1
votes

I'm currently working on some PowerShell to update Active Directory User Attributes. The script will read the updated attributes from a CSV.

What I would like to achieve is to iterate through users and compare each user attribute against the value stored in the CSV. If the CSV attribute value doesn’t match the user's Active Directory attribute I would like to update the value in Active Directory

At present I can select a user and display the all the properties using the following:

Get-ADUser -Filter "UserPrincipalName -eq '$($upn)'" -Properties * -SearchBase 'DC=core,DC=com' 

What I'm struggling on is the ability to loop through all the properties for each user and compare them against the CSV values for that user.

Here is the snippet I'm working from:

# Import CSV into variable $users
$users = Import-Csv -Path 'C:\PowerShell\AD\UserUpdates.csv'

# Loop through each user
foreach ($user in $users) {

#Search in specified OU and Update existing attributes
$userproperties = Get-ADUser -Filter "UserPrincipalName -eq '$($user.UserPrincpalName)'" -Properties * -SearchBase 'DC=core,DC=com' 

}

Does anyone know a way of looping through all the user profile attributes for a user?

Any help or guidance would be greatly appreciated?

UPDATE

Ok working on this a bit further, I have made progress but I don't think it's the cleanest way of accomplishing this.

 $userproperties = Get-ADUser -Filter "UserPrincipalName -eq '$($upn)'" -Properties * -SearchBase 'DC=core,DC=com' | Select-Object Name,Created, LastLogon,GivenName,SurName,DisplayName,DistinguishedName,UserPrincipleName

This allows me to select items such as the following:

$userproperties.DisplayName

But with this approach I need to list out every attribute I wish to work with. I would prefer to be able to loop across all properties. Maybe I can put all the properties I wish to utulise into an array and loop through that?

3

3 Answers

0
votes

this is a way to cycle into the properties of an object (an AD user in this case):

$user = Get-ADUser -Filter "UserPrincipalName -eq '$($user.UserPrincpalName)'" -Properties * -SearchBase 'DC=core,DC=com'

$user | gm | ? membertype -eq property | select -expa name | % { $user.$_ }

in the foreach-object (%) you can add the logic you need to update some proeprty

0
votes

It's not too hard to loop through all the properties of one entry in the CSV file. The trick is to transform the hashtable you get from looping through the imported csv data into a PS object, as follows:

# Import CSV into variable $users
$users = Import-Csv -Path 'C:\PowerShell\AD\UserUpdates.csv'

# Loop through each user
foreach ($user in $users) {

#Obtain attributes from corresponding ADuser.
$userproperties = Get-ADUser -Filter '
   "UserPrincipalName -eq '$($user.UserPrincpalName)'" `
   -Properties * -SearchBase 'DC=core,DC=com' 



#Search in specified OU and Update existing attributes

   foreach ($prop in $user.psobject.properties) {
      Set-variable -name $prop.name -value $prop.value
# Instead of doing a set-variable, you could set the corresponding attribute
# in the appropriate AD.
      }


}
0
votes

Set-ADUser has a -Replace parameter that accepts a hash table of properties and values that you can use to update multiple properties at once. Rather than looping through each property for each user, you can just build that hash table and then do a single update operation. You can make it a little more efficient by just returning the AD User properties you're checking from your CSV. That list of properties can be had by simply getting a property list from the first object in the collection created from your imported CSV file.

# Import CSV into variable $users
$CSVusers = Import-Csv -Path 'C:\PowerShell\AD\UserUpdates.csv'

#Get the list of properties to check
$Properties = $CSVusers[0].psobject.properties.name

# Loop through each user
foreach ($CSVuser in $CSVusers) {

$UpdateProperties = @{}

#Search in specified OU and Update existing attributes
$ADUser = Get-ADUser -Filter "UserPrincipalName -eq '$($CSVuser.UserPrincpalName)'" -Properties $Properties -SearchBase 'DC=core,DC=com' 

#Create a hash table of properties that need updated
  Foreach ($Property in $Properties)
   { 
     if ($CSVUser.$Property -ne $ADUser.$Property)
       { $UpdateProperties[$Property] = $CSVuser.$Property }
   }

 #Update user

 if ( $UpdateProperties.Count -gt 0 )
   { Set-ADUser $ADUser.DistinguishedName -Replace $UpdateProperties }

}