Add Update-StaffAD.ps1 - preview and apply AD changes from staff CSV
This commit is contained in:
127
Update-StaffAD.ps1
Normal file
127
Update-StaffAD.ps1
Normal file
@@ -0,0 +1,127 @@
|
||||
# Update-StaffAD.ps1
|
||||
# Reads Staff_Extract.csv and updates AD email addresses and account status.
|
||||
# Previews all changes before applying them.
|
||||
|
||||
# --- Configuration ---
|
||||
$CsvPath = "C:\Scripts\Staff_Extract.csv" # Update if needed
|
||||
|
||||
# --- Import ---
|
||||
if (-not (Test-Path $CsvPath)) {
|
||||
Write-Error "CSV not found: $CsvPath"
|
||||
exit 1
|
||||
}
|
||||
|
||||
$Staff = Import-Csv -Path $CsvPath
|
||||
$DisableStatuses = @("INAC", "LEFT")
|
||||
|
||||
# --- Preview Phase ---
|
||||
$Changes = [System.Collections.Generic.List[PSCustomObject]]::new()
|
||||
|
||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
||||
Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan
|
||||
Write-Host "=============================" -ForegroundColor Cyan
|
||||
|
||||
foreach ($entry in $Staff) {
|
||||
$payrollNo = $entry.PAYROLL_REC_NO.Trim()
|
||||
$status = $entry.STAFF_STATUS.Trim()
|
||||
$email = $entry.E_MAIL.Trim()
|
||||
|
||||
# Find user in AD by EmployeeID
|
||||
try {
|
||||
$adUser = Get-ADUser -Filter "EmployeeID -eq '$payrollNo'" `
|
||||
-Properties EmployeeID, EmailAddress, Enabled, SamAccountName, DisplayName `
|
||||
-ErrorAction Stop
|
||||
} catch {
|
||||
continue
|
||||
}
|
||||
|
||||
if (-not $adUser) {
|
||||
continue
|
||||
}
|
||||
|
||||
$planned = [PSCustomObject]@{
|
||||
DisplayName = $adUser.DisplayName
|
||||
SamAccountName = $adUser.SamAccountName
|
||||
PayrollNo = $payrollNo
|
||||
Status = $status
|
||||
CurrentEmail = $adUser.EmailAddress
|
||||
NewEmail = $email
|
||||
CurrentEnabled = $adUser.Enabled
|
||||
WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
|
||||
WillUpdateEmail = ($adUser.EmailAddress -ne $email)
|
||||
}
|
||||
|
||||
$Changes.Add($planned)
|
||||
|
||||
# Display the planned change
|
||||
Write-Host "`n User : $($planned.DisplayName) ($($planned.SamAccountName))" -ForegroundColor White
|
||||
Write-Host " Payroll No : $payrollNo"
|
||||
Write-Host " Status : $status"
|
||||
|
||||
if ($planned.WillUpdateEmail) {
|
||||
Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow
|
||||
} else {
|
||||
Write-Host " Email : No change ($email)"
|
||||
}
|
||||
|
||||
if ($planned.WillDisable) {
|
||||
Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red
|
||||
} elseif (-not $adUser.Enabled) {
|
||||
Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray
|
||||
} else {
|
||||
Write-Host " Account : No change (active)"
|
||||
}
|
||||
}
|
||||
|
||||
# --- Summary ---
|
||||
$emailUpdates = ($Changes | Where-Object { $_.WillUpdateEmail }).Count
|
||||
$disables = ($Changes | Where-Object { $_.WillDisable }).Count
|
||||
$noChanges = ($Changes | Where-Object { -not $_.WillUpdateEmail -and -not $_.WillDisable }).Count
|
||||
|
||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
||||
Write-Host " SUMMARY" -ForegroundColor Cyan
|
||||
Write-Host "=============================" -ForegroundColor Cyan
|
||||
Write-Host " Users matched in AD : $($Changes.Count)"
|
||||
Write-Host " Email updates : $emailUpdates" -ForegroundColor Yellow
|
||||
Write-Host " Accounts to disable : $disables" -ForegroundColor Red
|
||||
Write-Host " No changes needed : $noChanges"
|
||||
Write-Host ""
|
||||
|
||||
if ($Changes.Count -eq 0) {
|
||||
Write-Host "No matching AD users found. Exiting." -ForegroundColor Yellow
|
||||
exit 0
|
||||
}
|
||||
|
||||
# --- Confirmation ---
|
||||
$confirm = Read-Host "Do you want to apply these changes? (yes/no)"
|
||||
|
||||
if ($confirm -ne "yes") {
|
||||
Write-Host "`nAborted. No changes were made." -ForegroundColor Yellow
|
||||
exit 0
|
||||
}
|
||||
|
||||
# --- Apply Changes ---
|
||||
Write-Host "`n=============================" -ForegroundColor Cyan
|
||||
Write-Host " APPLYING CHANGES" -ForegroundColor Cyan
|
||||
Write-Host "=============================" -ForegroundColor Cyan
|
||||
|
||||
foreach ($change in $Changes) {
|
||||
try {
|
||||
$adUser = Get-ADUser -Identity $change.SamAccountName -Properties EmailAddress, Enabled
|
||||
|
||||
if ($change.WillUpdateEmail) {
|
||||
Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail
|
||||
Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green
|
||||
}
|
||||
|
||||
if ($change.WillDisable) {
|
||||
Disable-ADAccount -Identity $change.SamAccountName
|
||||
Write-Host " [OK] Disabled account for $($change.DisplayName) ($($change.Status))" -ForegroundColor Green
|
||||
}
|
||||
|
||||
} catch {
|
||||
Write-Host " [ERROR] Failed to update $($change.DisplayName): $_" -ForegroundColor Red
|
||||
}
|
||||
}
|
||||
|
||||
Write-Host "`nDone." -ForegroundColor Cyan
|
||||
Reference in New Issue
Block a user