input object from csv into active directory attribute

PowerShell Help
1

I have a script that inputs users employeeID’s into a specific active directory attribute.

I’m noticing that it’s not working for new users since their field is blank to start. Now i’m not sure if I need to modify the code to have the field -eq “$null” or something as right now it’s -eq “”.

#Gets the EmployeeID of the user from AD
                $existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
                                
#Check if the employee ID is already set and set to ID given by Oracle
                if ($existingEmployeeID -eq "") {
            
                    #Set Employee ID of user in AD - only if it was previously unset
                    Set-ADUser $adUserByEmail -EmployeeID $employeeID
                    write-host "TRIED TO WRITE NEW ID"

What do you think?

I should also add that is if add $existingEmployeeID -ne “” in the if statement then it works, but i really don’t want to make it rewrite to AD everytime. HR may screw up the employeeID’s which could be an issue.
thanks

2

By default the AD attribute should be NULL ($null). However, if anyone is setting values in AD by setting them to “” versus a Set-ADUser -Clear EmployeeID, then you could run into some false positives. Rather than checking if the value is null, you may want to consider checking to see if it’s a pattern. For instance, say the employee ID is 5 numeric digits, you could do a regex pattern like this:

$ids = "23456", "234dg", "1234", "55352", "1234456"

foreach ($id in $ids) {
    New-Object -TypeName PSObject -Property @{
        ID = $id;
        Match = ($id -match "^\d{5}$")
    }
}

Output:

ID      Match
--      -----
23456    True
234dg   False
1234    False
55352    True
1234456 False
3

Thanks for the help Rob.

What i ended up doing was an AD employeeid check against the Spreadsheet and also include $null.

So

   #Sets the format of EmployeeID to Oracle CSV
                $employeeid = $employee.emplid
                 Write-Host "Employee ID: " $employeeid
                
                #Gets the EmployeeID of the user from AD
                $existingEmployeeID = get-aduser $adUserByEmail -properties employeeid | select -ExpandProperty employeeid
                                
                #Check if the employee ID is already set and set to ID given by Oracle
                if ($existingEmployeeID -ne $employeeid -or $null) {
            
                    #Set Employee ID of user in AD - only if it was previously unset or set to wrong ID
                    Set-ADUser $adUserByEmail -EmployeeID $employeeID
                    write-host "TRIED TO WRITE NEW ID"

that way it covers if it’s a new hire with no employeeid and if HR somehow types in the wrong one at hire.