1. 首頁
  2. 問答
  3. 將AD與CSV進行比較

將AD與CSV進行比較

2015-06-08 110 views
0

我正在嘗試創建一個腳本,將我們的AD與CSV中的所有用戶進行比較。我們的人力資源部門爲所有員工提供主數據庫,但是當他們進行更改時,他們很少通知我們,因此他們現在將所有用戶從人力資源數據庫導出到CSV。將AD與CSV進行比較

我需要將此與我們的AD進行比較,並修改任何發現有變化的人或任何新員工。

我有下面的腳本,但它只是輸出所有員工,我只希望已更改的員工或未在AD中的新員工通過電子郵件發送。

write-host "Using default CSV file or C:\scripts\csv\StaffChanges.csv" 
$StaffCSVUPath = "C:\scripts\csv\StaffChanges.csv" 

$logfile = "C:\scripts\logs\ADvsCMIS.csv" 

if(test-path $logfile) { 
    remove-item $logfile -force 
} 

function Email { 
    #Send an email, called with recipient email address and message body 
    param(
     [string] $emailaddress="", 
     [string] $bodymsg="" 
    ) 
    $bodymsg += "<p>" 
    $bodymsg += Get-Content($logfile) 
    Send-MailMessage -To $emailaddress -From "[email protected]" -Subject "(AD-CMIS_errors) Errors found between Active Directory and CMIS" -Body $bodymsg -BodyAsHTML -SMTPServer "exchserver" 
} 


function CheckOutputFile { 
    #Called with folder\filename and type of file 
    param(
     [string]$outputfilename = "", 
     [string]$type = "" 
    ) 
    if(test-path($outputfilename)) { 
    } else { 
     write-host "Creating $outputfilename" 
     $msg = "Forename,Surname,Username,ID" 
     $msg | out-file($outputfilename) 
    } 
} 

#Snap-ins needed to use the commands within the script 
if((Get-pssnapin -Name Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue) -eq $null){Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010} 
if((Get-pssnapin -Name Quest.activeroles.admanagement -ErrorAction SilentlyContinue)-eq $null){Add-pssnapin Quest.activeroles.admanagement} 

#import users from csv file 
$users = (import-Csv $StaffCSVUpath) 
$count=0 
$countAD=0 

Get-QADUser -searchroot "domain/Users/Staff" -SizeLimit 0 -includedproperties employeeid,displayname | ForEach-Object ($_.samaccountname) { 
    $found = 0 
    $countAD+=1 
    ForEach ($user in $users) { 
     $count+=1 
     $inital = $user.forename.substring(0,1) 
     $name = $user.forename+" "+$user.surname 
     $dispname = $inital+" "+$user.surname 
     if ($user.id -eq $_.employeeid) { 
      if ($user.surname -eq $_.lastname) { 
       if ($inital -eq $_.firstname) { 
        if ($name -eq $_.name) { 
         if ($dispname -eq $_.displayname) { 
          $found = 1 
         } 
        } 
       } 
      } 
     } 
     if ($found -eq 1){break} 
    } 
    if ($found -eq 0) { 
     if(($_.company -ne "testing") -band ($_.company -ne "service")) { 
      CheckOutputFile $logfile "LOG" 
      $msg = "<p>" + $_.firstname +" " + $_.lastname + " " + $_.samaccountname + " "+$_.employeeid +"<p>" 
      $msg | Out-File $logfile -append 
     } 
    } 
} 

if (test-path $logfile) { 
    #If there is anything to report 
    write-host "Emailing Log file to ict" 
    #Email file if $outputB exists 
    $email = "[email protected]" 
    $body = "Action Required: The users below do not exist within HR. Contact HR Data manager to resolve issue, delete users manually if required." 
    #email ict 
    Email $email $body 
}

來源

2015-06-08 lellis

+0

讓他們店的UPN在他們的基地,那麼你可以找到一個用戶通過其UPN快速。值得慶幸的是,UPN通常與電子郵件相同,儘管它可能並非如此。並且,當您處理敏感數據時需要警告,「修改」AD中的新員工可能會以授權用戶身份提供內部數據泄露。 – Vesper

+0

只需簡要記錄,CSV文件只包含以下字段: - ID,名字,姓氏。該ID通常只是用戶名縮寫,但對每個用戶都是唯一的。 – lellis

+0

如果您有辦法將ID映射到'sAMAccountName','userPrincipalName'或'cn',反之亦然,請按照CSV中的數據更新屬性。我說不要創建新用戶或刪除/禁用舊用戶。如果沒有,請設法做到這一點,如果有必要,您可以使用其他屬性。 – Vesper

回答

0

我成功通過更改搜索字段來使其工作

if($user.firstname -eq $_.firstname) 
    if($user.surname -eq $_.sn) 
    if($user.ID -eq $_.employeeID)

這現在檢查AD對CSV,電子郵件任何差異,並排除與名字「試驗」或「職業生涯」的任何電子郵件

write-host "Using default CSV file or C:\scripts\csv\StaffChanges.csv" 
$StaffCSVUPath = "C:\scripts\csv\StaffChanges.csv" 

$logfile = "C:\scripts\logs\ADvsHR.csv" 

if(test-path $logfile) { 
    remove-item $logfile -force 
} 

function Email { 
    #Send an email, called with recipient email address and message body 
    param(
     [string] $emailaddress="", 
     [string] $bodymsg="" 
    ) 
    $bodymsg += "<p>" 
    $bodymsg += Get-Content($logfile) 
    Send-MailMessage -To $emailaddress -From "[email protected]" -Subject "(AD-CMIS_errors) Errors found between Active Directory and CMIS" -Body $bodymsg -BodyAsHTML -SMTPServer "exchserver" 
} 


function CheckOutputFile { 
    #Called with folder\filename and type of file 
    param(
     [string]$outputfilename = "", 
     [string]$type = "" 
    ) 
    if(test-path($outputfilename)) { 
    } else { 
     write-host "Creating $outputfilename" 
     $msg = "Forename,Surname,Username,ID" 
     $msg | out-file($outputfilename) 
    } 
} 

#Snap-ins needed to use the commands within the script 
if((Get-pssnapin -Name Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue) -eq $null){Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010} 
if((Get-pssnapin -Name Quest.activeroles.admanagement -ErrorAction SilentlyContinue)-eq $null){Add-pssnapin Quest.activeroles.admanagement} 

#import users from csv file 
$users = (import-Csv $StaffCSVUpath) 
$count=0 
$countAD=0 

Get-QADUser -searchroot "domain/Users/Staff" -SizeLimit 0 -includedproperties employeeid,displayname | ForEach-Object ($_.samaccountname) { 
    $found = 0 
    $countAD+=1 
    ForEach ($user in $users) { 
     $count+=1 
     if ($user.firstname -eq $_.firstname) { 
      if ($user.surname -eq $_.sn) { 
       if ($user.ID -eq $_.employeeID) { 
          $found = 1 
       } 
      } 
     } 
     if ($found -eq 1){break} 
    } 
    if ($found -eq 0) { 
     if(($_.firstname -ne "careers") -band ($_.firstname -ne "test")) { 
      CheckOutputFile $logfile "LOG" 
      $msg = "<p>" + $_.firstname +" " + $_.lastname + " "+$_.employeeid +"<p>" 
      $msg | Out-File $logfile -append 
     } 
    } 
} 

if (test-path $logfile) { 
    #If there is anything to report 
    write-host "Emailing Log file to ict" 
    #Email file if $outputB exists 
    $email = "[email protected]" 
    $body = "Action Required: The users below do not exist within HR. Contact HR Data manager to resolve issue, delete users manually if required." 
    #email ict 
    Email $email $body 
}

來源

2015-06-09 14:07:15 lellis

0

我不使用Quest AD cmdlet,所以我的答案將基於內置的答案。此外,我將假設任何給定員工的(唯一)員工ID不會更改,並且沒有用戶帳戶具有空的employeeId屬性。

首先,準備數據是這樣的:

Import-Module ActiveDirectory 

$hrUsers = @{} 
Import-Csv 'C:\path\to\your.csv' | 
    select id, firstname, surname, 
     @{n='inital';e={$_.forename.substring(0,1)}}, 
     @{n='name';e={$_.forename+" "+$_.surname}}, 
     @{n='dispname';e={$_.forename.substring(0,1)+" "+$_.surname}} | 
    % { $hrUsers[$_.id] = $_ } 

$adUsers = Get-ADUser -Filter * -Property employeeid | 
      ? { 'testing', 'service' -notcontains $_.company }

這就產生了一個散列表映射每個員工ID來與相應的用戶的屬性的對象(包括衍生物屬性initialname,和dispname)和AD用戶列表(不包括服務和測試帳戶)。

通過上述可以判斷新用戶是這樣的:

$employeeIDs = @($adUsers | select -Expand employeeId) 
$hrUsers.Values | ? { $employeeIDs -notcontains $_.id }

過時的賬戶是這樣的:

$adUsers | ? { $hrUsers.Keys -notcontains $_.employeeId }

和修改用戶是這樣的:

$adUsers | ? { 
    $hrUsers[$_.employeeid].surname -ne $_.lastname -or 
    $hrUsers[$_.employeeid].inital -ne $_.firstname -or 
    $hrUsers[$_.employeeid].name -ne $_.name -or 
    $hrUsers[$_.employeeid].dispname -ne $_.displayname 
}

來源

2015-06-08 12:19:45

相關問題

 相關問題