locked
Need help with condition statement Bulk csv import users RRS feed

  • Question

  • Hello All,

    Thanks for any help on this.  I now have a CSV file that I use to import bulk users into AD.  Which works fine until I added a condition to check to see if the user accounts already exist with in the TRY{}.

    I wanted to check to see if the condition to check if the new users are already in AD or not before it created the new accounts.  So my test was to delete a user (I am still in testing mode) and try to add a user that is already there and add the user that I just deleted.  It told me that the one user was already there which is correct but for the user I just deleted and tried to recreate again it stated

    Cannot find an object with identity: 'jdoe' under: 'DC=Testing,DC=com'

    Which this is true, but it did not recreate them.

    Here is the final code I have from above with the splat.  I need it to add the users if they are not in Ad already.

    Thanks!!!

    Import-Module ActiveDirectory
    
    $userList=Import-Csv .\test-import-w-pwd-224.csv
    foreach($p in $userList){
        
        $splat=@{
          Path='OU=Substitutes,OU=AuxServices,OU=Staff,DC=Testing,DC=com'
    
         #  Path="$($p.newou),OU=Teachers,OU=Staff,DC=Testing,DC=com"
            Name=$p.cn
            SamAccountName=$p.samaccountname
            UserPrincipalName="$($p.samaccountname)@Testing.com"
            GivenName=$p.givenName 
            Surname=$p.sn 
            Initials=$p.initials 
            Description=$p.description
            Department=$p.department 
            DisplayName=$p.cn
            EmployeeID=$p.employeeID
            EmployeeNumber=$p.employeeNumber
            OtherAttributes=@{EmployeeType=$p.employeeType}
            AccountPassword=ConvertTo-SecureString -AsPlainText $p.userpassword -Force
         #  PasswordNeverExpires=$true
            }
    
    
        Try{
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAccountName -ea 0){
               Write-Host "User aleardy exists!" -ForegroundColor green
    	}else{
                $user=New-ADUser @splat -ea Stop
    	   }
            
           $user=New-ADUser @splat -ea Stop
      
            Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
            Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop 
          
    	}
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
    	}
    
    }

    Friday, December 6, 2013 7:11 PM

Answers

  • "Orange"  there is no orange.  It is either green or read onwhit unless you have altered the CLI settings and colors.

    There are apparently issues with how AD CmdLets trap that differs slightly fromverion to version.  This should work correctly on nay versin.

    Import-Module ActiveDirectory
    
    $userList=Import-Csv .\test-import-w-pwd-224.csv
    
    foreach($p in $userList){
        
        $splat=@{
            Path='OU=Substitutes,OU=AuxServices,OU=Staff,DC=Testing,DC=com'
            Name=$p.cn
            SamAccountName=$p.samaccountname
            UserPrincipalName="$($p.samaccountname)@Testing.com"
            GivenName=$p.givenName 
            Surname=$p.sn 
            Initials=$p.initials 
            Description=$p.description
            Department=$p.department 
            DisplayName=$p.cn
            EmployeeID=$p.employeeID
            EmployeeNumber=$p.employeeNumber
            OtherAttributes=@{EmployeeType=$p.employeeType}
            AccountPassword=ConvertTo-SecureString -AsPlainText $p.userpassword -Force
        }
    
    
        Try{
            
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser -LdapFilter "(samaccountname=$($splat.SamAccountName))"){
                Write-Host "User aleardy exists!" -ForegroundColor green
            }else{
                $user=New-ADUser @splat -ea Stop
                Write-Host "New user added: $($splat.SamAccountName)" -ForegroundColor green
            }
            
            Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
            Write-Host 'User added to group' -ForegroundColor green
            Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop
            Write-Host 'Account enabled' -ForegroundColor green
          
        }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
        }
    
    }


    ¯\_(ツ)_/¯

    • Marked as answer by bigdog704 Monday, December 9, 2013 4:48 PM
    Monday, December 9, 2013 4:36 PM

All replies

  • Why would you delete a user to test if they are already in AD?

    I don't understand the logic.  Just search for the user.

    If(Get-AdUser <username> -ea 0){ 'user exists'}else{'user not found'}


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 7:43 PM
  • You altered the original code.  Why?  It already does what you say you want.


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 7:44 PM
  • It worked but once we added the condition to check if they already exist it did not work right.

    If the user already existed then it updated,

    IF the user was not in AD it just stated:  Cannot find an object with identity: 'jdoe' under: 'DC=Testing,DC=com'.

    and it did not add them.  That is why I need help to correct this.  Yes the code before this just added users and not check to see if they existed.

    Friday, December 6, 2013 8:43 PM
  • I have no idea what you are asking. The code I posted worked correctly.  It either added a user or updated the user.

    You just copied one line of that code and put it outside of the filter.  That won't work.


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 8:50 PM
  • When I ran this code which was the orginal code.  I got this:

    The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any
    of the parameters that take pipeline input.

        Try{
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAccountName -ea 0){
               Write-Host "User aleardy exists!" -ForegroundColor green
    	}else{
                $user=New-ADUser @splat -ea Stop
    	   }
            
              $user | Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
             $user | Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop 
    
     }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
    	}
    
    }

    Friday, December 6, 2013 9:36 PM
  • Why are you using the displayname.  You need either SamAccountName, CNm UPN or distinguishedName to get a user.


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 9:50 PM
  • This is the original

    Import-Module ActiveDirectory
    
    $userList=Import-Csv c:\testing\test-import-w-pwd-224.csv
    foreach($p in $userList){
        
        $splat=@{
            Path='OU=Substitutes,OU=AuxServices,OU=Staff,OU=testing,DC=com'
            Name=$p.cn
            SamAccountName=$p.samaccountname
            UserPrincipleName="$($p.samaccountname)@testing.com"
            GivenName=$p.givenName 
            Surname=$p.sn 
            Initials=$p.initials 
            Description=$p.description
            Department=$p.department 
            DisplayName=$p.cn
            EmployeeId=$p.employeeID
            EmployeeNumber=$p.employeeNumber
            EmployeeType=$p.employeeType
            NewPassword=ConvertTo-SecureString -AsPlainText $p.Password -Force
    	}
    
        Try{
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            $user=New-ADUser @splat -ea Stop
            $user | Add-ADPrincipalGroupMembership -MemberOf GcipaStaffFilter -ea Stop
            $user | Enable-ADAccount -ea Stop -PassThru
    	}
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
    	}
    
    }
    
    


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 9:54 PM
  • Here is the version you marked as an answer:

      Try{
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAcountName -ea 0){
                Write-Host "`tUser already exists" -ForegroundColor green
    	}else{
                $user=New-ADUser @splat -ea Stop
    	}
            $user | Add-ADPrincipalGroupMembership -MemberOf GcipaStaffFilter -ea Stop
            $user | Enable-ADAccount -ea Stop -PassThru
    	}
        
        Catch{
            #Write-Host $_ -ForegroundColor red -BackgroundColor White
            $_
    	}


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 9:58 PM
  • When I ran this code which was the orginal code.  I got this:

    The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any
    of the parameters that take pipeline input.

        Try{
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAccountName -ea 0){
               Write-Host "User aleardy exists!" -ForegroundColor green
    	}else{
                $user=New-ADUser @splat -ea Stop
    	   }
            
              $user | Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
             $user | Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop 
    
     }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
    	}
    
    }

    I recommend running this again.  It works in muy tests.  I suspect you copied something wrong or that there is another issue.  Just adding an arbitrary line serves no purpose.


    ¯\_(ツ)_/¯

    Friday, December 6, 2013 9:59 PM
  • I have tried this code.  The If statement seems to only be looking to see if the user in Ad or not.  If it is not it does not add them.   It just states: Cannot find an object with identity: 'jdoe' under: 'DC=Testing,DC=com'.

    It like it is not picking up the the New-ADUser statement after else.

        Try{
            Write-Host "Begin user $($splat.SamAccountName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAccountName -ea 0){
               Write-Host "User aleardy exists!" -ForegroundColor green
    	}else{
                $user=New-ADUser @splat -ea Stop
    	         
             $user | Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
             $user | Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop 
    
           }
    }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
    	}
    
    }


    • Edited by bigdog704 Monday, December 9, 2013 2:31 PM
    Monday, December 9, 2013 2:30 PM
  • Yes it does.  If it did not add the user you would be getting an error.

    Try this variation.  YOu need to learn how to use PowerShell and AD to pursue this much further.  In POwerSHell we can add statements to test things.

    The following works but will probably not work if you make changes and do not sow them.  YOu are making arbitrary changes that cannot work.  If this does not work you wil lsee messages.  You need to pay attention to the messages.

    Import-Module ActiveDirectory
    
    $userList=Import-Csv .\test-import-w-pwd-224.csv
    
    foreach($p in $userList){
        
        $splat=@{
            Path='OU=Substitutes,OU=AuxServices,OU=Staff,DC=Testing,DC=com'
            Name=$p.cn
            SamAccountName=$p.samaccountname
            UserPrincipalName="$($p.samaccountname)@Testing.com"
            GivenName=$p.givenName 
            Surname=$p.sn 
            Initials=$p.initials 
            Description=$p.description
            Department=$p.department 
            DisplayName=$p.cn
            EmployeeID=$p.employeeID
            EmployeeNumber=$p.employeeNumber
            OtherAttributes=@{EmployeeType=$p.employeeType}
            AccountPassword=ConvertTo-SecureString -AsPlainText $p.userpassword -Force
        }
    
    
        Try{
            
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser $splat.SamAccountName -ea 0){
                Write-Host "User aleardy exists!" -ForegroundColor green
            }else{
                $user=New-ADUser @splat -ea Stop
                Write-Host "New user added: $($splat.SamAccountName)" -ForegroundColor green
            }
            
            Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
            Write-Host 'User added to group' -ForegroundColor green
            Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop
            Write-Host 'Account enabled' -ForegroundColor green
          
        }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
        }
    
    }
    Do not make any changes until you understand how the script works.


    ¯\_(ツ)_/¯

    Monday, December 9, 2013 3:57 PM
  • It looks like this code just checks to see if the users in the csv file are in ad or not.  The John Doe and Barbara E Doe were not added to AD.  David already existed which is true.

    I ran it this is what I got:

    Begin user John Doe
    Cannot find an object with identity: 'jdoe' under: 'DC=Testing,DC=com'.
    Begin user David L Doe
    User aleardy exists!
    WARNING: Could not add member(s) to ADGroup: 'CN=GcipaStaffFilter,OU=Staff,DC=Testing,DC=com'. Error is: 'The specified account name
     is already a member of the group'.
    Could not add member(s) to one or more ADGroup.
    Begin user Barbara E Doe
    Cannot find an object with identity: 'bedoe' under: 'DC=Testing,DC=com'.


    • Edited by bigdog704 Monday, December 9, 2013 4:13 PM
    Monday, December 9, 2013 4:12 PM
  • What color are the messages?


    ¯\_(ツ)_/¯

    Monday, December 9, 2013 4:18 PM
  • Green > Begin user John Doe
    Orange > Cannot find an object with identity: 'jdoe' under: 'DC=Testing,DC=com'.
    Green > Begin user David L Doe
    Green> User aleardy exists!
    Orange > WARNING: Could not add member(s) to ADGroup: 'CN=GcipaStaffFilter,OU=Staff,DC=Testing,DC=com'. Orange >Error is: 'The specified account name  is already a member of the group'.  Could not add member(s) to one or more ADGroup.
    Green > Begin user Barbara E Doe
    Orange > Cannot find an object with identity: 'bedoe' under: 'DC=Testing,DC=com'.
    • Edited by bigdog704 Monday, December 9, 2013 4:24 PM
    Monday, December 9, 2013 4:23 PM
  • "Orange"  there is no orange.  It is either green or read onwhit unless you have altered the CLI settings and colors.

    There are apparently issues with how AD CmdLets trap that differs slightly fromverion to version.  This should work correctly on nay versin.

    Import-Module ActiveDirectory
    
    $userList=Import-Csv .\test-import-w-pwd-224.csv
    
    foreach($p in $userList){
        
        $splat=@{
            Path='OU=Substitutes,OU=AuxServices,OU=Staff,DC=Testing,DC=com'
            Name=$p.cn
            SamAccountName=$p.samaccountname
            UserPrincipalName="$($p.samaccountname)@Testing.com"
            GivenName=$p.givenName 
            Surname=$p.sn 
            Initials=$p.initials 
            Description=$p.description
            Department=$p.department 
            DisplayName=$p.cn
            EmployeeID=$p.employeeID
            EmployeeNumber=$p.employeeNumber
            OtherAttributes=@{EmployeeType=$p.employeeType}
            AccountPassword=ConvertTo-SecureString -AsPlainText $p.userpassword -Force
        }
    
    
        Try{
            
            Write-Host "Begin user $($splat.DisplayName)" -ForegroundColor green
            if($user=Get-AdUser -LdapFilter "(samaccountname=$($splat.SamAccountName))"){
                Write-Host "User aleardy exists!" -ForegroundColor green
            }else{
                $user=New-ADUser @splat -ea Stop
                Write-Host "New user added: $($splat.SamAccountName)" -ForegroundColor green
            }
            
            Add-ADPrincipalGroupMembership -Identity $splat.SamAccountName -MemberOf GcipaStaffFilter -ea Stop
            Write-Host 'User added to group' -ForegroundColor green
            Enable-ADAccount -Identity $splat.SamAccountName -PassThru -ea Stop
            Write-Host 'Account enabled' -ForegroundColor green
          
        }
        
        Catch{
            Write-Host $_ -ForegroundColor red -BackgroundColor White
        }
    
    }


    ¯\_(ツ)_/¯

    • Marked as answer by bigdog704 Monday, December 9, 2013 4:48 PM
    Monday, December 9, 2013 4:36 PM
  • That did the trick thanks again.  You have helped me so much.
    Monday, December 9, 2013 4:48 PM