Using multiple values in a CSV file to manipulate AD user accounts.

I have a report from HR that tracks employees by EmployeeID. I need to edit the AD accounts to reflect the new organizational structure.

Employee Department Zone Area
2468 AZ002 Southwest SW4
1357 NY221 Northeast NE11
9542 KS023 Midwest MW02
AD has the department code, but I need to add the Zone and Area data so I can run reports from AD without needing to hand sort into Areas, Zones, and addresses.

Right now I am separating the HR file into files for each zone and adding the Zone name to the Division attribute in AD.

[pre]# Set variables

Create array from list of Employee IDs in a text file

$IDs = Get-Content “Z:\Areas\WC.txt”

Pull All Users From Active Directory

Get-ADUser -Filter “*” -Property * |

Pass the output into a filter that only passes on those users, whose ID is listed

Where-Object { $IDs -contains $_.employeeID } |

Get all information on the remaining users

Set-ADUser -Division “West”[/pre]

Next, I will have to further separate the users into their Areas and run the same script to add the Area code into extensionAttribute3 because I have been denied approval to add a custom attribute to AD.

[pre]

Set variables

Create array from list of Employee IDs in a text file

$IDs = Get-Content “Z:\Areas\AT8.txt”

Pull All Users From Active Directory

Get-ADUser -Filter “*” -Property * |

Pass the output into a filter that only passes on those users, whose ID is listed

Where-Object { $IDs -contains $_.employeeID } |

Get all information on the remaining users

Set-ADUser -Add @{extensionAttribute3 = “AT8”}[/pre]

I want/need to make this a single operation.

[pre]# Put all AD users into an array
$ADUsers = Get-ADuser -Filter * -Properties EmployeeID,SamAccountName,Mail,Department[/pre]

Then compare to the HR CSV file

[pre]# Put HR data into an array
$HRusers = Import-CSV c:\temp\Employees.csv[/pre]

Here’s where I don’t know what I’m doing…

How can I:

  1. Take each employeeID from HR and find that user in AD
    [pre]ForEach ($ID in $HRusers)[/pre]

  2. Take the Zone for that user and write it to the Division attribute in AD
    [pre] Set-ADUser -Division “Midwest”[/pre]

  3. Take the Area for that user and write it to extensionAttribute3
    [pre] Set-ADUser -Add @{extensionAttribute3 = “KS022”}[/pre]

I know this can be done without iterating through AD each time as my current script does, and I know I should be able to set multiple attributes for each user at the same time.

I just have not been able to figure out how to do it…

Thanks for reading this far, and thank you for any help you can provide.

dot19408

Hello Dot,

I’m happy to help you with this. Can you provide the code not broken up? The more details the better, what is the original format from HR? We may be able to save you some headache. :slight_smile:

Just to give you an idea of what we can do here.

 

# This is asusming you have a csv file from HR
$IDList = Import-CSV "Z:\Areas\WC.csv"

#Iterate through each ID in ID List, assuming we have headers as listed in the table in Original post.
Foreach ($id in $IDList){
   Try {
      $ADUser=Get-ADUser-Filter {EmployeeID -eq$ID.Employee} -ErrorAction STOP -Properties EmployeeID, ExtensionAttribute3, Division, Mail, Department
      #Using DistinguishedName to remove any ambuguity.
      #SamAccountName may be duplicated if a merger and acquistion were to occur.
      Set-ADUser$ADUser.DistinguishedName-Add {ExtensionAttribute3 =$ID.Area} -Division $Id.Zone-ErrorAction STOP
   }
   Catch{
      Write-Warning $_.Exception.Message
   }
}