Import csv users and run powershell script

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
Reddrgn2
Posts: 45
Last visit: Thu Jul 01, 2021 5:07 am
Answers: 1

Import csv users and run powershell script

Post by Reddrgn2 »

Product, version and build: primalscript - v8.0.149
Operating system: win 10 enter v:21H1
PowerShell version(s): major 5 - minor 1 - build 19041 - revision 1023 also have 7.1.2

Trying to create a script that will import a list of users, from csv, then run the 'offboarding' script created. I have the 'offboarding' script working if you enter in one user at a time. Issue with that is there are over 200 that need 'offboarded' I don't really want to enter in one at a time.

Things I have tired:
attempt 1-
  1. $offboard = "E:\scripts\ad\offboardingNoSync.ps1"
  2. $offcvs = Import-Csv 'E:\scripts\UpdateADusers\bulk_off_board.csv'
  3.  
  4. ForEach-Object($user in $offcvs){$offboard($user.username)}
Attempt 2: this one I just kind of replaced the 'enter user(read-host)' with import-csv
*also tried to include $username before foreach-object ( $username | Foreach-object
  1. $username = Import-Csv 'E:\scripts\UpdateADusers\bulk_off_board.csv'
  2.  
  3. ForEach-Object{
  4. Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description | export-csv \\fileshare\users\Memberofexports\$username.csv
  5. Start-Sleep -Seconds 3
  6. Set-aduser -Identity $Username -Replace @{msExchHideFromAddressLists= $true}
  7. $users = (Get-ADUser $username -properties memberof).memberof
  8. $users | Remove-ADGroupMember -Members $username -Confirm:$false
  9. Start-Sleep -Seconds 5
  10. Disable-ADAccount -Identity $username
  11. Start-Sleep -Seconds 2
  12. Get-ADUser $username | Move-ADObject -TargetPath 'OU=Terminated Users'
  13. Start-Sleep -Seconds 2
  14. $now = Get-Date -format dd-MMM-yyyy
  15. Set-ADUser $username  -HomePage $now
  16. }
*reason from time breaks is it was running a little to fast and caused issues at times - build script piece by piece

Ideas or thoughts?

*yes I know letting over 200 users get left unattended shouldn't happen. Other steps taken to see that doesn't happen. Also all 200 have had passwords reset and are disabled.
by Reddrgn2 » Mon Jun 07, 2021 12:58 pm
So i am not really sure what fixed my issues but it is fixed. I think it was a combo of issues, the wrong import method for csv, the wrong 'for each', or both.

So I was rebuilding from scratch again. Used import method 'get-content' and 'foreach'. Then re-organized the functions of the script a little. Also added a few comments. Then tested each line one at a time. Below is the slightly changed, working script for bulk termination of users, that does what I would like it to do. I took out the sleeps and its working also. Tested on about 3 groups of 10 users before running against the reset of the list. Took about 10 mins to fully complete all the users.
  1. $offcvs = Get-Content 'E:\scripts\UpdateADusers\bulk_off_board.csv'
  2.  
  3. foreach ($Username in $offcvs) {
  4. #disables account
  5. Disable-ADAccount -Identity $Username
  6. #gets users member of groups and exports to file share useing users name
  7. Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description | Export-Csv \\file_share\users\Memberofexports\$username.csv
  8. #hides user in GAL
  9. Set-aduser -Identity $Username -Replace @{msExchHideFromAddressLists= $true}
  10. #references user member of groups
  11. $users = (Get-ADUser $username -properties memberof).memberof
  12. #uses above reference to remove user from member of groups
  13. $Users | Remove-ADGroupMember -Members $username -Confirm:$false
  14. #references - current date
  15. $now = Get-Date -format dd-MMM-yyyy
  16. #uses about date reference to add the date to user webpage feild(AD-user-general-web page)
  17. Set-ADUser $username  -HomePage $now
  18. #moves user to termed user OU  
  19. Get-ADUser $username | Move-ADObject -TargetPath 'OU=Terminated Users'
  20. }
Go to full post

User avatar
brittneyr
Site Admin
Posts: 816
Last visit: Tue Jul 27, 2021 8:07 am
Answers: 16
Been upvoted: 13 times

Re: Import csv users and run powershell script

Post by brittneyr »

[Topic was moved to PowerShell Forum by moderator]
Brittney Ryn
SAPIEN Technologies, Inc.

jvierra
Posts: 14872
Last visit: Tue Jul 27, 2021 9:44 am
Answers: 12
Has voted: 3 times
Been upvoted: 10 times

Re: Import csv users and run powershell script

Post by jvierra »

Sorry but we ahve ni idea what you mean by :offboarding and onbloardin". YOu havce ti as a specific question about coding or about some error. We cannot know what you are thinking or what your design strategy is,

jvierra
Posts: 14872
Last visit: Tue Jul 27, 2021 9:44 am
Answers: 12
Has voted: 3 times
Been upvoted: 10 times

Re: Import csv users and run powershell script

Post by jvierra »

One quick look. You seem to be saying that you are trying to disable and move some users. WHy "sleep"? YOu can get, disable, move anyty user in one command. No need for sleep or multiple statements. Use the pipeline.

You are also tryinf to do one user and at the same time remove all users. Tou remove a user from a group just specify the uiser object to the command. If you want to remove one user form all groups then enumerate the "memberof" and pipe to Remove-AdGroupMember with specified user object, takes one commandline.

User avatar
Reddrgn2
Posts: 45
Last visit: Thu Jul 01, 2021 5:07 am
Answers: 1

Re: Import csv users and run powershell script

Post by Reddrgn2 »

offboarding = someone leaving
onboarding = someone joining

The reason for the sleep command is that it was having issues running everything correctly. I started with the pipe but it wasn't working correctly. Sometimes it would do it and others it would skip over it. When started again from scratch, i built it one task at a time. So when as i was testing i entered in the sleep commands and it started to work.

I have it working if i want to do one user at a time, I don't want to do that at this time, i want to be able to use a csv import to do all the same things. But for some reason it is not working.

So what would normally happen is that the user(being disabled) would remove its export its all member of groups, then remove that user from all those groups. (it works when I use the single target offboard script)

I tried to use the ' get-content' then started by commmenting out all the tasks, leaving only the disable. It worked, then commented in the move to another OU, it worked. I commented in to add date to webpage(homepage) and it worked, just anything after that it would stop working. Looks like it is having issues with 'identity'

Code: Select all

[Codebox=text file=Untitled.txt]ERROR: Disable-ADAccount : Cannot convert 'Microsoft.ActiveDirectory.Management.ADPropertyValueCollection' to the type
ERROR: 'Microsoft.ActiveDirectory.Management.ADAccount' required by parameter 'Identity'. Specified method is not supported.
ERROR: At E:\scripts\UpdateADUsers\bulk_off_board_test4.ps1:29 char:31
ERROR: +   Disable-ADAccount -Identity $Username
ERROR: +                               ~~~~~~~~~
ERROR:     + CategoryInfo          : InvalidArgument: (:) [Disable-ADAccount], ParameterBindingException
ERROR:     + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.DisableADAccount
ERROR:
ERROR: Remove-ADGroupMember : The specified account name is not a member of the group
ERROR: At E:\scripts\UpdateADUsers\bulk_off_board_test4.ps1:27 char:15
ERROR: +   $Username | Remove-ADGroupMember -Members $username -Confirm:$false
ERROR: +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ERROR:     + CategoryInfo          : NotSpecified: (CN=HDQ Door 9,O...,DC=local:ADGroup) [Remove-ADGroupMember], ADException
ERROR:     + FullyQualifiedErrorId : ActiveDirectoryServer:1377,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember

ERROR:
ERROR: Set-ADUser : Cannot convert 'Microsoft.ActiveDirectory.Management.ADPropertyValueCollection' to the type 'Microsoft.ActiveDirectory.Management.ADUser'
ERROR: required by parameter 'Identity'. Specified method is not supported.
ERROR: At E:\scripts\UpdateADUsers\bulk_off_board_test4.ps1:32 char:14
ERROR: +   Set-ADUser $username  -HomePage $now
ERROR: +              ~~~~~~~~~
ERROR:     + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
ERROR:     + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.SetADUser
ERROR:
ERROR: Get-ADUser : Cannot convert 'Microsoft.ActiveDirectory.Management.ADPropertyValueCollection' to the type 'Microsoft.ActiveDirectory.Management.ADUser'
ERROR: required by parameter 'Identity'. Specified method is not supported.
ERROR: At E:\scripts\UpdateADUsers\bulk_off_board_test4.ps1:34 char:14
ERROR: +   Get-ADUser $username | Move-ADObject -TargetPath 'OU=Terminated Use ...
ERROR: +              ~~~~~~~~~
ERROR:     + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
ERROR:     + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser[/Codebox]

User avatar
Reddrgn2
Posts: 45
Last visit: Thu Jul 01, 2021 5:07 am
Answers: 1

Re: Import csv users and run powershell script

Post by Reddrgn2 »

So i am not really sure what fixed my issues but it is fixed. I think it was a combo of issues, the wrong import method for csv, the wrong 'for each', or both.

So I was rebuilding from scratch again. Used import method 'get-content' and 'foreach'. Then re-organized the functions of the script a little. Also added a few comments. Then tested each line one at a time. Below is the slightly changed, working script for bulk termination of users, that does what I would like it to do. I took out the sleeps and its working also. Tested on about 3 groups of 10 users before running against the reset of the list. Took about 10 mins to fully complete all the users.
  1. $offcvs = Get-Content 'E:\scripts\UpdateADusers\bulk_off_board.csv'
  2.  
  3. foreach ($Username in $offcvs) {
  4. #disables account
  5. Disable-ADAccount -Identity $Username
  6. #gets users member of groups and exports to file share useing users name
  7. Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description | Export-Csv \\file_share\users\Memberofexports\$username.csv
  8. #hides user in GAL
  9. Set-aduser -Identity $Username -Replace @{msExchHideFromAddressLists= $true}
  10. #references user member of groups
  11. $users = (Get-ADUser $username -properties memberof).memberof
  12. #uses above reference to remove user from member of groups
  13. $Users | Remove-ADGroupMember -Members $username -Confirm:$false
  14. #references - current date
  15. $now = Get-Date -format dd-MMM-yyyy
  16. #uses about date reference to add the date to user webpage feild(AD-user-general-web page)
  17. Set-ADUser $username  -HomePage $now
  18. #moves user to termed user OU  
  19. Get-ADUser $username | Move-ADObject -TargetPath 'OU=Terminated Users'
  20. }

jvierra
Posts: 14872
Last visit: Tue Jul 27, 2021 9:44 am
Answers: 12
Has voted: 3 times
Been upvoted: 10 times

Re: Import csv users and run powershell script

Post by jvierra »

You have to slow down and do it in small steps. YOu are just shotgunning everything and no one can keep uup with anything you are doing.

It would also be useful if you formatted your code correctly. Never use Get-Content with a CSV, Be sure you have a realy CSV. MOst people have no idea what a CSV is.

Start with this and deal with each error as it occurs:
  1. $offcvs = Get-Content 'E:\scripts\UpdateADusers\bulk_off_board.csv'
  2.  
  3. $ErrorActionPreference = 'Stop'
  4. foreach($Username in $offcvs){
  5.     Try{
  6.         $user = Get-AdUser $Username
  7.         $user | Disable-ADAccount
  8.         $user | Get-ADPrincipalGroupMembership |
  9.             Get-ADGroup |
  10.             Select-Object name, description |
  11.             Export-Csv \\file_share\users\Memberofexports\$username.csv
  12.         $user | Set-aduser -Replace @{msExchHideFromAddressLists=$true;HomePage=([DateTime]::Today.ToString('dd-MMM-yyyy')) }
  13.         $users.memberof | Remove-ADGroupMember -Members $user -Confirm:$false
  14.         $user | Move-ADObject -TargetPath 'OU=Terminated Users'
  15.     }
  16.     Catch{
  17.         Write-Warning $_
  18.     }
  19. }
  20. $ErrorActionPreference = 'Continue'

Locked