stackoom
  简体   繁体   中英

How to move multiple users to multiple OUs importing users from CSV and filtering by Active directory "Office" attribute

 原文  2022-06-06 01:20:33       powershell/ active-directory

Question

I'm at a loss. I'm trying to move users from an onboarding CSV file to several different OUs after the account creation but I'm having issues with the syntax to achieve the desired results. I'm not too savvy with Powershell. Below is my code. Any help would be appreciated.

Import-Module ActiveDirectory
$office1 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"
$office2 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"
$office3 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"
$office4 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"
$office5 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"
$office6 = "OU=OU NAME HERE,OU=OU NAME HERE,OU=OU NAME HERE,DC=DOMAIN,DC=com"

Import-Csv "C:\AD_Test.csv" | foreach ($user in $users){
$firstname = $user.'Legal First Name'.Trim()
$preferred_firstname = $user.'Preferred First Name'.Trim()
if($preferred_firstname){
    $firstname = $preferred_firstname
}

$lastname = $user.'Last Name'.Trim()
$displayname = $firstname + " " + $lastname
Get-ADUser -Identity $displayname -Filter {office -eq "China"} | Move-ADObject -TargetPath 
$office1
Get-ADUser -Identity $displayname-Filter {office -eq "Russia"} | Move-ADObject -TargetPath 
$office2
Get-ADUser -Identity $displayname -Filter {office -eq "US - Miami"} | Move-ADObject - 
TargetPath $office3
Get-ADUser -Identity $displayname -Filter {office -eq "US - Tampa} | Move-ADObject -TargetPath 
$office4
Get-ADUser -Identity $displayname -Filter {office -eq "US - Reno"} | Move-ADObject -TargetPath 
$office5
Get-ADUser -Identity $displayname -Filter {office -eq "US - Charleston"} | Move-ADObject - 
TargetPath $office6
}

1 answers

solution1
 0 ACCPTED  2022-06-06 01:44:54

First of all, you need to use a hash table that will help you determine to which Organizational Unit the user needs to be moved to.

Then, as explained in comments, -Identity allows you to search only by:

  • A distinguished name
  • A GUID (objectGUID)
  • A security identifier (objectSid)
  • A SAM account name (sAMAccountName)

You will be better of using -Filter or -LDAPFilter to try and find it, in below code I'm using a filter to search for it by CommonName OR SamAccountName OR DisplayName .

Lastly, you need to query the Office attribute for the user's, since this is the attribute that will help you determine to which OU the users have to be moved to.

I have added some inline comments to help you understand the script's logic. Also note the use of -WhatIf switch on Move-ADObject , with this switch in place no action will be performed:

Shows what would happen if the cmdlet runs. The cmdlet is not run.

After running the code and you consider it is doing what you expect it to do, you may remove this switch from the code.

As last peace of advise, have whom is giving you this CSV to put the user's attributes that can be searched by -Identity , other AD attributes are irrelevant for this script.

$map = @{
    'China'           = "China OU DistinguishedName"
    'Russia'          = "Russia OU DistinguishedName"
    'US - Miami'      = "Miami OU DistinguishedName"
    'US - Tampa'      = "Tampa OU DistinguishedName"
    'US - Reno'       = "Reno OU DistinguishedName"
    'US - Charleston' = "Charleston OU DistinguishedName"
}

foreach($line in Import-Csv "C:\AD_Test.csv") {

    $firstname = $line.'Legal First Name'.Trim()
    $preferred_firstname = $line.'Preferred First Name'.Trim()

    if($preferred_firstname){
        $firstname = $preferred_firstname
    }

    $lastname = $line.'Last Name'.Trim()
    $displayname = $firstname + " " + $lastname

    $param = @{
        # create a filter for this user
        # try to find him either by CommonName OR SamAccountName OR DisplayName
        LDAPFilter = "(|(cn=$displayName)(samAccountName=$displayName)(displayName=$displayName))"
        Properties = "Office"
    }

    
    # if the user could not be found in AD
    if(-not ($user = Get-ADUser @param)) {
        # display the warning
        Write-Warning "'$displayName' could not be found in AD."
        # and skip next logic
        continue
    }

    # if the user can be found in AD and the user's Office cannot be found in `$map`
    if(-not $map.ContainsKey($user.Office)) {
        # display the warning
        Write-Warning "Office for '$displayName' could not be determined, skipping."
        # and skip next logic
        continue
    }
    
    # if the user's Office can be found in `$map`, move it to the destination OU
    $user | Move-ADObject -TargetPath $map[$user.Office] -WhatIf
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Move multiple users to multiple OUs importing users from CSV and filtering by Active Directory "Office" attribute using Wildcard lookups How to move multiple users to multiple OUs importing users from CSV and filtering by department How to move multiple AD Users into multiple OUs with powershell script? Importing Users into Active Directory set-aduser attribute for multiple users importing a csv file Powershell Active Directory Users to Multiple Groups using CSV Active Directory - Get LastLogonDate from all Domain Controllers for multiple users Powershell Update Multiple Users attribute from CSV file Exporting users from specific OUs Remove multiple users from multiple Teams if NOT in csv
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM