我正试图整理大量的AD用户,为此,我创建了另一个脚本来集中某些工作的源代码。该脚本提示用户输入其EmployeeID,并将其和其他一些AD信息放入ExterntionAttrib4中。
a999:adminhearsj:Jason:Hearse
此脚本将成为应该执行的计划任务。
检查ExterntionAttrib4是否存在并且EmployeeID为空,然后检查包含HR信息的CSV文件。
Firstname,Lastname,EmployeeID, jason,HEARSE,A999 fred,blogs,999
如果用户EMployeeId与HR EmployeeID和名称检查(将在以后添加)匹配,则写入AD EmployeeID。
如果用户EmployeeID与HR中的条目不匹配,请删除ExterntionAttrib4,然后将再次提示他们输入详细信息,以便下次登录。
问题在于,当我在编写AD EmployeeID之后运行此脚本时,它仍然会删除ExterntionAttrib4。
有很多Write-Host,因为我一直试图深入了解这一点,我认为这是因为在foreach Get-ADUser期间,我正在经历HR中的每个条目。 CSV文件。
我尝试了各种不同的方式来调用if逻辑,并且我知道语句可能会更短,但我将其扩展以帮助我了解正在发生的事情。
# Import-module activedirectory
cls
# temp search base
$SearchBase = 'OU=Admin-account,DC=corp,DC=internal'
$searchproperties = ("sAMAccountName","UserPrincipalName","Enabled","sn","givenName","Initials","CN","DistinguishedName","EmployeeID","EmployeeNumber","Title","info","Company","Department","Office","Country","City","co","countryCode","Description","EmailAddress","msDS-User-Account-Control-Computed","st","State","StreetAddress","PostalCode","codePage","extensionAttribute1","extensionAttribute2","extensionAttribute3","extensionAttribute4","extensionAttribute5","extensionAttribute6","extensionAttribute7","extensionAttribute8","extensionAttribute9","extensionAttribute10","extensionAttribute11","extensionAttribute12","extensionAttribute13","extensionAttribute14","extensionAttribute15","Fax","PasswordNeverExpires")#,$hash_lastLogonTimestamp,$hash_pwdLastSet)
$SAM = ""
$logfolder = "C:\Users\adminhearsj\Documents\Scripts\users\Attrib search\logs"
$a = 1;
$b = 1;
$failedUsers = @()
$userEMPwrong = @()
$successUsers = @()
$VerbosePreference = "Continue"
# remove or change searchbase
# AD Search
$ADusers = Get-ADUser -SearchBase $searchbase -Filter {(extensionAttribute4 -like '*') -and (Employeeid -notlike '*')} -Properties * |
select $searchproperties
foreach ($ADuser in $ADusers) {
# $ADusers
$attrib = $ADuser.extensionAttribute4
$ADgivenName = $ADuser.givenName
$ADsn = $ADuser.sn
$ADEmpID = $ADusers.EmployeeID
$SAM = $ADusers.sAMAccountName
$delimEMP = ($attrib -split ':')[0]
$delimSAM = ($attrib -split ':')[1]
$delimGivenName = ($attrib -split ':')[2]
$delimSN = ($attrib -split ':')[3]
Write-Host ATTR4 $attrib
Write-Host USER Emp $delimEMP ADsam $delimSAM $delimGivenname $delimSN
# HR file
$HRUsers = Import-Csv -Path "C:\Users\adminhearsj\Documents\Scripts\users\Attrib Search\HR.csv"
foreach ($HRUser in $HRUsers) {
$HRUser.FirstName = $HRUser.FirstName.Substring(0, 1).ToUpper() + $HRUser.FirstName.Substring(1).ToLower()
$HRUser.LastName = $HRUser.LastName.Substring(0, 1).ToUpper() + $HRUser.LastName.Substring(1).ToLower()
$FullName = $HRUser.FirstName + " " + $HRUser.LastName
$Displayname = $HRUser.Lastname + ", " + $HRUser.Firstname
$dnsroot = '@' + (Get-ADDomain).dnsroot
$HRUserFirstname = $HRUser.Firstname
$HRUserLastname = $HRUser.Lastname
$HREmp = $HRuser.EmployeeID
# -pattern " $delimEMP'$"
Write-Host USER Emp $delimEMP HR Emp $HREmp ADsn $ADsn HR LN $HRUserLastname
try {
if ($delimEMP -eq $HREmp) { #-and $ADEmpID -ne '*') #$ADsn -eq $HRUserLastname)
Write-Host Delim Emp $delimEMP EQ $HREmp
if ($ADEmpID -ne "*") {
Set-ADUser -Identity $sam -Replace @{employeeID=$HREmp}
$successUsers += $Displayname
Write-Host 1ST IF and AD Emp NULL $ADEmpID
Break
}
Write-Host MATCH Name 1st IF is USR Emp $delimEMP HR Emp $HREmp written $HREmp
} else {
if ($delimEMP -ne $HREmp) { #-and $ADsn -eq $HRUserLastname -and $EmpID -eq '')
if ($delimSAM -eq $sam) {
Set-ADUser -Identity $sam -Clear "extensionAttribute4"
$failedUsers += $Displayname
Write-Host Name ELSE is USR Emp $delimEMP HR Emp $HREmp AD sm $ADsn HR sn $HRUserLastname AD emp $ADEmpID
}
}
}
} catch {
Write-Warning "[ERROR]Can't create user [$($FullName)] : $_"
$failedUsers += $FullName
}
}
}
if (!(Test-Path $LogFolder)) {
Write-Verbose "Folder [$($LogFolder)] does not exist, creating"
New-Item $LogFolder -Force
}
Write-verbose "Writing logs"
$failedUsers | ForEach-Object { "$($b).) $($_)"; $b++ } | Out-File -FilePath $LogFolder\FailedUsers.log -Force -Verbose
$successUsers | ForEach-Object { "$($a).) $($_)"; $a++ } | Out-File -FilePath $LogFolder\successUsers.log -Force -Verbose
Write-Host Finished