From a402b78499cf4b65d4c9decf6cac31c357d73839 Mon Sep 17 00:00:00 2001 From: jessikitty Date: Wed, 25 Feb 2026 11:47:44 +1100 Subject: [PATCH] Switch AD lookup from EmployeeID to sAMAccountName --- Update-StaffAD.ps1 | 50 ++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) diff --git a/Update-StaffAD.ps1 b/Update-StaffAD.ps1 index 47024e8..238d303 100644 --- a/Update-StaffAD.ps1 +++ b/Update-StaffAD.ps1 @@ -1,5 +1,6 @@ # Update-StaffAD.ps1 # Reads Staff_Extract.csv and updates AD email addresses and account status. +# Matches users by sAMAccountName (PAYROLL_REC_NO column). # Previews all changes before applying them. # --- Configuration --- @@ -22,54 +23,49 @@ Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan Write-Host "=============================" -ForegroundColor Cyan foreach ($entry in $Staff) { - $payrollNo = $entry.PAYROLL_REC_NO.Trim() + $samAccount = $entry.PAYROLL_REC_NO.Trim() $status = $entry.STAFF_STATUS.Trim() $email = $entry.E_MAIL.Trim() - # Find user in AD by EmployeeID + # Find user in AD by sAMAccountName try { - $adUser = Get-ADUser -Filter "EmployeeID -eq '$payrollNo'" ` - -Properties EmployeeID, EmailAddress, Enabled, SamAccountName, DisplayName ` + $adUser = Get-ADUser -Identity $samAccount ` + -Properties EmailAddress, Enabled, DisplayName ` -ErrorAction Stop } catch { - continue - } - - if (-not $adUser) { + # User not found in AD, skip continue } $planned = [PSCustomObject]@{ - DisplayName = $adUser.DisplayName - SamAccountName = $adUser.SamAccountName - PayrollNo = $payrollNo - Status = $status - CurrentEmail = $adUser.EmailAddress - NewEmail = $email - CurrentEnabled = $adUser.Enabled - WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled - WillUpdateEmail = ($adUser.EmailAddress -ne $email) + DisplayName = $adUser.DisplayName + SamAccountName = $samAccount + Status = $status + CurrentEmail = $adUser.EmailAddress + NewEmail = $email + CurrentEnabled = $adUser.Enabled + WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled + WillUpdateEmail = ($adUser.EmailAddress -ne $email) } $Changes.Add($planned) # Display the planned change - Write-Host "`n User : $($planned.DisplayName) ($($planned.SamAccountName))" -ForegroundColor White - Write-Host " Payroll No : $payrollNo" - Write-Host " Status : $status" + Write-Host "`n User : $($planned.DisplayName) ($samAccount)" -ForegroundColor White + Write-Host " Status : $status" if ($planned.WillUpdateEmail) { - Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow + Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow } else { - Write-Host " Email : No change ($email)" + Write-Host " Email : No change ($email)" } if ($planned.WillDisable) { - Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red + Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red } elseif (-not $adUser.Enabled) { - Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray + Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray } else { - Write-Host " Account : No change (active)" + Write-Host " Account : No change (active)" } } @@ -107,8 +103,6 @@ Write-Host "=============================" -ForegroundColor Cyan foreach ($change in $Changes) { try { - $adUser = Get-ADUser -Identity $change.SamAccountName -Properties EmailAddress, Enabled - if ($change.WillUpdateEmail) { Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green @@ -116,7 +110,7 @@ foreach ($change in $Changes) { if ($change.WillDisable) { Disable-ADAccount -Identity $change.SamAccountName - Write-Host " [OK] Disabled account for $($change.DisplayName) ($($change.Status))" -ForegroundColor Green + Write-Host " [OK] Disabled account for $($change.DisplayName) (status: $($change.Status))" -ForegroundColor Green } } catch {