test.group') {
$newUPN = '{0}#res.test.group' -f $user.sAMAccountName
$adUser | Set-ADUser -UserPrincipalName $newUPN
# output this user object to be collected in variable $result
$adUser
}
else {
Write-Host "User $($user.sAMAccountName) already has UPN '$($adUser.UserPrincipalName)'"
}
}
else {
Write-Warning "User with SamAccountName '$($user.sAMAccountName)' not found.."
}
}
# now that we have changed some users, create a second csv with all users that were actually changed
if (#($result).Count) {
$result | Select-Object SamAccountName | Export-Csv -Path .\Updatedgroup.csv -NoTypeInformation
}
else {
Write-Host 'No users needed updating'
}
It seems a waste writing only the users SamAccountName property to the csv files.. Especially since Get-ADUser by default already returns these properties: DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
How can I enable or disable an AD user account from a csv based on an entry. If the status for both say Active, only one account gets enabled instead of both. Same for the disabled status
CSV file:
Samaccountname,Status
john.doe,Active
jane.doe,Disabled
What I have so far:
Import-CSV -Path c:\folder\adaccounts.csv
ForEach ($User in $Users)
{
IF ($User.Status -contains "Disabled")
{
Get-ADUser -Identity $user.samaccountname | Disable-ADAccount
}
elseif ($User.Status -contains "Active")
{
Get-ADUser -Identity $user.samaccountname | Enable-ADAccount
}
At the top of your script you are importing the CSV but it doesn't look like you have assigned it to a variable for your foreach loop
if you assign it to the $Users variable like below, the rest of the script should then go through your CSV as expected.
$Users = Import-Csv -Path c:\folder\adaccounts.csv
-Contains is an operator to test if something can be found in an array of things, not for testing if a string is equal or not to another string.
I would revise your code like this:
Import-CSV -Path 'c:\folder\adaccounts.csv' | ForEach-Object {
# test if a user with that SamAccountName can be found
$user = Get-ADUser -Filter "SamAccountName -eq '$($_.Samaccountname)'" -ErrorAction SilentlyContinue
if ($user) {
# set Enabled if Status is not 'Disabled'
$user | Set-ADUser -Enabled ($_.Status -ne 'Disabled')
}
else {
Write-Warning "User $($_.Samaccountname) does not exist"
}
}
I have a CSV file of e-mail addresses. The CSV file has one column with the header name. I want to remove the Active Directory users associated with these addresses from a specific group.
Here's my attempt, but it seems like $user is not getting populated.
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
ForEach ($name in $data)
{
$user = Get-ADUser -Filter {mail -eq "$_"} | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -Confirm:$false
}
Please let me know what i'm doing wrong.
The biggest issue I see right away is you are using a named variable in your foreach loop but then trying to reference automatic variable $_
To use the named variable, change to
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
ForEach ($name in $data.name)
{
$user = Get-ADUser -Filter "mail -eq '$name'" | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -WhatIf
}
To use the automatic variable, change to Foreach-Object (still can be shortened to foreach but the former is known as the "foreach statement"
$data = import-csv -Path C:\Users\39415\Desktop\remove1.csv
$data.name | foreach {
$user = Get-ADUser -Filter "mail -eq '$_'" | Select SamAccountName
Remove-ADGroupMember -Identity "group name" -Members $user.SamAccountName -WhatIf
}
Also as I've shown you actually need to reference the name property of the $data variable.
I need to update the attribute employeeID for a number of users in AD using powershell. Unfortunately, I don't have their username or samaccountname, only DisplayName. I'm able to get the users using DisplayName as a filter, but it doesn't work when using set-aduser. Is there any way I can use get-aduser to get the samaccountname, then using that to update the user via set-aduser?
Also, please note that it is important that the script doesn't overwrite any existing values.
My current (non-functional) script:
$csv = Import-Csv c:\test\users.csv
foreach ($line in $csv) {
$ADUserObject = Get-ADUser -Filter "DisplayName -eq '$line.displayname'" -Properties employeeID
if ($null -eq $ADUserObject.EmployeeID) {
Set-ADUser -Filter "DisplayName -eq '$line.displayname'" -employeeID $line.employeeid
}
}
The CSV file looks like this:
employeeid,GivenName,Surname,displayname
489900,Angela,Davis,Angela Davis
Any input or suggestions appreciated, thank you!
As commented, this is in fact a duplicate of this question, but since there, the OP did not upvote or accept any of the given answers, I could not mark it as duplicate.
As Mathias R. Jessen explained already, the Filter you are using is wrong. Also, there is no -Filter parameter on Set-ADUser as there is on its counterpart Get-ADUser.
This should do what you want:
Import-Csv -Path 'c:\test\users.csv' | ForEach-Object {
$ADUserObject = Get-ADUser -Filter "DisplayName -eq '$($_.displayname)'" -Properties DisplayName, employeeID -ErrorAction SilentlyContinue
if ($ADUserObject) {
# check if this user already has an EmployeeId filled in
if ($ADUserObject.EmployeeID) {
Write-Host "User $($ADUserObject.DisplayName) already has EmployeeId $($ADUserObject.EmployeeID)"
}
else {
Write-Host "Setting EmployeeID $($ADUserObject.EmployeeID) for user $($ADUserObject.DisplayName)"
$ADUserObject | Set-ADUser -EmployeeID $_.employeeid
}
}
else {
Write-Warning "User $($_.DisplayName) could not be found"
}
}
I have a simple script to change part of the description for a user in AD.
Get-ADUser testuser -Properties description | ForEach-Object {
Set-ADUser $_.SamAccountName -Description "ChgDescript,$($_.Description.Split(',')[1])"
}
However, I now have 700 users, where I need to change part of the description, using the command above. I'm unable to figure out the script correctly to import the .csv file and run the script against it.
$csvFile = "path_is_here"
Import-Module ActiveDirectory
Import-Csv $csvFile | Get-ADUser -Properties description | ForEach-Object {
Set-ADUser $_.SamAccountName -Description "ChgDescript,$($_.Description.Split(',')[1])"
}
When I run the script above, I receive the following error:
Cannot validate argument on parameter 'Identity'.
The error is coming from the Get-ADuser cmdlet and informing you that its -Identity parameter is null. I don't know the structure of your input file; but lets assume that its just a list of account names (so I added a header value of AccountName for readability), pass that property of your custom object created by your Import-Csv cmdlet to the Get-ADUser's -Identity parameter and see if it helps.
Unit Test Example:
Import-Csv -Path "C:\Temp\Users.txt" -Header "AccountName" | ForEach-Object {
Get-ADUser -Identity $_.AccountName
}
Checkout method 3 in the help examples for Set-ADUser
http://go.microsoft.com/fwlink/?LinkID=144991
Modify the Manager property for the "saraDavis" user by
using the Windows PowerShell command line to modify a local instance
of the "saraDavis" user. Then set the Instance parameter to the local
instance.
See if this works:
$Users = Import-Csv -Path "C:\test_users.txt" -Header "AccountName"
foreach($User in $Users){
$ADUser = Get-ADUser -Identity $User.AccountName -Properties Description
$ADUser.Description = "PUT YOUR MODIFIED DESCRIPTION HERE"
Set-ADUser -Instance $ADUser
}
May you have to store the description in a variable before, like:
Get-Content users.txt | Get-ADUser -Prop Description | Foreach {
$desc = $_.description + " Disabled 21122012 123456"
Set-ADUser $_.sAMAccountName -Description $desc
}
(just copied from technet)
Tell PowerShell which delimiter to use, when it is not comma:
import-csv -Path "c:\test.csv" -Delimiter ";"
And it will work fine.