stackoom
  简体   繁体   中英

Updating Attributes in AD Powershell

 原文  2022-10-06 14:43:38       powershell

Question

I have a script updating attributes in AD. Attached is a sample of my script to update the attributes. This does work but I am not a PowerShell guy by any means. I was wondering if there is a more efficient way to run my script. Some issues I am having is if a field in the CSV is blank it generates an error, and if there is blank field on csv file it does not replace existing data in the attribute.

Import-Module ActiveDirectory
$users = Import-Csv -Path "C:\sdk\employees to update.csv"

#####Udating givenName
foreach ($user in $users) {
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties givenName -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | 
    Set-ADUser -replace @{"givenName" = "$($user.Emp_First_Name)" }
}

#####Udating sn
foreach ($user in $users) {
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties sn -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | 
    Set-ADUser -replace @{"sn" = "$($user.Emp_Last_Name)" }
}

#####Udating FAKEcompanyEmployeeNumber
foreach ($user in $users) {
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties FAKEcompanyEmployeeNumber -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | 
    Set-ADUser -replace @{"FAKEcompanyEmployeeNumber" = "$($user.Employee)" }
}

#####Udating middleName
foreach ($user in $users) {
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties middleName -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | 
    Set-ADUser -replace @{"middleName" = "$($user.Middle_Name)" }
}

2 answers

solution1
 0  2022-10-06 15:07:29

#The where filter on $_.[propertyname] filters objects out where the specified properties are empty 
$users = Import-Csv -Path "C:\sdk\employees to update.csv" | ?{$_.employee -and $_.Emp_First_Name -and $_.Middle_Name}

#As Santiago mentioned you can do it in one step
foreach ($user in $users){
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties givenName -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | set-aduser -replace @{givenName=$user.Emp_First_Name;sn=$user.Emp_Last_Name;FAKEcompanyEmployeeNumber=$user.Employee;middleName=$user.Middle_Name}
}

#################

#If you want to process also objects with partital information you can do
$users = Import-Csv -Path "C:\sdk\employees to update.csv"
foreach ($user in $users){
    $Replace = @{}
    If ($user.Emp_First_Name){
        $replace.add('givenName',$user.Emp_First_Name)
    }
    If ($user.Emp_Last_Name){
        $replace.add('sn',$user.Emp_Last_Name)
    }
    If ($user.Employee){
        $replace.add('FAKEcompanyEmployeeNumber',$user.Employee)
    }
    If ($user.middle_name){
        $replace.add('middleName',$user.middle_name)
    }
    Get-ADUser -Filter "FAKEcompanyEmployeeNumber -eq '$($user.EMPLOYEE)'" -Properties givenName -SearchBase "OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca" | set-aduser -replace $replace
}

solution2
 0  2022-10-06 15:07:53

You can set multiple replacement values for user attributes as shown in the Set-ADUser documentation in Example 3 .

String.IsNullOrWhiteSpace can help you check if the value for the column is empty in your Csv.

Hopefully the inline comments can help you understand the logic.

$properties = @{
    givenName  = 'Emp_First_Name'
    sn         = 'Emp_Last_Name'
    middleName = 'Middle_Name'
    FAKEcompanyEmployeeNumber = 'Employee'
}

Import-Csv -Path "C:\sdk\employees to update.csv" | ForEach-Object {
    $params = @{
        Filter     = "FAKEcompanyEmployeeNumber -eq '{0}'" -f $_.EMPLOYEE
        SearchBase = 'OU=Staff Win10,dc=FAKEcompany,dc=on,dc=ca'
    }
    # if we can find the user in AD,
    # check which properties need to be updated for this user
    if($adUser = Get-ADUser @params) {
        # replace hashtable for splatting latter
        $replace = @{ Replace = @{} }
        foreach($property in $properties.GetEnumerator()) {
            $value = $_.($property.Value)
            # if this Value is empty in the Csv
            if([string]::IsNullOrWhiteSpace($value)) {
                # skip it, go next
                continue
            }
            # here we assume the Value in the CSV is populated,
            # add it to the replacement hash
            $replace['Replace'][$property.Key] = $value
        }

        # check one last time if the replacement hash is populated
        if($replace.Values.Keys.Count) {
            # if it is, we can go ahead and set values for the AD User
            $adUser | Set-ADUser @replace
        }
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PowerShell - Error Changing AD Attributes PowerShell export AD users not in specific group + attributes Powershell AD-Object DistinguishedName attributes Importing AD attributes from CSV using powershell Modify attributes in AD via PowerShell (no Quest) Updating Child Nodes and their attributes information - Powershell Powershell help updating Active Directory attributes Powershell Script for Creating a Rule to Send LDAP Attributes as Claims on AD FS How to export Extension Attributes from Azure AD to csv using Powershell Sorting of multiple AD-object attributes via Powershell
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM