Bulk update ADuser info

PowerShell script to modify Active Directory user account attributes in bulk from CSV import.

#The line below measures the length of time it takes to
#execute this script
# Get script Start Time (used to measure run time)
$startDTM = (Get-Date)
#Define location of my script variable
$path = Split-Path -parent "C:\scripts\ImportADUsers\*.*"
#Create log date and user disabled date
$logdate = Get-Date -format yyyy.M.d-HH.mm
#Define CSV and log file location variables
#they have to be on the same location as the script
$csvfile = $path + "\User_Info.csv"
$logfile = $path + "\logs\$logdate.logfile.txt"
$errorlogfile = $path + "\logs\$logdate.errorlogfile.txt"
$scriptrunrime = $path + "\logs\scripttime.txt"
#Define variable for a server with AD web services installed
$ADServer = '[email protected]'
#Import Active Directory Module
Import-Module ActiveDirectory
#Import CSV file and update users in the OU with details from the file
#Create the function script to update the users
Function Update-ADUsers {
Import-Csv -path $csvfile | `
ForEach-Object {
$EmployeeNumber = $_.'User ID'
$sam = $_.'Username'
$Title = $_.'Local Job Title'
$Division = $_.'Division'
$CO = $_.'Country (Label)' #country name spelled out
$C = $_.'C' #is the two character country abbreviation, per ISO-3166
$CountryCode = $_.'CountryCode' #countryCode is an integer designating the language, per ISO-3166
$Office = $_.'Location (Name)'
$St = $_.'State (Label)'
$StreetAddress = $_.'Address'
$PostalCode = $_.'Zip Code'
$Department = $_.'Job Department (Label)'
$City = $_.'City'
$Manager = $_.'MgrUserName'
#Included the If clause below to ignore execution if the $Manager variable
#from the csv is blank. Avoids throwing errors and saves execution time
#Used different possible displaynames to search for a managername
$ManagerDN = IF ($Manager -ne '')
{(Get-ADUser -server $ADServer -Filter {samaccountname -eq $Manager}).DistinguishedName} #Manager required in DN format
##First check whether $sam exisits in AD
Try { $SAMinAD = Get-ADUser -server $ADServer -LDAPFilter "(sAMAccountName=$sam)"}
Catch { }
#Execute set-aduser below only if $sam is in AD and also is in the excel file, else ignore#
If($SAMinAD -ne $null -and $sam -ne '')
#added the 'if clause' to ensure that blank fields in the CSV are ignored.
#the object names must be the LDAP names. get values using ADSI Edit
IF ($EmployeeNumber -ne '') { Set-ADUser -server $ADServer -Identity $sam -Replace @{EmployeeID=$EmployeeNumber} }
IF ($Title -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{Title=$Title} }
IF ($Division -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{Division=$Division} }
IF ($CO -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{co=$CO} }
IF ($C -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{c=$C} }
IF ($CountryCode -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{CountryCode=$CountryCode} }
IF ($Office -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{physicalDeliveryOfficeName=$Office} }
IF ($St -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{St=$St} }
IF ($StreetAddress -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{StreetAddress=$StreetAddress} }
IF ($PostalCode -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{PostalCode=$PostalCode} }
IF ($Department -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{Department=$Department} }
IF ($City -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Replace @{l=$City} }
IF ($Manager -ne '' ) { Set-ADUser -server $ADServer -Identity $sam -Manager $ManagerDN }
#Set a flag to indicate that the user has been updated on AD.
Set-ADUser -server $ADServer -Credential $Cred1 -Identity $sam -Replace @{info='HR Import ' + $logdate}
$sam + " successfully modified" | Out-File $logfile -Append
{ #Log error for users that are not in Active Directory or with no Logon name in excel file
$sam + " Not modified because it does not exist in AD or LogOn name field is empty on excel file" | Out-File $errorlogfile -Append
# Run the function script
#The lins below calculates how long
#it takes to run this script
# Get End Time
$endDTM = (Get-Date)
# Echo Time elapsed
"Elapsed Time: $(($endDTM-$startDTM).totalseconds) seconds"
"Elapsed Time: $(($endDTM-$startDTM).totalminutes) minutes"
#send the information to a text file
"$(($endDTM-$startDTM).totalseconds) seconds" > $scriptrunrime
#Append the minutes value to the text file
Add-Content -path $scriptrunrime "$(($endDTM-$startDTM).totalminutes) minutes"

Related Post

Azure Active Directory / Intune – Dynamic Group Membership RulesAzure Active Directory / Intune – Dynamic Group Membership Rules

Android Enterprise Corporate Owned Dedicated Devices / Corporate Owned Single Use (COSU) Group Name: “Intune Devices Android COSU”Query: (device.deviceOSType -eq “AndroidEnterprise”) and (device.deviceOwnership -eq “Company”) and (device.enrollmentProfileName -ne null)