jessikitty/Staff-AD-email-disabler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add OU moves for active/inactive staff, included in dry run output

Browse Source
This commit is contained in:
jessikitty
2026-05-20 11:24:38 +10:00
parent ba9a9b9fe6
commit 9cfe3c8b48
1 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Update-StaffAD.ps1
+33 -8
View File
@@ -3,6 +3,7 @@
# Matches users by sAMAccountName (PAYROLL_REC_NO column). # Matches users by sAMAccountName (PAYROLL_REC_NO column).
# If duplicate entries exist, ACTV takes priority over INAC/LEFT. # If duplicate entries exist, ACTV takes priority over INAC/LEFT.
# Creates new AD accounts for ACTV users not found in AD. # Creates new AD accounts for ACTV users not found in AD.
# Moves users to active/inactive OUs based on status.
# Applies changes automatically and appends results to a log file. # Applies changes automatically and appends results to a log file.
# #
# Usage: # Usage:
@@ -16,7 +17,9 @@ param(
# --- Configuration --- # --- Configuration ---
$CsvPath = "C:\Scripts\Staff_Extract.csv" $CsvPath = "C:\Scripts\Staff_Extract.csv"
$LogFile = "C:\Scripts\Logs\StaffAD_Changes.log" $LogFile = "C:\Scripts\Logs\StaffAD_Changes.log"
$NewUserOU = "OU=Staff,DC=school,DC=vic,DC=edu,DC=au" # Update this $NewUserOU = "OU=Teachers,OU=Staff,OU=Users,OU=5362-NiddrieAutistic,DC=curric,DC=niddrieautistic,DC=wan"
$ActiveOU = "OU=Teachers,OU=Staff,OU=Users,OU=5362-NiddrieAutistic,DC=curric,DC=niddrieautistic,DC=wan"
$InactiveOU = "OU=InactiveStaff,OU=5362-NiddrieAutistic,DC=curric,DC=niddrieautistic,DC=wan"
$DefaultPassword = ConvertTo-SecureString "P@ssword123!" -AsPlainText -Force # Update this $DefaultPassword = ConvertTo-SecureString "P@ssword123!" -AsPlainText -Force # Update this
# --- Setup --- # --- Setup ---
@@ -73,6 +76,7 @@ $disables = 0
$noChanges = 0 $noChanges = 0
$notFound = 0 $notFound = 0
$created = 0 $created = 0
$moved = 0
$notFoundList = @() $notFoundList = @()
foreach ($entry in $Deduped.Values) { foreach ($entry in $Deduped.Values) {
@@ -92,7 +96,7 @@ foreach ($entry in $Deduped.Values) {
# Find user in AD by sAMAccountName # Find user in AD by sAMAccountName
try { try {
$adUser = Get-ADUser -Identity $samAccount ` $adUser = Get-ADUser -Identity $samAccount `
-Properties EmailAddress, Enabled, DisplayName ` -Properties EmailAddress, Enabled, DisplayName, DistinguishedName `
-ErrorAction Stop -ErrorAction Stop
} catch { } catch {
# Not found in AD - create if ACTV, otherwise log and skip # Not found in AD - create if ACTV, otherwise log and skip
@@ -125,7 +129,6 @@ foreach ($entry in $Deduped.Values) {
Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green" Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green"
Write-Log " Email : $email [SET]" "Green" Write-Log " Email : $email [SET]" "Green"
$created++
} catch { } catch {
Write-Log " Account : FAILED to create - $_" "Red" Write-Log " Account : FAILED to create - $_" "Red"
} }
@@ -137,7 +140,12 @@ foreach ($entry in $Deduped.Values) {
$willDisable = ($status -in $DisableStatuses) -and $adUser.Enabled $willDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
$willUpdateEmail = ($adUser.EmailAddress -ne $email) $willUpdateEmail = ($adUser.EmailAddress -ne $email)
if (-not $willDisable -and -not $willUpdateEmail) { # Determine OU move
$currentOU = ($adUser.DistinguishedName -replace '^CN=[^,]+,', '')
$targetOU = if ($status -in $DisableStatuses) { $InactiveOU } else { $ActiveOU }
$willMove = ($currentOU -ne $targetOU)
if (-not $willDisable -and -not $willUpdateEmail -and -not $willMove) {
$noChanges++ $noChanges++
continue continue
} }
@@ -159,7 +167,7 @@ foreach ($entry in $Deduped.Values) {
Write-Log " Email : FAILED to update - $_" "Red" Write-Log " Email : FAILED to update - $_" "Red"
} }
} }
$emailUpdates++ if ($DryRun) { $emailUpdates++ }
} }
# Disable account # Disable account
@@ -175,7 +183,23 @@ foreach ($entry in $Deduped.Values) {
Write-Log " Account : FAILED to disable - $_" "Red" Write-Log " Account : FAILED to disable - $_" "Red"
} }
} }
$disables++ if ($DryRun) { $disables++ }
}
# Move user to correct OU
if ($willMove) {
if ($DryRun) {
Write-Log " OU Move : WOULD MOVE to $targetOU" "Magenta"
} else {
try {
Move-ADObject -Identity $adUser.DistinguishedName -TargetPath $targetOU
Write-Log " OU Move : MOVED to $targetOU [MOVED]" "Green"
$moved++
} catch {
Write-Log " OU Move : FAILED to move - $_" "Red"
}
}
if ($DryRun) { $moved++ }
} }
} }
@@ -183,13 +207,14 @@ foreach ($entry in $Deduped.Values) {
Write-Log "" Write-Log ""
Write-Log " --- Summary $(if ($DryRun) { '(DRY RUN)' }) ---" Write-Log " --- Summary $(if ($DryRun) { '(DRY RUN)' }) ---"
if ($emailUpdates -eq 0 -and $disables -eq 0 -and $created -eq 0) { if ($emailUpdates -eq 0 -and $disables -eq 0 -and $created -eq 0 -and $moved -eq 0) {
Write-Log " No changes $(if ($DryRun) { 'would be' } else { 'were' }) made on this run." "Cyan" Write-Log " No changes $(if ($DryRun) { 'would be' } else { 'were' }) made on this run." "Cyan"
} }
Write-Log " Accounts $(if ($DryRun) { 'to create' } else { 'created' }) : $created" Write-Log " Accounts $(if ($DryRun) { 'to create ' } else { 'created ' }): $created"
Write-Log " Email updates : $emailUpdates" Write-Log " Email updates : $emailUpdates"
Write-Log " Accounts disabled : $disables" Write-Log " Accounts disabled : $disables"
Write-Log " OU moves : $moved"
Write-Log " No changes needed : $noChanges" Write-Log " No changes needed : $noChanges"
Write-Log " Not found in AD : $notFound" Write-Log " Not found in AD : $notFound"
if ($notFoundList.Count -gt 0) { if ($notFoundList.Count -gt 0) {