PowerShell: Move Computers in Active Directory based on CSV file | Zak Emerick's IT Blog

My IT blog for random ideas and solutions.

PowerShell: Move Computers in Active Directory based on CSV file

Since I work in education we have to deal with new students coming in every year. At the high school level, in particular, we have to deal with internet permission slips. Since every student has an Active Directory user account we have to move the students from the ‘blocked’ OU to the ‘unblocked OU. With 1000+ students at our high school you can see that this can be quite a task.

Before this year I would do this manually. I would scan a shared Excel document for students who have been cleared to use the internet. I would then move the students one by one to the unblocked OU. This year after using Powershell a bit more I found this can be easily accomplished.

So our spreadsheet is setup like this:

Last Name First Name I Gr Other ID PERMISS

Our usernames are setup as: firstNameILastName and passwords are their ‘Other IDs’.

Draft
Import file; Combine name into usable username; use Other ID as password; If user doesn’t exist, add them; If user does exist move them to a designated OU;

Code is posted below with comments.


Try 
{ 
  Import-Module ActiveDirectory -ErrorAction Stop # Import Module if error stop
} 
Catch 
{ 
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" 
  Exit 1 
}
Try
{
    add-pssnapin quest.activeroles.admanagement # Add PS snap-in if error stop; You must have Quest activeroles installed!
}
Catch
{
    Write-Host "[ERROR] Quest ActiveRoles snap-in not available!"
    Exit 1
}

# Specify target OU.
$TargetOU =  'OU=UNIT,DC=domain,DC=local' # Set Target OU to move unblocked users to

# Read user sAMAccountNames from csv file (field labeled "Student First Name").
Import-Csv -Path Students.csv | ForEach-Object {
     $userName = $_.'Student First Name' + $_.'I' + $_.'Student Last Name' -replace " ","" # Create username and remove spaces
     $FullName = $_.'Student First Name'+' '+$_.'I'+' '+$_.'Student Last Name'
     $firstName = $_.'Student First Name'
     $lastName = $_.'Student Last Name'
     $pass = $_.'Other ID'
     $minit = $_.'I'
     $grade = $_.'Gr'
     if ($_.'Permiss' -eq 'X' -or $_.'8/13/2014' -eq 'X') { # if there is an X in the Permiss column move/create the user.
        # Move User
        try {
        $UserDN  = (Get-ADUser -Identity $userName).distinguishedName # Get DN of username
        Move-ADObject  -Identity $UserDN  -TargetPath $TargetOU # Move User if the user exists
        }
        catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] # Catch the error for "No user found"
        {
        # Add user if the user doesn't exist
        $ProfilePath = '<PROFILE PATH>'+$userName # Set Profile Path
         New-QADUser -ParentContainer $TargetOU ` # Add user if quest AD snappin.
        -Name $FullName `
        -FirstName $firstName `
        -LastName $lastName `
        -UserPassword $pass `
        -SamAccountName $userName `
        -Service '<Your Domain>' ` # Your Domain
        -ProfilePath $ProfilePath `
        -Initials $minit `
        -DisplayName $FullName `
        -Description $grade `
        }
     } else { Write-Host -ForegroundColor Red $userName } # If the user isn't cleared their username is output to the console.
 }

5164 Total Views 1 Views Today


Post a Comment

Your email address will not be published. Required fields are marked *

 characters available