Remove confirmation prompt, add appending log file
This commit is contained in:
@@ -1,26 +1,44 @@
|
|||||||
# Update-StaffAD.ps1
|
# Update-StaffAD.ps1
|
||||||
# Reads Staff_Extract.csv and updates AD email addresses and account status.
|
# Reads Staff_Extract.csv and updates AD email addresses and account status.
|
||||||
# Matches users by sAMAccountName (PAYROLL_REC_NO column).
|
# Matches users by sAMAccountName (PAYROLL_REC_NO column).
|
||||||
# Previews all changes before applying them.
|
# Applies changes automatically and appends results to a log file.
|
||||||
|
|
||||||
# --- Configuration ---
|
# --- Configuration ---
|
||||||
$CsvPath = "C:\Scripts\Staff_Extract.csv" # Update if needed
|
$CsvPath = "C:\Scripts\Staff_Extract.csv"
|
||||||
|
$LogFile = "C:\Scripts\Logs\StaffAD_Changes.log"
|
||||||
|
|
||||||
# --- Import ---
|
# --- Setup ---
|
||||||
if (-not (Test-Path $CsvPath)) {
|
if (-not (Test-Path $CsvPath)) {
|
||||||
Write-Error "CSV not found: $CsvPath"
|
Write-Error "CSV not found: $CsvPath"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$LogDir = Split-Path $LogFile
|
||||||
|
if (-not (Test-Path $LogDir)) {
|
||||||
|
New-Item -ItemType Directory -Path $LogDir | Out-Null
|
||||||
|
}
|
||||||
|
|
||||||
$Staff = Import-Csv -Path $CsvPath
|
$Staff = Import-Csv -Path $CsvPath
|
||||||
$DisableStatuses = @("INAC", "LEFT")
|
$DisableStatuses = @("INAC", "LEFT")
|
||||||
|
$RunHeader = "=" * 60
|
||||||
|
$Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
|
||||||
|
|
||||||
# --- Preview Phase ---
|
function Write-Log {
|
||||||
$Changes = [System.Collections.Generic.List[PSCustomObject]]::new()
|
param([string]$Message, [string]$Color = "White")
|
||||||
|
Write-Host $Message -ForegroundColor $Color
|
||||||
|
Add-Content -Path $LogFile -Value $Message
|
||||||
|
}
|
||||||
|
|
||||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
# --- Run Header ---
|
||||||
Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan
|
Write-Log ""
|
||||||
Write-Host "=============================" -ForegroundColor Cyan
|
Write-Log $RunHeader
|
||||||
|
Write-Log " RUN: $Timestamp"
|
||||||
|
Write-Log $RunHeader
|
||||||
|
|
||||||
|
$emailUpdates = 0
|
||||||
|
$disables = 0
|
||||||
|
$noChanges = 0
|
||||||
|
$notFound = 0
|
||||||
|
|
||||||
foreach ($entry in $Staff) {
|
foreach ($entry in $Staff) {
|
||||||
$samAccount = $entry.PAYROLL_REC_NO.Trim()
|
$samAccount = $entry.PAYROLL_REC_NO.Trim()
|
||||||
@@ -33,89 +51,51 @@ foreach ($entry in $Staff) {
|
|||||||
-Properties EmailAddress, Enabled, DisplayName `
|
-Properties EmailAddress, Enabled, DisplayName `
|
||||||
-ErrorAction Stop
|
-ErrorAction Stop
|
||||||
} catch {
|
} catch {
|
||||||
# User not found in AD, skip
|
$notFound++
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
$planned = [PSCustomObject]@{
|
$willDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
|
||||||
DisplayName = $adUser.DisplayName
|
$willUpdateEmail = ($adUser.EmailAddress -ne $email)
|
||||||
SamAccountName = $samAccount
|
|
||||||
Status = $status
|
if (-not $willDisable -and -not $willUpdateEmail) {
|
||||||
CurrentEmail = $adUser.EmailAddress
|
$noChanges++
|
||||||
NewEmail = $email
|
continue
|
||||||
CurrentEnabled = $adUser.Enabled
|
|
||||||
WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
|
|
||||||
WillUpdateEmail = ($adUser.EmailAddress -ne $email)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$Changes.Add($planned)
|
Write-Log ""
|
||||||
|
Write-Log " User : $($adUser.DisplayName) ($samAccount)"
|
||||||
|
Write-Log " Status : $status"
|
||||||
|
|
||||||
# Display the planned change
|
# Update email
|
||||||
Write-Host "`n User : $($planned.DisplayName) ($samAccount)" -ForegroundColor White
|
if ($willUpdateEmail) {
|
||||||
Write-Host " Status : $status"
|
try {
|
||||||
|
Set-ADUser -Identity $samAccount -EmailAddress $email
|
||||||
if ($planned.WillUpdateEmail) {
|
Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green"
|
||||||
Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow
|
$emailUpdates++
|
||||||
} else {
|
} catch {
|
||||||
Write-Host " Email : No change ($email)"
|
Write-Log " Email : FAILED to update - $_" "Red"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($planned.WillDisable) {
|
# Disable account
|
||||||
Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red
|
if ($willDisable) {
|
||||||
} elseif (-not $adUser.Enabled) {
|
try {
|
||||||
Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray
|
Disable-ADAccount -Identity $samAccount
|
||||||
} else {
|
Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green"
|
||||||
Write-Host " Account : No change (active)"
|
$disables++
|
||||||
|
} catch {
|
||||||
|
Write-Log " Account : FAILED to disable - $_" "Red"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- Summary ---
|
# --- Summary ---
|
||||||
$emailUpdates = ($Changes | Where-Object { $_.WillUpdateEmail }).Count
|
Write-Log ""
|
||||||
$disables = ($Changes | Where-Object { $_.WillDisable }).Count
|
Write-Log " --- Summary ---"
|
||||||
$noChanges = ($Changes | Where-Object { -not $_.WillUpdateEmail -and -not $_.WillDisable }).Count
|
Write-Log " Email updates : $emailUpdates"
|
||||||
|
Write-Log " Accounts disabled : $disables"
|
||||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
Write-Log " No changes needed : $noChanges"
|
||||||
Write-Host " SUMMARY" -ForegroundColor Cyan
|
Write-Log " Not found in AD : $notFound"
|
||||||
Write-Host "=============================" -ForegroundColor Cyan
|
Write-Log $RunHeader
|
||||||
Write-Host " Users matched in AD : $($Changes.Count)"
|
Write-Log ""
|
||||||
Write-Host " Email updates : $emailUpdates" -ForegroundColor Yellow
|
|
||||||
Write-Host " Accounts to disable : $disables" -ForegroundColor Red
|
|
||||||
Write-Host " No changes needed : $noChanges"
|
|
||||||
Write-Host ""
|
|
||||||
|
|
||||||
if ($Changes.Count -eq 0) {
|
|
||||||
Write-Host "No matching AD users found. Exiting." -ForegroundColor Yellow
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# --- Confirmation ---
|
|
||||||
$confirm = Read-Host "Do you want to apply these changes? (yes/no)"
|
|
||||||
|
|
||||||
if ($confirm -ne "yes") {
|
|
||||||
Write-Host "`nAborted. No changes were made." -ForegroundColor Yellow
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# --- Apply Changes ---
|
|
||||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
|
||||||
Write-Host " APPLYING CHANGES" -ForegroundColor Cyan
|
|
||||||
Write-Host "=============================" -ForegroundColor Cyan
|
|
||||||
|
|
||||||
foreach ($change in $Changes) {
|
|
||||||
try {
|
|
||||||
if ($change.WillUpdateEmail) {
|
|
||||||
Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail
|
|
||||||
Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($change.WillDisable) {
|
|
||||||
Disable-ADAccount -Identity $change.SamAccountName
|
|
||||||
Write-Host " [OK] Disabled account for $($change.DisplayName) (status: $($change.Status))" -ForegroundColor Green
|
|
||||||
}
|
|
||||||
|
|
||||||
} catch {
|
|
||||||
Write-Host " [ERROR] Failed to update $($change.DisplayName): $_" -ForegroundColor Red
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Write-Host "`nDone." -ForegroundColor Cyan
|
|
||||||
|
|||||||
Reference in New Issue
Block a user