none
how to trace a loop (or is there a limit?) RRS feed

  • Question

  • i have an Excel CSV file that contains 4800 rows of users needing updates in AD. i have this below script (taken from the Internets) that's supposed to do that:

    Import-CSV 'D:\Documents\My Excel\AddressBook Updates\EMP_Outlook_address_updat_24Nov2016.csv' | foreach-object {
      if (Get-ADuser $_.ID) {
    
        Set-ADuser -Identity $_.ID -Replace @{givenName=$_.fname;sn=$_.lname;company=$_.comp;title=$_.title;department=$_.func;physicalDeliveryOfficeName=$_.dept;msExchExtensionAttribute1=$_.address;msExchExtensionAttribute2=$_.city;msExchExtensionAttribute4=$_.zip;msExchExtensionAttribute5=$_.phone;msExchExtensionAttribute3=$_.loc}
    
      }
    }

    however, i found that it is not doing it completely like there are users still having outdated information in their titles. the script works (the set-aduser line) if i ran it manually for each user so i don't think something wrong with the script.

    could there be some limit in the loop? like if the script cannot find an AD user, it throws an error but i would assume it should continue to the next line of the CSV file.

    Tuesday, November 29, 2016 1:04 PM

Answers

  • Yes, it would skip the entire row, as the Set-ADUser statement attempts to update all of the fields for the user in the row.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Reno Mardo Tuesday, November 29, 2016 2:04 PM
    Tuesday, November 29, 2016 1:57 PM
    Moderator

All replies

  • Import-CSV 'D:\User.csv' | foreach-object {
    Get-ADuser -Identity $_.ID
    }

    Check if you are getting any output using the above command.

    Also Set-ADUser Cmdlet has GivenName, Company, Title & Department parameter
    Ex
    Set-ADUser VincentK -GivenName Vincent -Company ASG -Title SystemAdmin -Department IT

    https://technet.microsoft.com/en-us/library/ee617215.aspx

    Tuesday, November 29, 2016 1:13 PM
  • What is ID

    Get-ADUser -Identity Parameter accepts:
    Distinguished Name 
    GUID (objectGUID) 
    Security Identifier (objectSid)
    SAM account name (sAMAccountName)

    Read about Identity parameter

    https://technet.microsoft.com/en-us/library/ee617241.aspx

    Tuesday, November 29, 2016 1:15 PM
  • i do get output. with some errors due to some IDs does not exist in AD.
    Tuesday, November 29, 2016 1:21 PM
  • ID is my column name. i'm reading a CSV file.
    Tuesday, November 29, 2016 1:21 PM
  • ID contains SamAccountName. we use 5 digit numbers for it.
    Tuesday, November 29, 2016 1:26 PM
  • All of the AD attribute names in your script are good. You can use PowerShell property names, but it is not necessary.

    Are any of the fields in the csv file blank/missing? If so, that will raise errors, as you cannot assign missing/blank/null values to AD attributes.

    As long as the field names in the csv file are correct, and there are no missing values, the script should work. There certainly is no limit to the number of loops allowed.

    If there are missing values, either the script should be designed to not update the corresponding attribute, or the -Clear parameter of Set-ADUser should be used to clear the attribute. It depends on your intent. This makes the script more complicated, as you would need to check each field in the csv that could be blank, but the script them becomes more robust.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, November 29, 2016 1:40 PM
    Moderator
  • well, yes, i have some fields in the CSV that are intentionally left blank.

    you mentioned it'll produce an error and i do get errors not a big deal. but would the script continue until the end of the CSV file even with this errors?

    or it would entirely skip the row because there is an empty field? i think this is what it does.

    Tuesday, November 29, 2016 1:48 PM
  • Yes, it would skip the entire row, as the Set-ADUser statement attempts to update all of the fields for the user in the row.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Reno Mardo Tuesday, November 29, 2016 2:04 PM
    Tuesday, November 29, 2016 1:57 PM
    Moderator
  • well, back  to the drawing board.

    thanks for the replies.

    Tuesday, November 29, 2016 2:03 PM
  • Here is a short untested example demonstrating how I would approach this. For each user this only updates the attributes where the field is not missing, and only if the value in the CSV differs from the existing value in AD:

    $Users = Import-Csv .\UpdateUsers.csv
    
    Import-Module ActiveDirectory
    
    # Enumerate the users, one line at a time.
    # This assumes the first line is a header line defining the fields.
    # In this example, the fields are ID, title, division, physicalDeliveryOfficeName (in any order).
    ForEach ($User In $Users)
    {
        # Retrieve values from the CSV.
        $Title = $User.title
        $Division = $User.division
        $OfficeName = $User.physicalDeliveryOfficeName
        $ID = $User.ID
    
        # Retrieve existing values of attributes for this user.
        $ADUser = Get-ADUser -Identity $ID -Properties title, division, physicalDeliveryOfficeName
        # Make sure the user is found in AD.
        If ($ADUser)
        {
            # Has table of the attributes to update for this user.
            $Prop = @{}
    
            # Only update each attribute if it differs from the existing value and is not missing.
            If (($Title) -And ($Title -ne $ADUser.title))
            {
                $Prop.Add("title",$Title)
            }
            If (($Division) -And ($Divison -ne $ADUser.division))
            {
                $Prop.Add("division",$Division)
            }
            If (($OfficeName) -And ($OfficeName -ne $ADUser.physicalDeliveryOfficeName))
            {
                $Prop.Add("physicalDeliveryOfficename",$OfficeName)
            }
    
            # Only update if there is at least one attribute to update.        
            If ($Prop.Count -ge 1)
            {
                # Use the Set-ADUser cmdlet to assign the new attribute values.
                Set-ADUser -Identity $ID -Replace $Prop
            }
        }
        Else {"User with ID $ID either not found."}
    }
    

    This assumes that a missing field in the CSV should be skipped. If instead your intent is to make the corresponding AD attribute missing, then you would code an additional hash table to be passed to the -Clear parameter of Set-ADUser to clear the attribute if the field in the CSV is blank. This is a lot more code, but the result is more robust. Test my example on a small group of users, as I cannot find similar code at the moment that I have actually used.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, November 29, 2016 2:43 PM
    Moderator