Adaxes

Disable user via Csv if EmployeeID matches

0 votes

Hello,

We are currently trailing Adaxes before purchase, We want to use this to mainly automate our starters and leavers process. Starters seems easy enough, however I am looking for some help with disabling accounts.

The employee ID feild is complete for all of our users in AD and is our main key identifier. Our HR system will provide us with a CSV from which we would like to check that the employee ID matches the user in AD before proceeding to disable the account.

CSV
EmployeeID,Name,Surname,Operation
1234,Joe,Bloggs,Disable

From this we would like to check that the name and emplyee ID are a match then disable that account, if the name and employee are not a match then abort the operation. I assume powershell would be the way forward to do this as a scheduled task to process the CSV.

Not very experienced with powershell so any help would be much appreciated.

Regards

by (70 points)

1 Answer

0 votes
by (272k points)
selected by
Best answer

Hello Wayne,

Have a look at the following tutorial: https://www.adaxes.com/tutorials_Active ... romCSV.htm.

0

Hi,

Thanks for the response, I have the import of users working fine. I need something for disabling accounts.

Im guessing a business rule that checks the ID matches before disabling and then a scheduled task to run more powershell to actually process the CSV and disable the account?

I found this pit of Powershell below but this does not check the employee ID which is the only unique identifier between AD and our HR system. Had to # out the delete line as we do not want to delete.

Import-Module Adaxes
$csvFilePath = "C:\User Imports\Disable User.csv" # TODO: modify me
function ExecuteOperation ($username, $operationType)
{
    switch ($operationType)
    {
    #    "Delete"
    #    {
    #        # Try to delete the user
    #        try
    #        {
    #            Remove-AdmUser -Identity $userName -AdaxesService localhost -ErrorAction Stop -Confirm:$False
    #        }
    #        catch
    #        {
    #            return "Error: User '$userName' was not deleted. Error message: " + $_.Exception.Message
    #        }
    #        return "User '$userName' deleted successfully."
    #    }
        "Disable"
        {
            # Try to disable the User
            try
            {
                Disable-AdmAccount -Identity $userName -AdaxesService localhost -ErrorAction Stop
            }
            catch
            {
                return "Error: User '$userName' was not disabled. Error message: " + $_.Exception.Message
            }
            return "User '$userName' disabled successfully."
        }
        default
        {
            return "Unknown operation: " + $operationType + " for user: " + $user.username
        }
    }
}
# Check file path
if (!(Test-Path -Path $csvFilePath))
{
    Write-Host "File '$csvFilePath' was not found."
    return
}
# Import data
$csvFile = Import-Csv -Path $csvFilePath
foreach ($user in $csvFile)
{
    $result = ExecuteOperation $user.Name $user.Operation
    Write-Host $result
}
by (70 points)
moved by
0

Hello Wayne,

Could you clarify the part about checking the Employee ID? According to your example, the CSV file contains only First Names, Last Names and Employee IDs of users. Do we understand correctly, that you need the script to find a user by Employee ID specified in the CSV file, check whether the First Name and Last Name match those in the CSV file for the user and disable the user if names match?

by (272k points)
moved by
0

Hello,

Yes this is correct, check employee id and name matches from the CSV file to what is stored in AD then if they match disable the account.

Thank you

by (70 points)
moved by
0

Hello Wayne,

To disable users by importing a CSV file, you will need to create a Scheduled Task configured for Domain-DNS object type that will execute the below script. No other configuration objects (Business Rules, Custom Commands, etc.) are required. For information on how to create Scheduled Tasks, have a look at the following tutorial: https://www.adaxes.com/tutorials_Automa ... gement.htm. On step 3 of the tutorial, select Domain-DNS Object type.

In the script:

  • $csvFilePath - specifies the path to the CSV file;
  • $employeeIDColumnName - specifies the name of the column containing Employee IDs of users;
  • $firstNameColumnName - specifies the name of the column containing first names of users;
  • $secondNameColumnName - specifies the name of the column containing surnames of users;
  • $operationColumnName - specifies the name of the column containing the operation.
$csvFilePath = "\\Server\Share\example.csv" # TODO: modify me
$employeeIDColumnName = "EmployeeID" # TODO: modify me
$firstNameColumnName = "Name" # TODO: modify me
$secondNameColumnName = "Surname" # TODO: modify me
$operationColumnName = "Operation" # TODO: modify me

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Check file path
if (!(Test-Path -Path $csvFilePath))
{
    $Context.LogMessage("File '$csvFilePath' was not found.", "Warning")
    return
}

# Import data
$records = Import-Csv -Path $csvFilePath
$filter = New-Object "System.Text.StringBuilder"
foreach ($record in $records)
{
    if ($record.$operationColumnName -ne "Disable")
    {
        continue # Skip users with other operations
    }

    $employeeIDFilter = "(employeeID=" + $record.$employeeIDColumnName + ")"
    $firstNameFilter = "(givenName=" + $record.$firstNameColumnName + ")"
    $secondNameFilter = "(sn=" + $record.$secondNameColumnName + ")"
    [void]$filter.Append("(&$employeeIDFilter$firstNameFilter$secondNameFilter)")
}

if ($filter.Length -eq 0)
{
    return
}

# Search users
$searchResults = SearchObjects ("(&(sAMAccountType=805306368)(|$($filter.ToString())))") @($usernamePropertyName, "employeeID")
foreach ($searchResult in $searchResults)
{
    # Disable user account
    $user = $Context.BindToObject($searchResult.AdsPath)
    $user.AccountDisabled = $True
    $user.SetInfo()
}
by (272k points)
moved by
0

Thank you so much for this. This will really help me push for a purchase order withint a week.

Really appreciate it, great support.

by (70 points)
moved by
0

Hello Wayne,

Thank you for your good words, much appreciated!

Should you have any further requests, do not hesitate to contact our Support Team.

by (272k points)
moved by

Related questions

0 votes
1 answer
Whend creating and updating user via scrpt can we change this to find the manager via employeeID or SAMAccountName?

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
0 votes
1 answer
Import User doesnt set ObjectDN OK if employeeID is src

Screenshots below of everything.... I am using a "virgin" install of the latest version tool in a test domain. No special business rules or other customization have been ... (not shown). Suggestions on how to get this working would be greatly appreciated.

asked Dec 16, 2013 by dbarry (40 points)
0 votes
1 answer
Creating a user via CSV. Can I use the customattributes?

I would like to set the Hire Date of a user to the CustomAttributeDate2. Using your script to create users from a csv file. I have tried "Hire Date" = " ... for me to get that data into the customAttribute in adaxes? Add something to the script.

asked Jan 10, 2023 by mightycabal (1.0k points)
0 votes
0 answers
Exchange Online connection via user account authentication does not work if a proxy is used

This issue affects only Adaxes versions that use the Exchange Online Management (EXO v3) PowerShell module: Adaxes 2023.2 - all versions Adaxes 2023 - starting from version 3.15. ... . For more details, see how to Register Adaxes as an app in Microsoft Azure.

asked Jun 23, 2023 by Adaxes (550 points)
0 votes
1 answer
Account Expiry update via csv import

Hi support, [https://www.adaxes.com/questions/752/import-data-wizard] I am trying to do something similiar to this however in our csv file the column is called ... powershell task as you have highlighted to add the ldap value to the accountExpires attribute?

asked Feb 19 by MikeBeattie (90 points)
3,351 questions
3,052 answers
7,791 comments
545,079 users