I have a script that inputs users employeeID’s into a specific active directory attribute.
I’m noticing that it’s not working for new users since their field is blank to start. Now i’m not sure if I need to modify the code to have the field -eq “$null” or something as right now it’s -eq “”.
#Gets the EmployeeID of the user from AD
$existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
#Check if the employee ID is already set and set to ID given by Oracle
if ($existingEmployeeID -eq "") {
#Set Employee ID of user in AD - only if it was previously unset
Set-ADUser $adUserByEmail -EmployeeID $employeeID
write-host "TRIED TO WRITE NEW ID"
What do you think?
I should also add that is if add $existingEmployeeID -ne “” in the if statement then it works, but i really don’t want to make it rewrite to AD everytime. HR may screw up the employeeID’s which could be an issue.
thanks
By default the AD attribute should be NULL ($null). However, if anyone is setting values in AD by setting them to “” versus a Set-ADUser -Clear EmployeeID, then you could run into some false positives. Rather than checking if the value is null, you may want to consider checking to see if it’s a pattern. For instance, say the employee ID is 5 numeric digits, you could do a regex pattern like this:
$ids = "23456", "234dg", "1234", "55352", "1234456"
foreach ($id in $ids) {
New-Object -TypeName PSObject -Property @{
ID = $id;
Match = ($id -match "^\d{5}$")
}
}
Output:
ID Match
-- -----
23456 True
234dg False
1234 False
55352 True
1234456 False
Thanks for the help Rob.
What i ended up doing was an AD employeeid check against the Spreadsheet and also include $null.
So
#Sets the format of EmployeeID to Oracle CSV
$employeeid = $employee.emplid
Write-Host "Employee ID: " $employeeid
#Gets the EmployeeID of the user from AD
$existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
#Check if the employee ID is already set and set to ID given by Oracle
if ($existingEmployeeID -ne $employeeid -or $null) {
#Set Employee ID of user in AD - only if it was previously unset or set to wrong ID
Set-ADUser $adUserByEmail -EmployeeID $employeeID
write-host "TRIED TO WRITE NEW ID"
that way it covers if it’s a new hire with no employeeid and if HR somehow types in the wrong one at hire.