From 11e67bab4b62524af86bd699a55e85305ae90d5a Mon Sep 17 00:00:00 2001 From: jessikitty Date: Wed, 25 Feb 2026 11:56:54 +1100 Subject: [PATCH] Remove confirmation prompt, add appending log file --- Update-StaffAD.ps1 | 144 +++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 82 deletions(-) diff --git a/Update-StaffAD.ps1 b/Update-StaffAD.ps1 index 238d303..d1985f3 100644 --- a/Update-StaffAD.ps1 +++ b/Update-StaffAD.ps1 @@ -1,26 +1,44 @@ # Update-StaffAD.ps1 # Reads Staff_Extract.csv and updates AD email addresses and account status. # Matches users by sAMAccountName (PAYROLL_REC_NO column). -# Previews all changes before applying them. +# Applies changes automatically and appends results to a log file. # --- Configuration --- -$CsvPath = "C:\Scripts\Staff_Extract.csv" # Update if needed +$CsvPath = "C:\Scripts\Staff_Extract.csv" +$LogFile = "C:\Scripts\Logs\StaffAD_Changes.log" -# --- Import --- +# --- Setup --- if (-not (Test-Path $CsvPath)) { Write-Error "CSV not found: $CsvPath" exit 1 } +$LogDir = Split-Path $LogFile +if (-not (Test-Path $LogDir)) { + New-Item -ItemType Directory -Path $LogDir | Out-Null +} + $Staff = Import-Csv -Path $CsvPath $DisableStatuses = @("INAC", "LEFT") +$RunHeader = "=" * 60 +$Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" -# --- Preview Phase --- -$Changes = [System.Collections.Generic.List[PSCustomObject]]::new() +function Write-Log { + param([string]$Message, [string]$Color = "White") + Write-Host $Message -ForegroundColor $Color + Add-Content -Path $LogFile -Value $Message +} -Write-Host "`n=============================" -ForegroundColor Cyan -Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan -Write-Host "=============================" -ForegroundColor Cyan +# --- Run Header --- +Write-Log "" +Write-Log $RunHeader +Write-Log " RUN: $Timestamp" +Write-Log $RunHeader + +$emailUpdates = 0 +$disables = 0 +$noChanges = 0 +$notFound = 0 foreach ($entry in $Staff) { $samAccount = $entry.PAYROLL_REC_NO.Trim() @@ -33,89 +51,51 @@ foreach ($entry in $Staff) { -Properties EmailAddress, Enabled, DisplayName ` -ErrorAction Stop } catch { - # User not found in AD, skip + $notFound++ continue } - $planned = [PSCustomObject]@{ - DisplayName = $adUser.DisplayName - SamAccountName = $samAccount - Status = $status - CurrentEmail = $adUser.EmailAddress - NewEmail = $email - CurrentEnabled = $adUser.Enabled - WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled - WillUpdateEmail = ($adUser.EmailAddress -ne $email) + $willDisable = ($status -in $DisableStatuses) -and $adUser.Enabled + $willUpdateEmail = ($adUser.EmailAddress -ne $email) + + if (-not $willDisable -and -not $willUpdateEmail) { + $noChanges++ + continue } - $Changes.Add($planned) + Write-Log "" + Write-Log " User : $($adUser.DisplayName) ($samAccount)" + Write-Log " Status : $status" - # Display the planned change - Write-Host "`n User : $($planned.DisplayName) ($samAccount)" -ForegroundColor White - Write-Host " Status : $status" - - if ($planned.WillUpdateEmail) { - Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow - } else { - Write-Host " Email : No change ($email)" + # Update email + if ($willUpdateEmail) { + try { + Set-ADUser -Identity $samAccount -EmailAddress $email + Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green" + $emailUpdates++ + } catch { + Write-Log " Email : FAILED to update - $_" "Red" + } } - if ($planned.WillDisable) { - Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red - } elseif (-not $adUser.Enabled) { - Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray - } else { - Write-Host " Account : No change (active)" + # Disable account + if ($willDisable) { + try { + Disable-ADAccount -Identity $samAccount + Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green" + $disables++ + } catch { + Write-Log " Account : FAILED to disable - $_" "Red" + } } } # --- Summary --- -$emailUpdates = ($Changes | Where-Object { $_.WillUpdateEmail }).Count -$disables = ($Changes | Where-Object { $_.WillDisable }).Count -$noChanges = ($Changes | Where-Object { -not $_.WillUpdateEmail -and -not $_.WillDisable }).Count - -Write-Host "`n=============================" -ForegroundColor Cyan -Write-Host " SUMMARY" -ForegroundColor Cyan -Write-Host "=============================" -ForegroundColor Cyan -Write-Host " Users matched in AD : $($Changes.Count)" -Write-Host " Email updates : $emailUpdates" -ForegroundColor Yellow -Write-Host " Accounts to disable : $disables" -ForegroundColor Red -Write-Host " No changes needed : $noChanges" -Write-Host "" - -if ($Changes.Count -eq 0) { - Write-Host "No matching AD users found. Exiting." -ForegroundColor Yellow - exit 0 -} - -# --- Confirmation --- -$confirm = Read-Host "Do you want to apply these changes? (yes/no)" - -if ($confirm -ne "yes") { - Write-Host "`nAborted. No changes were made." -ForegroundColor Yellow - exit 0 -} - -# --- Apply Changes --- -Write-Host "`n=============================" -ForegroundColor Cyan -Write-Host " APPLYING CHANGES" -ForegroundColor Cyan -Write-Host "=============================" -ForegroundColor Cyan - -foreach ($change in $Changes) { - try { - if ($change.WillUpdateEmail) { - Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail - Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green - } - - if ($change.WillDisable) { - Disable-ADAccount -Identity $change.SamAccountName - Write-Host " [OK] Disabled account for $($change.DisplayName) (status: $($change.Status))" -ForegroundColor Green - } - - } catch { - Write-Host " [ERROR] Failed to update $($change.DisplayName): $_" -ForegroundColor Red - } -} - -Write-Host "`nDone." -ForegroundColor Cyan +Write-Log "" +Write-Log " --- Summary ---" +Write-Log " Email updates : $emailUpdates" +Write-Log " Accounts disabled : $disables" +Write-Log " No changes needed : $noChanges" +Write-Log " Not found in AD : $notFound" +Write-Log $RunHeader +Write-Log ""