Need help reading from .csv and updating AD

goyasin · April 6, 2018, 1:50pm

Hello,
I’m stuck and hopefully someone can give me some direction. Every 2 weeks I receive a .csv for HR. I use it to sync employee info to AD. I have a script that has been working:

foreach ($user in $users) {            
Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local" |            
  Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) 
}

I now need to add user’s “manager” to AD. So, I did this:

foreach ($user in $users) {            
Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local" |            
  Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($user.Manager) 
}

However, ADUser -Manager only accepts 4 attributes. The only that makes sense for me is SamAccountName. Unfortunately, our SamAccountName does not match our UPN and it is not included in the .cvs I’m given. I do have the employee’s manager’s email address, which is the same as the UPN so, I did this to get the SamAccountName of the employee’s manager:

foreach ($user in $users) {            
Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select SamAccountName
 }

This works and I get a list of each emplyee’s mager’s SamAccountName.
However, I cannot figure out have to feed these results into -Manager $($user.Manager)
Everything I tried has failed. Mostly because I’m not sure of the correct approach. Any help would be greatly appreciated!

donj · April 15, 2018, 10:08am

As a quick note, $($user.EmployeeNumber) is unnecessary; just $user.EmployeeNumber would be fine. There’s no need for the subexpression syntax here.

Your difficulty is that you’re trying to sort of cram everything into a one-liner, which is a common hiccup for a lot of people. You need to move to a more procedural script. You’ve got all the pieces already.

foreach ($user in $users) {            
  $user = Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local"
  $manager = Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select SamAccountName
            
  $user | Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($manager.samaccountname) 
}

Or something like that. Just store the objects in variables so that you can work with them independently.

goyasin · April 16, 2018, 8:48am

Thanks so much for your help and advice. I’ll give that a try.

david-schmidtberger · April 16, 2018, 10:24am

Just to add, I would highly recommend some error handling in here, as well as logging changes you made to the ad accounts.
It will greatly ease your life when questions arise about how a user got changed.
As well, allows you to report on over-all change, and these types of activities tend to grow almost exponentially once you have proven the ability to handle the changes.

goyasin · April 17, 2018, 9:05am

Yes, you’re correct. Logging changes has already been requested. I have considered this but since I’m writing to AD the attributes included in the spreadsheet, the log will just reflect what is in the spreadsheet. Not sure how to log what was replaced. Did not consider error checking. Do you have any examples of logging changes and error checking?

david-schmidtberger · April 17, 2018, 10:17am

just a fast update, use at your own risk, but this would be minimum i’d look to do.
validate your info as provided is accurate with the if statement
the else would indicate that you couldn’t find a user in ad with the get-aduser
then wrap the set-aduser statement in try/catch
after the set-aduser send some output to the success log
in the catch, send text out to the error log.

foreach ($user in $users)
{
    $user = Get-ADUser -Filter "UserPrincipalName -eq '$($user.email)'" -Properties * -SearchBase "OU=someOU,DC=mydomain,DC=local"
    $manager = Get-ADUser -Filter "UserPrincipalName -eq '$($user.manageremail)'" -SearchBase "DC=mydomain,DC=local" -Properties  SamAccountName | Select-Object SamAccountName
    if ($user -and $manager)     
    {   
        try
        {
            $user | Set-ADUser -Division $($user.Division) -Department $($user.Department) -EmployeeNumber $($user.EmployeeNumber) -Title $($user.Job) -Manager $($manager.samaccountname) 
            "set $($user.samaccountname), Division $($user.Division), Department $($user.Department), EmployeeNumber $($user.employeenumber), Title $($user.job), Manager $($manager.samaccountname)"|out-file Successlog.txt -append
        }
        catch
        {
            "Error Updating $($user.Samaccountname)"|out-file ERRORLOG.TXT -append
        }
    }
    else
    {
        "Error finding $($user.email) or $($user.manageremail)in AD"|out-file ERRORLOG.TXT -append
    }
}

goyasin · April 18, 2018, 10:14am

OK, thanks for the example. I’ll play around with adding try/catch to my working script.

Topic		Replies	Views
Updating AD from csv PowerShell Help	4	171	May 16, 2024
Help Iterating Through .CSV File to Update AD PowerShell Help	16	272	May 16, 2024
Updating AD User properties without username/samAccountName PowerShell Help	1	172	May 16, 2024
What am I missing with this? PowerShell Help	6	185	May 16, 2024
Update AD User from CSV PowerShell Help	5	950	May 16, 2024

Need help reading from .csv and updating AD

Related Topics