Export/Import AD Users including manager attribute

Question

I am trying to import users from a csv file, which I exported from a different domain. Unfortunately the manager attribute gives me a hard time.

1. What I have done so far (Export):
I exported User attributes from AD1 with the domain name oldDomain.com into export.csv . In order to generate the export.csv file I useed the following command:

Get-ADUser -Filter * -Property * | Select-Object givenName,sn,name,displayName,sAMaccountName,manager | Export-Csv -Encoding "UTF8" -path \\hostex\Share\export.csv

This will result to the following file:

"givenName","sn","name","displayName","sAMaccountName","manager"
"Test","User1","Test User1","Test User1","test.user1",
"Test","User2","Test User2","Test User2","test.user2","CN=Test User1,OU=Users,DC=oldDomain,DC=com"

2. Problem with Import

Afterwards I try to import/add the users into AD2 which uses the domainname newDomain.org . My command looks like this:

Import-Csv \\hostex\Share\export.csv | ForEach { New-ADUser -AccountPassword (ConvertTo-SecureString Pass321? -AsPlainText -force) -Path "OU=Users,DC=newDomain,DC=org" -GivenName $_.givenName -Name $_.name -Surname $_.sn -DisplayName $_.displayName -SamAccountName $_.sAMAccountName -Manager $_.manager.Replace("DC=oldDomain,DC=com","DC=newDomain,DC=org") }

This leads to an ADIdentityResolutionException . Since the first line of export.csv has no value set for the manager attribute, the command tries to find the user identity "" within AD2. This is impossible to find. Therefore the user is not added to AD2.

In order to resolve this issue I would like to add some kind of If-Statement, which sets the value for the manager attribute only if the equivalent value in export.csv is not null ( $_.manager -notlike $null ). Any ideas how to achieve this?

Answer 1

You probably attempt to reference a manager account before that account is actually created. Separate account creation from assigning a manager to it. Also, empty fields read from a CSV appear as empty strings, not $null , so you need to compare to '' to filter them out.

Try this:

$users = Import-Csv '\\hostex\Share\export.csv'

$initialPassword = ConvertTo-SecureString 'Pass321?' -AsPlainText -Force

$users | % {
  New-ADUser -AccountPassword $initialPassword `
    -Path 'OU=Users,DC=newDomain,DC=org' `
    -GivenName $_.givenName `
    -Name $_.name `
    -Surname $_.sn `
    -DisplayName $_.displayName `
    -SamAccountName $_.sAMAccountName
}

$users | ? { $_.manager -ne '' } | % {
  $manager = $_.manager -replace 'DC=oldDomain,DC=com$', 'DC=newDomain,DC=org'
  Set-ADUser -Identity $_.sAMAccountName -Manager $manager
}

Answer 2

One way to do this would be to build the complete command as a string with an additional line that adds the manager option to the end of the string if it exists in the data and then use Invoke-Expression to execute the command.

Import-Csv \\hostex\Share\export.csv | ForEach { 
$NewUserCommand = "New-ADUser -AccountPassword (ConvertTo-SecureString Pass321? -AsPlainText -force) -Path 'OU=Users,DC=newDomain,DC=org' -GivenName $_.givenName -Name $_.name -Surname $_.sn -DisplayName $_.displayName -SamAccountName $_.sAMAccountName"
If ($_.manager) {$NewUserCommand += " -Manager " +  $_.manager.Replace('DC=oldDomain,DC=com','DC=newDomain,DC=org')}
Invoke-Expression $NewUserCommand
}