从CSV更新AD用户,然后仅列出更改

yshpjwxd  于 2023-10-13  发布在  其他
关注(0)|答案(1)|浏览(88)

我们有一个HR系统,它将所有用户数据导出到带有各种标题的CSV。我想导入此CSV,更新AD用户,然后只列出所做的更改,忽略任何保持不变的属性。
CSV是这样的:

Employee Id: 1000
First Name: Joe
Last Name: Bloggs
Known As: Joseph
Work Email:  [[email protected]](https://stackoverflow.com/cdn-cgi/l/email-protection) 
Company: Some Company Limited
Location: UK
Department: Some Department
Job Role: Some Job Role
Manager Email:  [[email protected]](https://stackoverflow.com/cdn-cgi/l/email-protection)

我相信我需要将csv头与AD属性名称相匹配,并且我想使用csv中的Work Email值作为我的引用属性(我假设是AD中的userPrincipalName)。
理想情况下,输出的格式应该是按userPrincipalName沿着列出更新的用户,只列出更新的属性。未更改的属性应不显示任何内容。
例如,如果只更改了Job Role,则会显示以下内容:

我希望这是有意义的,任何帮助都将不胜感激。
我试着使用它,但它只是更新所有值。我也试过使用Compare-Object,但没有成功。

#Import active directory module for running AD cmdlets
Import-Module ActiveDirectory

#Log file details
$currentDate = Get-Date -Format "dd-MM-yyyy_HH-mm-ss"
$Logfile = "C:\logs\$currentDate.log"
function WriteLog
{
Param ([string]$LogString)
$Stamp = (Get-Date).toString("dd/MM/yyyy HH:mm:ss")
$LogMessage = "$Stamp $LogString"
Add-content $LogFile -value $LogMessage
}

#Store the data from the csv in the $ADUsers variable
$ADUsers = Import-Csv -Path "C:\csv\users.csv"

#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers) {

  ### Organisation ###
      $Email                      = $User.'Work Email'
      $Title                      = $User.'Job Role'
      $EmployeeID                 = $User.'Employee Id'
      $ManagerEmail               = $User.'Manager Email'
      $Manager                    = if ($ManagerEmail) {
         Get-ADUSer -Filter "UserPrincipalName -eq '$ManagerEmail'" -Properties UserPrincipalName | 
         Select-Object -ExpandProperty DistinguishedName
      }

  # Check to see if the user already exists in AD
  # Write-Output "Checking user account for '$Email'"
 Try{
    If ($u = Get-ADUser -Filter {UserPrincipalName -eq $Email} -SearchBase "OU=UsersAirspan,DC=airspan,DC=com" -ErrorAction Stop) {
            #User does exist then proceed to update the user account
            Try{
                $u | Set-ADUser -title $Title -employeeID $EmployeeID -manager $Manager -ErrorAction Stop
                WriteLog "Updated title '$Title' and Employee ID '$EmployeeID' and Manager '$ManagerEmail' for '$Email'"
            }
            Catch{
                WriteLog "Error Updating account details for '$Email'"
                WriteLog $_.Exception.Message
                Continue
            }
        }
    }
    Catch{
        #If user does NOT exist, give a warning
        WriteLog "WARNING: A user account with username '$Email' does not exist in Active Directory."
        WriteLog $_.Exception.Message
        Continue
    }
}
csv

1条答案

按热度按时间
z9smfwbn

z9smfwbn1#

您可以使用Get-ADReplicationAttributeMetadata获取更改
https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-adreplicationattributemetadata?view=windowsserver2022-ps
这里有一个简短的例子:

$dt = (Get-Date).AddHours(-8)
$server = Get-ADDomainController
$changes = Get-ADReplicationAttributeMetadata -Server $server -Object $u | Where { $_.LastOriginatingChangeTime -gt $dt } | Select AttributeName, AttributeValue
赞(0)分享  回复(0)举报  2023-10-13
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com