diff --git a/Update-StaffAD.ps1 b/Update-StaffAD.ps1 new file mode 100644 index 0000000..47024e8 --- /dev/null +++ b/Update-StaffAD.ps1 @@ -0,0 +1,127 @@ +# Update-StaffAD.ps1 +# Reads Staff_Extract.csv and updates AD email addresses and account status. +# Previews all changes before applying them. + +# --- Configuration --- +$CsvPath = "C:\Scripts\Staff_Extract.csv" # Update if needed + +# --- Import --- +if (-not (Test-Path $CsvPath)) { + Write-Error "CSV not found: $CsvPath" + exit 1 +} + +$Staff = Import-Csv -Path $CsvPath +$DisableStatuses = @("INAC", "LEFT") + +# --- Preview Phase --- +$Changes = [System.Collections.Generic.List[PSCustomObject]]::new() + +Write-Host "`n=============================" -ForegroundColor Cyan +Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan +Write-Host "=============================" -ForegroundColor Cyan + +foreach ($entry in $Staff) { + $payrollNo = $entry.PAYROLL_REC_NO.Trim() + $status = $entry.STAFF_STATUS.Trim() + $email = $entry.E_MAIL.Trim() + + # Find user in AD by EmployeeID + try { + $adUser = Get-ADUser -Filter "EmployeeID -eq '$payrollNo'" ` + -Properties EmployeeID, EmailAddress, Enabled, SamAccountName, DisplayName ` + -ErrorAction Stop + } catch { + continue + } + + if (-not $adUser) { + continue + } + + $planned = [PSCustomObject]@{ + DisplayName = $adUser.DisplayName + SamAccountName = $adUser.SamAccountName + PayrollNo = $payrollNo + Status = $status + CurrentEmail = $adUser.EmailAddress + NewEmail = $email + CurrentEnabled = $adUser.Enabled + WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled + WillUpdateEmail = ($adUser.EmailAddress -ne $email) + } + + $Changes.Add($planned) + + # Display the planned change + Write-Host "`n User : $($planned.DisplayName) ($($planned.SamAccountName))" -ForegroundColor White + Write-Host " Payroll No : $payrollNo" + Write-Host " Status : $status" + + if ($planned.WillUpdateEmail) { + Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow + } else { + Write-Host " Email : No change ($email)" + } + + if ($planned.WillDisable) { + Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red + } elseif (-not $adUser.Enabled) { + Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray + } else { + Write-Host " Account : No change (active)" + } +} + +# --- Summary --- +$emailUpdates = ($Changes | Where-Object { $_.WillUpdateEmail }).Count +$disables = ($Changes | Where-Object { $_.WillDisable }).Count +$noChanges = ($Changes | Where-Object { -not $_.WillUpdateEmail -and -not $_.WillDisable }).Count + +Write-Host "`n=============================" -ForegroundColor Cyan +Write-Host " SUMMARY" -ForegroundColor Cyan +Write-Host "=============================" -ForegroundColor Cyan +Write-Host " Users matched in AD : $($Changes.Count)" +Write-Host " Email updates : $emailUpdates" -ForegroundColor Yellow +Write-Host " Accounts to disable : $disables" -ForegroundColor Red +Write-Host " No changes needed : $noChanges" +Write-Host "" + +if ($Changes.Count -eq 0) { + Write-Host "No matching AD users found. Exiting." -ForegroundColor Yellow + exit 0 +} + +# --- Confirmation --- +$confirm = Read-Host "Do you want to apply these changes? (yes/no)" + +if ($confirm -ne "yes") { + Write-Host "`nAborted. No changes were made." -ForegroundColor Yellow + exit 0 +} + +# --- Apply Changes --- +Write-Host "`n=============================" -ForegroundColor Cyan +Write-Host " APPLYING CHANGES" -ForegroundColor Cyan +Write-Host "=============================" -ForegroundColor Cyan + +foreach ($change in $Changes) { + try { + $adUser = Get-ADUser -Identity $change.SamAccountName -Properties EmailAddress, Enabled + + if ($change.WillUpdateEmail) { + Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail + Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green + } + + if ($change.WillDisable) { + Disable-ADAccount -Identity $change.SamAccountName + Write-Host " [OK] Disabled account for $($change.DisplayName) ($($change.Status))" -ForegroundColor Green + } + + } catch { + Write-Host " [ERROR] Failed to update $($change.DisplayName): $_" -ForegroundColor Red + } +} + +Write-Host "`nDone." -ForegroundColor Cyan