Update AD User From CSV Based on EmployeeID Attribute

Question

I am attempting to update AD users based on their employeeID number. It is a reliable key field for our organization.

Every user in this case was created with an employeeID attribute. I am using the same csv for the initial creation (New-ADuser) of users (only setting less attributes), as I am the update (Set-ADUser) of users.

Most of this is pretty straightforward and sourced mostly from here . I successfully import my csv, and can print my variables. My resulting message indicates that when I execute my If/Else, that the "User with ID is not found, or more than one is found", both of which aren't true. I believe my issue to be in this line:

$UserID = Get-ADUser employeeID=$EmployeeId

Here is the entirety of the script. What am I doing wrong here?

# Import AD Module
Import-Module ActiveDirectory

# Import CSV into variable $userscsv
$ADUsers = Import-Csv -Path C:\Scripting\CSVs\UpdateADUsers.csv


foreach ($User in $ADUsers)
{
#Retrieve info from CSV
$Title = $User.Title
$Department = $User.department
$Office = $User.Office
$EmployeeId = $User.EmployeeId
$Manager = $User.manager
$Company = $User.Orglevel02

#get user DN
$UserDN = Get-ADUser -LDAPFilter "EmployeeId=$EmployeeId"

If ($UserDN.Count -eq 1)
 {
        # Use the Set-ADUser cmdlet to assign the new attribute values.
        Set-ADUser -Identity $UserDN -Replace @{title=$Title;physicalDeliveryOfficeName=$Office;manager=$Manager}
    }
    Else {"User with ID $ID either not found, or more than one user found."}
}

Answer 1

$UserDN = Get-ADUser -LDAPFilter "(EmployeeId=*$EmployeeId*)"

Answer 2

Marks answer contains the major correction needed in your filter.

Each of your search criteria at a minimum must be in a set of parenthesis. Like in the example given on ldapexplorer.com

 Equality: (attribute=abc) , eg (&(objectclass=user)(displayName=Foeckeler) 

Your current example has bad syntax since it is missing braces but does not constitute a failure of the cmdlet, so, nothing ( $null ) is returned. You have a response to this in comments

I initially tried with that syntax, minus the *wildcard. Results still the same, implying User with ID 1234567 either not found, or more than one user found.

What if you hardcode an employeeID in there for testing?

Get-ADUser -LDAPFilter "(EmployeeId=12345)"

If that works then that tells me something is wrong with your source file. Leading or trailing whitespace or perhaps hidden characters? Either way look at the source to be sure and if you have to use .Trim() for testing as you might not initially see the problem.

Get-ADUser -LDAPFilter "(EmployeeId=$($EmployeeID.Trim()))"