Switch AD lookup from EmployeeID to sAMAccountName
This commit is contained in:
@@ -1,5 +1,6 @@
|
|||||||
# Update-StaffAD.ps1
|
# Update-StaffAD.ps1
|
||||||
# Reads Staff_Extract.csv and updates AD email addresses and account status.
|
# Reads Staff_Extract.csv and updates AD email addresses and account status.
|
||||||
|
# Matches users by sAMAccountName (PAYROLL_REC_NO column).
|
||||||
# Previews all changes before applying them.
|
# Previews all changes before applying them.
|
||||||
|
|
||||||
# --- Configuration ---
|
# --- Configuration ---
|
||||||
@@ -22,54 +23,49 @@ Write-Host " PREVIEW OF PLANNED CHANGES" -ForegroundColor Cyan
|
|||||||
Write-Host "=============================" -ForegroundColor Cyan
|
Write-Host "=============================" -ForegroundColor Cyan
|
||||||
|
|
||||||
foreach ($entry in $Staff) {
|
foreach ($entry in $Staff) {
|
||||||
$payrollNo = $entry.PAYROLL_REC_NO.Trim()
|
$samAccount = $entry.PAYROLL_REC_NO.Trim()
|
||||||
$status = $entry.STAFF_STATUS.Trim()
|
$status = $entry.STAFF_STATUS.Trim()
|
||||||
$email = $entry.E_MAIL.Trim()
|
$email = $entry.E_MAIL.Trim()
|
||||||
|
|
||||||
# Find user in AD by EmployeeID
|
# Find user in AD by sAMAccountName
|
||||||
try {
|
try {
|
||||||
$adUser = Get-ADUser -Filter "EmployeeID -eq '$payrollNo'" `
|
$adUser = Get-ADUser -Identity $samAccount `
|
||||||
-Properties EmployeeID, EmailAddress, Enabled, SamAccountName, DisplayName `
|
-Properties EmailAddress, Enabled, DisplayName `
|
||||||
-ErrorAction Stop
|
-ErrorAction Stop
|
||||||
} catch {
|
} catch {
|
||||||
continue
|
# User not found in AD, skip
|
||||||
}
|
|
||||||
|
|
||||||
if (-not $adUser) {
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
$planned = [PSCustomObject]@{
|
$planned = [PSCustomObject]@{
|
||||||
DisplayName = $adUser.DisplayName
|
DisplayName = $adUser.DisplayName
|
||||||
SamAccountName = $adUser.SamAccountName
|
SamAccountName = $samAccount
|
||||||
PayrollNo = $payrollNo
|
Status = $status
|
||||||
Status = $status
|
CurrentEmail = $adUser.EmailAddress
|
||||||
CurrentEmail = $adUser.EmailAddress
|
NewEmail = $email
|
||||||
NewEmail = $email
|
CurrentEnabled = $adUser.Enabled
|
||||||
CurrentEnabled = $adUser.Enabled
|
WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
|
||||||
WillDisable = ($status -in $DisableStatuses) -and $adUser.Enabled
|
WillUpdateEmail = ($adUser.EmailAddress -ne $email)
|
||||||
WillUpdateEmail = ($adUser.EmailAddress -ne $email)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$Changes.Add($planned)
|
$Changes.Add($planned)
|
||||||
|
|
||||||
# Display the planned change
|
# Display the planned change
|
||||||
Write-Host "`n User : $($planned.DisplayName) ($($planned.SamAccountName))" -ForegroundColor White
|
Write-Host "`n User : $($planned.DisplayName) ($samAccount)" -ForegroundColor White
|
||||||
Write-Host " Payroll No : $payrollNo"
|
Write-Host " Status : $status"
|
||||||
Write-Host " Status : $status"
|
|
||||||
|
|
||||||
if ($planned.WillUpdateEmail) {
|
if ($planned.WillUpdateEmail) {
|
||||||
Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow
|
Write-Host " Email : $($planned.CurrentEmail) --> $($planned.NewEmail)" -ForegroundColor Yellow
|
||||||
} else {
|
} else {
|
||||||
Write-Host " Email : No change ($email)"
|
Write-Host " Email : No change ($email)"
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($planned.WillDisable) {
|
if ($planned.WillDisable) {
|
||||||
Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red
|
Write-Host " Account : WILL BE DISABLED (status is $status)" -ForegroundColor Red
|
||||||
} elseif (-not $adUser.Enabled) {
|
} elseif (-not $adUser.Enabled) {
|
||||||
Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray
|
Write-Host " Account : Already disabled - no change" -ForegroundColor DarkGray
|
||||||
} else {
|
} else {
|
||||||
Write-Host " Account : No change (active)"
|
Write-Host " Account : No change (active)"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -107,8 +103,6 @@ Write-Host "=============================" -ForegroundColor Cyan
|
|||||||
|
|
||||||
foreach ($change in $Changes) {
|
foreach ($change in $Changes) {
|
||||||
try {
|
try {
|
||||||
$adUser = Get-ADUser -Identity $change.SamAccountName -Properties EmailAddress, Enabled
|
|
||||||
|
|
||||||
if ($change.WillUpdateEmail) {
|
if ($change.WillUpdateEmail) {
|
||||||
Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail
|
Set-ADUser -Identity $change.SamAccountName -EmailAddress $change.NewEmail
|
||||||
Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green
|
Write-Host " [OK] Updated email for $($change.DisplayName): $($change.NewEmail)" -ForegroundColor Green
|
||||||
@@ -116,7 +110,7 @@ foreach ($change in $Changes) {
|
|||||||
|
|
||||||
if ($change.WillDisable) {
|
if ($change.WillDisable) {
|
||||||
Disable-ADAccount -Identity $change.SamAccountName
|
Disable-ADAccount -Identity $change.SamAccountName
|
||||||
Write-Host " [OK] Disabled account for $($change.DisplayName) ($($change.Status))" -ForegroundColor Green
|
Write-Host " [OK] Disabled account for $($change.DisplayName) (status: $($change.Status))" -ForegroundColor Green
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch {
|
} catch {
|
||||||
|
|||||||
Reference in New Issue
Block a user