Automated Active Directory User Attribute Updates with PowerShell

Managing user accounts in Active Directory (AD) can be tedious, especially when you need to update multiple attributes for many users. However, with the power of PowerShell and the Active Directory module, you can automate Active Directory user attribute updates. In this blog post, we’ll walk through a PowerShell script that updates various user attributes, including the manager’s email, based on information from a CSV file.

Prerequisites

Before you begin, ensure you have the following:

PowerShell is installed on your machine.
Active Directory module for PowerShell. You can install it by running Install-Module -Name ActiveDirectory if it’s not already available.
CSV file with the user information.

CSV File Structure

Your CSV file should have the following columns:

Email,ManagerEmail,DisplayName,EmployeeID,JobTitle,CompanyName,OfficeName,City,State,CountryCode,EmploymentType
user1@example.com,manager1@example.com,User One,12345,Job Title,Company Name,Office Name,City,State,US,Full-Time
user2@example.com,manager2@example.com,User Two,23456,Job Title,Company Name,Office Name,City,State,US,Part-Time

PowerShell Script to Automate Active Directory User Attribute Updates

Here’s the complete script to update user attributes in Active Directory:

# Import the Active Directory module
Import-Module ActiveDirectory

# Path to the CSV file
$csvPath = "C:\Temp\EmployeeAttrUpdate.csv"

# Import the CSV file
$users = Import-Csv -Path $csvPath

# Loop through each user and update the display name, employee ID, and other attributes
foreach ($user in $users) {
    # Get the user object using their email address
    $adUser = Get-ADUser -Filter "mail -eq '$($user.Email)'"
    
    # Check if user exists
    if ($adUser) {
        # Get the manager object using their email address
        $manager = Get-ADUser -Filter "mail -eq '$($user.ManagerEmail)'"
        
        # Check if manager exists and get the manager's distinguished name (DN)
        if ($manager) {
            $managerDN = $manager.DistinguishedName
            
            # Update the user's attributes, including the manager DN
            Set-ADUser -Identity $adUser -Replace @{
                displayName = $user.DisplayName
                employeeID = $user.EmployeeID
                title = $user.JobTitle
                company = $user.CompanyName
                physicalDeliveryOfficeName = $user.OfficeName     
                l = $user.City
                st = $user.State
                c = $user.CountryCode
                employeeType = $user.EmploymentType
            } -Manager $managerDN
            
            Write-Host "Information updated successfully for user with email: $($user.Email)" -ForegroundColor Green
        } else {
            Write-Host "Manager with email $($user.ManagerEmail) not found for user: $($user.Email)" -ForegroundColor Red
        }
    } else {
        Write-Host "User with email $($user.Email) not found." -ForegroundColor Red
    }
}

Script Breakdown

Import the Active Directory Module:
```
Import-Module ActiveDirectory
```
This command ensures the Active Directory module is loaded into your PowerShell session.
Path to the CSV File:
```
$csvPath = "C:\Temp\file.csv"
```
Update the path to point to your CSV file location.
Import the CSV File:
```
$users = Import-Csv -Path $csvPath
```
This command imports the CSV file into a variable $users.
Loop Through Each User:
```
foreach ($user in $users) { # Get the user object using their email address $adUser = Get-ADUser -Filter "mail -eq '$($user.Email)'"
```
The script iterates through each user in the CSV file and attempts to retrieve the AD user object using their email address.
Check If User Exists:
```
if ($adUser) {
```
The script checks if the user exists in Active Directory.
Get and Check Manager:
```
$manager = Get-ADUser -Filter "mail -eq '$($user.ManagerEmail)'"
if ($manager) {
$managerDN = $manager.DistinguishedName
```
The script retrieves the manager object using their email address and checks if the manager exists.

Update User Attributes:

Set-ADUser -Identity $adUser -Replace @{
displayName = $user.DisplayName
employeeID = $user.EmployeeID
employeeNumber = $user.StafflineID
title = $user.JobTitle
company = $user.CompanyName
physicalDeliveryOfficeName = $user.OfficeName
l = $user.City
st = $user.State
c = $user.CountryCode
employeeType = $user.EmploymentType
extensionAttribute1 = $user.EmploymentStatus
} -Manager $managerDN

The script updates the user’s attributes and sets the manager using the manager’s DN.

Output Messages:
```
Write-Host "Information updated successfully for user with email: $($user.Email)" -ForegroundColor Green
```
The script provides feedback on whether the user and manager were found and if the updates were successful.

Running the Script

Ensure Permissions: Make sure you run the script with an account that has the necessary permissions to read and write user objects in Active Directory.
Update CSV Path: Ensure the $csvPath variable points to the correct path of your CSV file.
Execute the Script: Run the script in a PowerShell session.

Conclusion

Automated Active Directory User Attribute Updates can save you a lot of time and reduce the chance of human error. Using PowerShell with the Active Directory module, you can efficiently manage large numbers of user accounts and ensure data consistency across your organization. Feel free to modify the script to suit your specific needs, and always test in a safe environment before applying changes to your production environment.

making any changes.