Need to update attributes for AD target users such as ObjectSid, msExchMasterAccountSid from a CSV file

Question

I am currently testing the following scenario and looking to automate it defining and validating parameters.

I have put together the following cmdlets to get the script to work calling line-by-line, but what I ultimately like is for this to look at a list of users in a CSV file. From this file, I would like to use two columns with the UserPrincipalName headers, such as:

SourceUser | TargetUser

The idea would be to run a script and replace the following:

#create variables
$sourceUser = "TestUser1@old.domain.com"
$targetUser = "TestUser1@new.domain.com"
$sourceusername,$sourcedomain = $sourceUser -split ("@")
$targetusername,$targetdomain = $targetUser -split ("@")
$SourceAccount = Get-ADUser $sourceusername -server $sourcedomain -Properties objectSid
$TargetAccount = Get-ADUser $targetusername -Server $targetdomain 

#get the objectSid of the source account
$objectSid = $SourceAccount.objectSid

#copy source account objectSid to target account msExchMasterAccountSid
$TargetAccount | Set-ADUser -Replace @{"msExchMasterAccountSid"=$objectSid}

#enable target account
$TargetAccount | Enable-ADAccount

#disable the source account
$SourceAccount | Disable-ADAccount

#move the migrated user into prod OU
$TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"

I found already a couple of parameters that I believe would help to achieve two things such as the target domain and target OU:

  [CmdletBinding()]
  Param(
  #target domain
  [parameter(Mandatory,Position=1)]
  [ValidateScript({Get-ADDomain -Identity $_})]
  [String]$Domain,

  #target OU
  [parameter(Position=2)]
  [ValidateScript({Get-ADOrganizationalUnit -Identity $_})]
  [String]$TargetOu
  )

Is there anyone able to help me put all this script together, please? 🙂

Thanks

Answer 1

A draft of a script I develop after sometime:

Clear-Host
#parameters
Import-Module ActiveDirectory
#Start region >>> fake reading in a csv file
$SourceDestinationUsers = @'
SourceUser, DestinationUser
test@source.com, test@destination.com
'@ | ConvertFrom-Csv
#endregion >>> fake reading in a CSV file

function Invoke-UserMove
{
    [CmdletBinding()]
    param()

    ForEach ($User in $SourceDestinationUsers)
    {
        Write-Host 'Processing...'
        Write-Host ('    SourceUser {0}' -f $User.SourceUser)
        Write-Host ('    DestinationUser {0}' -f $User.DestinationUser)

        Write-Host '__ Source Account __'
        $GADU_Params_1 = [ordered]@{
            Identity   = $User.SourceUser.split('@')[0]
            Server     = $User.SourceUser.split('@')[1]
            Properties = 'objectSid', 'SamAccountName'
        }
        $GADU_Params_1
        $SourceAccount = Get-ADUser @GADU_Params_1

        Write-Host '__ Target Account __'
        $GADU_Params_2 = [ordered]@{
            Identity = $User.DestinationUser.Split('@')[0]
            Server   = $User.DestinationUser.Split('@')[1]
        }
        $GADU_Params_2
        $TargetAccount = Get-ADUser @GADU_Params_2

        Write-Host 'Making changes...'


        try
        {
            $TargetAccount | Set-AdUser -Replace @{'SamAccountName' = $SourceAccount.SamAccountName }
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $TargetAccount | Enable-ADAccount
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $SourceAccount | Disable-ADAccount
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }

    }

    Write-Host "Completed"
}
Invoke-UserMove

It worked for me and I did achieve what I needed.

Answer 2

OK, let's say your CSV file contains something like

SourceUser, TargetUser
TestUser1@old.domain.com,Testuser1@new.domain.com

obviously, in reality your csv file would consist of more than one source and target pair.

Now starting with the code you provided, put that in brackets under a foreach loop, and feed the csv data one record at a time through the pipeline. Something like this

Import-csv MyCsvFile.csv |
foreach {

#create variables
$sourceUser = $_.SourceUser
$targetUser = $_.TargetUser
$sourceusername,$sourcedomain = $sourceUser -split ("@")
$targetusername,$targetdomain = $targetUser -split ("@")
$SourceAccount = Get-ADUser $sourceusername -server $sourcedomain -Properties objectSid
$TargetAccount = Get-ADUser $targetusername -Server $targetdomain 

#get the objectSid of the source account
$objectSid = $SourceAccount.objectSid

#copy source account objectSid to target account msExchMasterAccountSid
$TargetAccount | Set-ADUser -Replace @{"msExchMasterAccountSid"=$objectSid}

#enable target account
$TargetAccount | Enable-ADAccount

#disable the source account
$SourceAccount | Disable-ADAccount

#move the migrated user into prod OU
$TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"

}

I didn't fix up the indenting for you, but you get the idea.