none
Update AD From CSV by Attribute Value "Exclude OU?" RRS feed

  • Question

  • I was lucky enough to have a question answered here a few weeks ago so I am going to the well one more time....

    I have this script that updates fields in AD from a CSV, and works fine.  But now I need to exclude a OU within AD, or could even get away with specifying a OU to run it against. 

    This is the script that was I was provided:

        

    Import-Csv .\employeeList.csv | ForEach {

        $user = Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'"

        Set-ADUser -Identity $user -OfficePhone $_.PhoneNumber

    }

    I believe I can use .DistinguishedName -like "OU=ouname, DC=DomainName, DC=org"  or some variation.  I am having a hard time understanding how to combine everything to get it to work correctly.

    Thanks in advance!

    Thursday, November 6, 2014 6:41 PM

Answers

  • I just tested this on my system, and if Get-ADUser only returns one object, it doesn't have the synthetic count property, so 

    ($user.Count -eq 1)

    is always going to test $false.

    See if this works better:

    Import-Csv "C:\install\ADUpdate\ADUpdateTest.csv" | 
        ForEach-Object{
        if($user = @(Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'")){
            if ($user.Count -eq 1){
                If ($user.DistinguishedName -notlike '*,OU=Disabled PCs and Users,*'){
                    $user | Set-ADUser -title $_.title 
                }
            }else{
                Write-Host 'Too many employees found' -ForegroundColor red
            }
        }else{
            Write-Host 'Employee number not found!' -ForegroundColor red
        }
    }


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "


    Friday, November 7, 2014 7:42 PM
    Moderator

All replies

  • Hi,

    Here's an adjustment of the earlier script:

    Import-Csv .\employeeList.csv | ForEach {
    
        $user = Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'"
    
        If ($user.DistinguishedName -notlike '*,OU=Your Excluded OU,*') {
        
            Set-ADUser -Identity $user -OfficePhone $_.PhoneNumber -WhatIf
    
        }
    
    }


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Thursday, November 6, 2014 7:07 PM
  • Thanks Mike-

    I am also trying to correct other fields and running into this error.  Is there a different method that needs to be used?  It actually seems to update the field correctly.

    Set-ADUser : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADUser' required by parameter 'Identity'. Specified method

    is not supported.

    At line:7 char:30

    + Set-ADUser -Identity $user -title $_.title -WhatIf

    + ~~~~~

    + CategoryInfo : InvalidArgument: (:) [Set-ADUser], ParameterBindingException

    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.SetADUser

    Thursday, November 6, 2014 8:12 PM
  • Import-Csv .\employeeList.csv | 
        ForEach-Object{
        if($user = Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'"){
            if ($user.Count -eq 1){
                If ($user.DistinguishedName -notlike '*,OU=Your Excluded OU,*'){
                    $user | Set-ADUser  -OfficePhone $_.PhoneNumber -WhatIf
                }
            }else{
                Write-Host 'Too many employees found' -ForegroundColor red
            }
        }else{
            Write-Host 'Employee number not found!' -ForegroundColor red
        }
    }
    


    ¯\_(ツ)_/¯

    Thursday, November 6, 2014 11:22 PM
  • Thanks, Still a no-go though.

    Now I get the message below for each employee number in my CSV.   I am testing on two real accounts and the last one was a bogus employee number I just threw in for testing. Still does not update the fields I specify.

    This is the actual script as I am running it:

    Import-Csv "C:\install\ADUpdate\ADUpdateTest.csv" | 
        ForEach-Object{
        if($user = Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'"){
            if ($user.Count -eq 1){
                If ($user.DistinguishedName -notlike '*,OU=Disabled PCs and Users,*'){
                    $user | Set-ADUser -title $_.title 
                }
            }else{
                Write-Host 'Too many employees found' -ForegroundColor red
            }
        }else{
            Write-Host 'Employee number not found!' -ForegroundColor red
        }
    }
    And the message I am recieving on the 3 employee numbers.

    Too many employees found

    Too many employees found

    Employee number not found!

    Friday, November 7, 2014 12:56 PM
  • Well in all my days at McGuire AFB I never saw such a thing.  I does look like you have employees with the same number.  Try taking one number and doing it manually to see what you get.

     Get-ADUser -Filter "EmployeeNumber -eq '$enum"

    See what that returns.


    ¯\_(ツ)_/¯

    Friday, November 7, 2014 5:40 PM
  • Same result- only one return as expected.  I retired at Dover AFB, not too far south from McGuire.

    I think I can just work around the issue, just wanted to understand why this thing isn't working.

    Too many employees found

    Friday, November 7, 2014 7:23 PM
  • Some of those employee number have to be duplicated.  try this:
    Import-Csv "C:\install\ADUpdate\ADUpdateTest.csv" | 
        ForEach-Object{
        if($user = Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'"){
            if ($user.Count -eq 1){
                If ($user.DistinguishedName -notlike '*,OU=Disabled PCs and Users,*'){
                    $user | Set-ADUser -title $_.title 
                }
            }else{
                
                Write-Host "Too many employees found for $($_.EmployeeNumber)" -ForegroundColor red
                $user|%{ Write-Host "`tDN$($_.DistinguishedName)" -Fore green }
            }
        } else {
            Write-Host "Employee number not found:$($_.EmployeeNumber)" -ForegroundColor red
        }
    }


    ¯\_(ツ)_/¯

    Friday, November 7, 2014 7:35 PM
  • I just tested this on my system, and if Get-ADUser only returns one object, it doesn't have the synthetic count property, so 

    ($user.Count -eq 1)

    is always going to test $false.

    See if this works better:

    Import-Csv "C:\install\ADUpdate\ADUpdateTest.csv" | 
        ForEach-Object{
        if($user = @(Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'")){
            if ($user.Count -eq 1){
                If ($user.DistinguishedName -notlike '*,OU=Disabled PCs and Users,*'){
                    $user | Set-ADUser -title $_.title 
                }
            }else{
                Write-Host 'Too many employees found' -ForegroundColor red
            }
        }else{
            Write-Host 'Employee number not found!' -ForegroundColor red
        }
    }


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "


    Friday, November 7, 2014 7:42 PM
    Moderator
  • Right - I forgot that we need to wrap it.

    It is either null, zero one or more.

    This:

        if($user=@(Get-ADUser -Filter "EmployeeNumber -eq '$($_.EmployeeNumber)'")){

    Thanks for spotting that  Ron.


    ¯\_(ツ)_/¯

    Friday, November 7, 2014 7:46 PM
  • Okay, looks like everything is working.  Now I just have to digest everthing to understand it fully. 

    Thanks everyone for the help!

    Friday, November 7, 2014 9:02 PM