jessikitty/Staff-AD-email-disabler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add -DryRun switch for safe preview without making changes

Browse Source
This commit is contained in:
jessikitty
2026-05-20 11:09:32 +10:00
parent 8de674c514
commit ba9a9b9fe6
1 changed files with 75 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Update-StaffAD.ps1
+75 -43
View File
@@ -4,6 +4,14 @@
# If duplicate entries exist, ACTV takes priority over INAC/LEFT. # If duplicate entries exist, ACTV takes priority over INAC/LEFT.
# Creates new AD accounts for ACTV users not found in AD. # Creates new AD accounts for ACTV users not found in AD.
# Applies changes automatically and appends results to a log file. # Applies changes automatically and appends results to a log file.
#
# Usage:
# .\Update-StaffAD.ps1 - Run normally, apply all changes
# .\Update-StaffAD.ps1 -DryRun - Preview only, no changes made
param(
[switch]$DryRun
)
# --- Configuration --- # --- Configuration ---
$CsvPath = "C:\Scripts\Staff_Extract.csv" $CsvPath = "C:\Scripts\Staff_Extract.csv"
@@ -30,7 +38,9 @@ $Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
function Write-Log { function Write-Log {
param([string]$Message, [string]$Color = "White") param([string]$Message, [string]$Color = "White")
Write-Host $Message -ForegroundColor $Color Write-Host $Message -ForegroundColor $Color
Add-Content -Path $LogFile -Value $Message if (-not $DryRun) {
Add-Content -Path $LogFile -Value $Message
}
} }
# --- Deduplicate: ACTV wins over INAC/LEFT --- # --- Deduplicate: ACTV wins over INAC/LEFT ---
@@ -40,16 +50,23 @@ foreach ($entry in $Staff) {
if (-not $Deduped.ContainsKey($key)) { if (-not $Deduped.ContainsKey($key)) {
$Deduped[$key] = $entry $Deduped[$key] = $entry
} elseif ($entry.STAFF_STATUS.Trim() -eq "ACTV") { } elseif ($entry.STAFF_STATUS.Trim() -eq "ACTV") {
# ACTV always overrides whatever was stored
$Deduped[$key] = $entry $Deduped[$key] = $entry
} }
} }
# --- Run Header --- # --- Run Header ---
Write-Log "" if ($DryRun) {
Write-Log $RunHeader Write-Host ""
Write-Log " RUN: $Timestamp" Write-Host $RunHeader -ForegroundColor Magenta
Write-Log $RunHeader Write-Host " DRY RUN - NO CHANGES WILL BE MADE" -ForegroundColor Magenta
Write-Host " $Timestamp" -ForegroundColor Magenta
Write-Host $RunHeader -ForegroundColor Magenta
} else {
Write-Log ""
Write-Log $RunHeader
Write-Log " RUN: $Timestamp"
Write-Log $RunHeader
}
$emailUpdates = 0 $emailUpdates = 0
$disables = 0 $disables = 0
@@ -85,30 +102,35 @@ foreach ($entry in $Deduped.Values) {
continue continue
} }
try { Write-Log ""
New-ADUser ` Write-Log " User : $displayName ($samAccount)"
-SamAccountName $samAccount ` Write-Log " Status : $status"
-UserPrincipalName $email `
-GivenName $firstName `
-Surname $lastName `
-DisplayName $displayName `
-Name $displayName `
-EmailAddress $email `
-AccountPassword $DefaultPassword `
-Enabled $true `
-Path $NewUserOU
Write-Log "" if ($DryRun) {
Write-Log " User : $displayName ($samAccount)" Write-Log " Account : WOULD BE CREATED in $NewUserOU" "Magenta"
Write-Log " Status : $status" Write-Log " Email : $email [WOULD BE SET]" "Magenta"
Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green" } else {
Write-Log " Email : $email [SET]" "Green" try {
$created++ New-ADUser `
} catch { -SamAccountName $samAccount `
Write-Log "" -UserPrincipalName $email `
Write-Log " User : $displayName ($samAccount)" -GivenName $firstName `
Write-Log " Account : FAILED to create - $_" "Red" -Surname $lastName `
-DisplayName $displayName `
-Name $displayName `
-EmailAddress $email `
-AccountPassword $DefaultPassword `
-Enabled $true `
-Path $NewUserOU
Write-Log " Account : CREATED in $NewUserOU [CREATED]" "Green"
Write-Log " Email : $email [SET]" "Green"
$created++
} catch {
Write-Log " Account : FAILED to create - $_" "Red"
}
} }
$created++
continue continue
} }
@@ -126,36 +148,46 @@ foreach ($entry in $Deduped.Values) {
# Update email # Update email
if ($willUpdateEmail) { if ($willUpdateEmail) {
try { if ($DryRun) {
Set-ADUser -Identity $samAccount -EmailAddress $email Write-Log " Email : $($adUser.EmailAddress) --> $email [WOULD UPDATE]" "Magenta"
Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green" } else {
$emailUpdates++ try {
} catch { Set-ADUser -Identity $samAccount -EmailAddress $email
Write-Log " Email : FAILED to update - $_" "Red" Write-Log " Email : $($adUser.EmailAddress) --> $email [UPDATED]" "Green"
$emailUpdates++
} catch {
Write-Log " Email : FAILED to update - $_" "Red"
}
} }
$emailUpdates++
} }
# Disable account # Disable account
if ($willDisable) { if ($willDisable) {
try { if ($DryRun) {
Disable-ADAccount -Identity $samAccount Write-Log " Account : WOULD BE DISABLED (status: $status)" "Magenta"
Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green" } else {
$disables++ try {
} catch { Disable-ADAccount -Identity $samAccount
Write-Log " Account : FAILED to disable - $_" "Red" Write-Log " Account : DISABLED (status: $status) [UPDATED]" "Green"
$disables++
} catch {
Write-Log " Account : FAILED to disable - $_" "Red"
}
} }
$disables++
} }
} }
# --- Summary --- # --- Summary ---
Write-Log "" Write-Log ""
Write-Log " --- Summary ---" Write-Log " --- Summary $(if ($DryRun) { '(DRY RUN)' }) ---"
if ($emailUpdates -eq 0 -and $disables -eq 0 -and $created -eq 0) { if ($emailUpdates -eq 0 -and $disables -eq 0 -and $created -eq 0) {
Write-Log " No changes were made on this run." "Cyan" Write-Log " No changes $(if ($DryRun) { 'would be' } else { 'were' }) made on this run." "Cyan"
} }
Write-Log " Accounts created : $created" Write-Log " Accounts $(if ($DryRun) { 'to create' } else { 'created' }) : $created"
Write-Log " Email updates : $emailUpdates" Write-Log " Email updates : $emailUpdates"
Write-Log " Accounts disabled : $disables" Write-Log " Accounts disabled : $disables"
Write-Log " No changes needed : $noChanges" Write-Log " No changes needed : $noChanges"