Public/Update-Employees.ps1
|
function Update-Employees { [CmdletBinding(PositionalBinding=$true)] param ( [Parameter(Mandatory=$true)][object[]]$AdUsers, [Parameter(Mandatory=$true)][object[]]$SyncHrEmployees, [Parameter(Mandatory=$false)][string[]]$ExemptOu ) # TEMP #$AdUsers = Import-Csv /Users/squirion/GitHub/Powershell/SyncHR/ad-export.csv #$SyncHrEmployees = Import-Csv /Users/squirion/GitHub/Powershell/SyncHR/synchr-export.csv $employees = $SyncHrEmployees | ? { $_.empNo.Length -gt 3 } $validAdUsers = $AdUsers | ? { $_.Enabled -eq $true -and $_.SamAccountName -notmatch '^da\.|^svc\.' } $progressObj = @{ count = $employees.Count countDown = $employees.Count countUp = 0 } $result = @() try { foreach ($emp in $employees) { Write-Progress -Activity "Checking Active Employee: $($emp.fname) $($emp.lname)" -Status "$(($progressObj).countDown) Users Remaining.." ` -PercentComplete (($($progressObj.countUp) / $($progressObj.count)) * 100) -ErrorAction Ignore $progressObj.countDown-- $progressObj.countUp++ $userEmployeeNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $emp.empNo if ($userEmployeeNumber -notmatch '\d+') { continue } $adUser = $null $adUser = $validAdUsers | ? {$_.EmployeeNumber -eq $userEmployeeNumber} if (!$adUser) { #Write-Log -LogText "NO MATCH in AD >> $($emp.empNo) ($($userEmployeeNumber)) $($emp.fName) $($emp.lName)" -LogType: warning continue } if ($adUser.Count -gt 1) { Write-Log -LogText "MULTIPLE MATCHES in AD >> $($emp.fName) $($emp.lName) $($emp.empNo) ($($userEmployeeNumber))" -LogType warning continue } if ($emp.emplStatusDescription.Length -lt 1) { Write-Log "Skipping user with invalid emplStatusDescription: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)) >> emplStatusDescription: ""$($emp.emplStatusDescription)""" -LogType: warning continue } # check to see if user is in exempt ou $userOU = ($adUser.DistinguishedName -split ",", 2)[1] $ouMatch = $null $ouMatch = $ExemptOu | ? {$_ -eq $userOU} | select -First 1 if ($ouMatch) { Write-Log "Skipping user in exempt OU: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)) >> $($adUser.DistinguishedName) in OU: ""$($ouMatch)""" -LogType: warning continue } $changeObj = New-Object psobject -Property @{ FirstName = $adUser.GivenName LastName = $adUser.Surname LoginName = $adUser.SamAccountName EmployeeNumber = $adUser.EmployeeNumber SHR_EmpNo = $emp.empNo SHR_Status = $emp.emplStatusDescription Enabled_old = $null Enabled_new = $null Manager_old = $null Manager_new = $null Title_old = $null Title_new = $null Action = $null Result = $null } | select FirstName,LastName,LoginName,EmployeeNumber,SHR_EmpNo,Enabled_old,Enabled_new,Manager_old,Manager_new,Title_old,Title_new,Action,Result $changes = @{} # enabled if ($emp.emplStatusDescription -ne 'Active Employee') { Write-Log "Disabling employee: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)) >> emplStatusDescription: ""$($emp.emplStatusDescription)""" $changes += @{Enabled = $false} $changeObj.Enabled_old = $adUser.enabled $changeObj.Enabled_new = $false } # manager if ($emp.manager_empNo.Length -gt 3) { $managerEmployeeNumber = Convert-SyncHrEmpNo -SyncHrEmpNo $emp.manager_empNo $adManager = $null $adManager = $validAdUsers | ? {$_.EmployeeNumber -eq $managerEmployeeNumber} if ($adManager -and ($adUser.Manager -ne $adManager.DistinguishedName)) { if ($adManager.SamAccountName -eq 'ACCOBCM') { Write-Log "Skipping manager update for someone reporting to due to known issue." -LogType: warning } else { Write-Log "Manager update: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)) >> Old Manager: ""$($adUser.Manager)"" >> New Manager: ""$($adManager.DistinguishedName)""" $changes += @{Manager = $adManager.DistinguishedName} $changeObj.Manager_old = "$($adUser.GivenName) $($adUser.Surname)" $changeObj.Manager_new = "$($adManager.GivenName) $($adManager.Surname)" } } } # title if ($adUser.Title -ne $emp.positionTitle) { Write-Log "Title update: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)) >> Old Title: ""$($adUser.Title)"" >> New Title: ""$($emp.positionTitle)""" $changes += @{Title = $emp.positionTitle} $changeObj.Title_old = $adUser.Title $changeObj.Title_new = $emp.positionTitle } # perform changes if there are any if ($changes.Count -gt 0) { $changes += @{Identity = $adUser.ObjectGUID.GUID} try { $changeObj.Action = 'Update' Set-ADUser @changes -ErrorAction: Stop -Verbose $changeObj.Result = 'OK' } catch { Write-Log "Error performing Set-AdUser on user: $($emp.fName) $($emp.lName) $($emp.empNo) ($($adUser.EmployeeNumber)). Changes: $($changes | ConvertTo-Json -Compress)" -LogType: error -ErrorObject $_ $changeObj += "ERROR: $($_.Exception.Message)" } $result += $changeObj } } } catch { Write-Log "Unhandled exception" -LogType: error -ErrorObject $_ return } Write-Progress -Activity "Complete" -Completed: $true return $result } |