The script continues with STEP3
$OutFile="C:\quser\ad-userimport-scripts\ujuserekerkeztek.txt"
$LogFile="C:\quser\ad-userimport-scripts\adderlog.txt"
$InFile="C:\quser\ad-userimport-scripts\opslistanevekkel.txt"
$WinUsers = "C:\quser\ad-userimport-scripts\winjumpusers.txt"
# we have some test users which must not be disabled
$ToIgnore = "user1","user2","user3","master1","master2"
$GrA = @() # needed!
$GrA = import-csv $InFile # external LDAP group members
$GrB = gc $WinUsers # external LDAP group members who has additional administrative permission to be imported here
$GrC=(Get-ADGroupMember -identity jumpusers).SamAccountName # members who are already in the local AD
$Gone = $GrC | where {$GrA.uid -notcontains $_ } # members who are already in the local AD but not in the foreign AD - seems like deleted there and already left the team
$ToDelete=(Compare-Object $Gone $ToIgnore).InputObject # generating the user list who are to be deleted locally
# some checks to avoid stupid errors - too short list means we caught only some error message
$i=@(Get-Content $InFile).Length
if ( $i -lt 15 ) {
write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
exit 1
}
$i=@(Get-Content $WinUsers).Length
if ( $i -lt 10 ) {
write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
exit 1
}
# logging
Get-Date | Out-File $LogFile -Append
# handling users who are gone meanwhile from the external LDAP
if ( $ToDelete -ne $null ) {
$ToDelete | ForEach-Object {
#Delete-ADaccount -Member $_ -Confirm:$false # delete
#Remove-ADGroupMember -Identity jumpusers -Member $_ -Confirm:$false # removes from the group
Disable-ADAccount -identity $_ # disable the user
Write-Host "DISABLED:" $_ | Out-File $LogFile -Append
}
}
# Collecting the users into external data file who are not added yet locally. This is the trickiest part of the script because here we just find the loginID of the user. The first and the last names come from the second list! So the loginID (SAMaccount name) needs to be found in the second list and the realname comes with that from there.
$result = $GrB | Where {$GrC -NotContains $_}
$GrA.uid|ForEach-Object {
$uidja = $_
$ndx = [array]::IndexOf($GrA.uid,$uidja)
$result|Foreach-Object {
if ($_ -match $uidja ) {
$GrA.FirstName[$ndx] $GrA.LastName[$ndx]
$uidja+","+$GrA.FirstName[$ndx]+","+$GrA.LastName[$ndx] | Out-File $OutFile -Append
}
}
}
#STEP4
# This is where the safe import is happening for the new users. The password is generated locally because that can't be exported from the external LDAP so won't be identical.
[...]
Nincsenek megjegyzések:
Megjegyzés küldése