diff --git a/Update-StaffAD.ps1 b/Update-StaffAD.ps1 index f06cde4..4c160e5 100644 --- a/Update-StaffAD.ps1 +++ b/Update-StaffAD.ps1 @@ -4,6 +4,14 @@ # If duplicate entries exist, ACTV takes priority over INAC/LEFT. # Creates new AD accounts for ACTV users not found in AD. # Applies changes automatically and appends results to a log file. +# +# Usage: +# .\Update-StaffAD.ps1 - Run normally, apply all changes +# .\Update-StaffAD.ps1 -DryRun - Preview only, no changes made + +param( + [switch]$DryRun +) # --- Configuration --- $CsvPath = "C:\Scripts\Staff_Extract.csv" @@ -30,7 +38,9 @@ $Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" function Write-Log { param([string]$Message, [string]$Color = "White") Write-Host $Message -ForegroundColor $Color - Add-Content -Path $LogFile -Value $Message + if (-not $DryRun) { + Add-Content -Path $LogFile -Value $Message + } } # --- Deduplicate: ACTV wins over INAC/LEFT --- @@ -40,16 +50,23 @@ foreach ($entry in $Staff) { if (-not $Deduped.ContainsKey($key)) { $Deduped[$key] = $entry } elseif ($entry.STAFF_STATUS.Trim() -eq "ACTV") { - # ACTV always overrides whatever was stored $Deduped[$key] = $entry } } # --- Run Header --- -Write-Log "" -Write-Log $RunHeader -Write-Log " RUN: $Timestamp" -Write-Log $RunHeader +if ($DryRun) { + Write-Host "" + Write-Host $RunHeader -ForegroundColor Magenta + Write-Host " DRY RUN - NO CHANGES WILL BE MADE" -ForegroundColor Magenta + Write-Host " $Timestamp" -ForegroundColor Magenta + Write-Host $RunHeader -ForegroundColor Magenta +} else { + Write-Log "" + Write-Log $RunHeader + Write-Log " RUN: $Timestamp" + Write-Log $RunHeader +} $emailUpdates = 0 $disables = 0 @@ -85,30 +102,35 @@ foreach ($entry in $Deduped.Values) { continue } - try { - New-ADUser ` - -SamAccountName $samAccount ` - -UserPrincipalName $email ` - -GivenName $firstName ` - -Surname $lastName ` - -DisplayName $displayName ` - -Name $displayName ` - -EmailAddress $email ` - -AccountPassword $DefaultPassword ` - -Enabled $true ` - -Path $NewUserOU + Write-Log "" + Write-Log " User : $displayName ($samAccount)" + Write-Log " Status : $status" - Write-Log "" - Write-Log " User : $displayName ($samAccount)" - Write-Log " Status : $status" - Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green" - Write-Log " Email : $email [SET]" "Green" - $created++ - } catch { - Write-Log "" - Write-Log " User : $displayName ($samAccount)" - Write-Log " Account : FAILED to create - $_" "Red" + if ($DryRun) { + Write-Log " Account : WOULD BE CREATED in $NewUserOU" "Magenta" + Write-Log " Email : $email [WOULD BE SET]" "Magenta" + } else { + try { + New-ADUser ` + -SamAccountName $samAccount ` + -UserPrincipalName $email ` + -GivenName $firstName ` + -Surname $lastName ` + -DisplayName $displayName ` + -Name $displayName ` + -EmailAddress $email ` + -AccountPassword $DefaultPassword ` + -Enabled $true ` + -Path $NewUserOU + + Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green" + Write-Log " Email : $email [SET]" "Green" + $created++ + } catch { + Write-Log " Account : FAILED to create - $_" "Red" + } } + $created++ continue } @@ -126,36 +148,46 @@ foreach ($entry in $Deduped.Values) { # Update email if ($willUpdateEmail) { - try { - Set-ADUser -Identity $samAccount -EmailAddress $email - Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green" - $emailUpdates++ - } catch { - Write-Log " Email : FAILED to update - $_" "Red" + if ($DryRun) { + Write-Log " Email : $($adUser.EmailAddress) --> $email [WOULD UPDATE]" "Magenta" + } else { + try { + Set-ADUser -Identity $samAccount -EmailAddress $email + Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green" + $emailUpdates++ + } catch { + Write-Log " Email : FAILED to update - $_" "Red" + } } + $emailUpdates++ } # Disable account if ($willDisable) { - try { - Disable-ADAccount -Identity $samAccount - Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green" - $disables++ - } catch { - Write-Log " Account : FAILED to disable - $_" "Red" + if ($DryRun) { + Write-Log " Account : WOULD BE DISABLED (status: $status)" "Magenta" + } else { + try { + Disable-ADAccount -Identity $samAccount + Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green" + $disables++ + } catch { + Write-Log " Account : FAILED to disable - $_" "Red" + } } + $disables++ } } # --- Summary --- Write-Log "" -Write-Log " --- Summary ---" +Write-Log " --- Summary $(if ($DryRun) { '(DRY RUN)' }) ---" if ($emailUpdates -eq 0 -and $disables -eq 0 -and $created -eq 0) { - Write-Log " No changes were made on this run." "Cyan" + Write-Log " No changes $(if ($DryRun) { 'would be' } else { 'were' }) made on this run." "Cyan" } -Write-Log " Accounts created : $created" +Write-Log " Accounts $(if ($DryRun) { 'to create' } else { 'created' }) : $created" Write-Log " Email updates : $emailUpdates" Write-Log " Accounts disabled : $disables" Write-Log " No changes needed : $noChanges"