0 votes

Need help creating and updating users from a fixed formatted file exported daily by the HR system system. I just want to make sure that I am on the right track before getting deeply involved.

The HR file contains employee records that will need to be added, updated and/terminated in AD. It contains a field that determines this action and around 44 other fields which defines employee's ID, department, address, manager, ...

I plan on scheduling a task running PS script, parsing the HR file and acting accordingly. I found sample scripts which handle a csv formatted file but none that can work with a fixed formatted file. I found a PS function on the Internet that will do this and create PS objects for each records, will this work? Any suggestions as to how to handle this scenario, best practices?

Thanks!

by (50 points)
0

Hello,

Since the functions transform TXT file entries to PS objects, there should be no issues in adding those objects to Active Directory using the New-AdmUser cmdlet from Adaxes PowerShell Module. If you could post here or send us to support[at]adaxes.com a sample of your text file and the functions you've found, we could provide you more specific guidance or samples.

0

Hello support, thanks for your response! I am attaching the sample txt file and the function that I'll be using. Please let me know if this will work in my case and if so, any recommendations and/or sample files will be much appreciated.

Thanks.

My files.zip

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, you can do what you want with the help of a PowerShell script, but we need a couple of clarifications to provide you a sample:

  • It is not quite clear, which column matches which AD attribute. For example, it is quite clear that the columns that contain the words Jane and Joe are for the first name of a user, but what about the columns that contain E or L? Could you provide a full mapping of each column and its respective AD attribute? For example:

    • Column 1 = department
    • Column 2 = whenCreated
      ...
  • In order to convert data from fixed formatted text to PS objects, it is necessary to specify the width of each column. Can you provide the column widths (in characters)?

0

Thanks! You guys have a great product and the support to go with it :D I'll give it a shot and perhaps come back with more questions.

0

Just finished trying this out and it works like a charm, thanks again!

One more question and let me know if I need to start a new thread. I need to kick off an approval after the search for an existing employee (using employeeID) returns a match (option 1, creating new user). If approved go ahead and create the user and if denied, do nothing. I tried the SubmitForApproval command but was not able to get the result I need. Can you think of a better way of handling this scenario?

Thanks.

0

Hello,

Since the script creates users via Adaxes service, it triggers Business Rules on user creation and update. So, instead of sending for approval directly in the script, you can create a Business Rule triggered before creating a user for this purpose. To distinguish duplicate accounts from other new accounts, you can set a certain attribute of duplicate accounts to a certain value. Then, in your Business Rule, you can send the operation for approval only if the attribute is set to that specific value. As for an attribute that you can use, we suggest an Adaxes virtual attribute that stores boolean (True/False) values and set it to True. Such attributes are not stored in AD, but can be used the same as any other attributes of AD accounts.

To implement such a solution:
I. Change the script

To configure the script to set a virtual attribute to True when a duplicate account is being created, find the following block in the script:

<i class="text-italic"><s>if ($user -ne $NULL)
    {
        $Context.LogMessage("Cannot create user with Employee ID $($userProperties.EmployeeID). A user with the same Employee ID already exists.", "Error")
        return
    }</s></i>

and replace it with the following one:

<i class="text-italic">if ($user -ne $NULL)
    {
        # Duplicate account found
        $userProperties.Add(<strong class="text-bold">"adm-CustomAttributeBoolean1"</strong>, $True)
    }</i>

where adm-CustomAttributeBoolean1 is the LDAP display name of the virtual attribute you want to use.

II. Create a Business Rule that will sent the operation for approval

To create a Business Rule that will sent a new user for approval if the virtual attribute is set to True:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule wizard, select User and Before Creating a User.

  3. On step 3, add the Send this operation for approval action.

  4. Specify possible approvers and click OK.

  5. Double-click Always.

  6. Select If <property> <relation> <value>.

  7. Specify If CustomAttributeBoolean1 equals true

    where CustomAttributeBoolean1 is the name of the virtual attribute that you used in the script.

  8. Click OK and finish creation of the Business Rule.

0

Thanks! I woke up early this morning and was thinking along the same lines, stuffing an attribute with a flag and having a business rule take care of it. Then I saw your reply :) Obviously a much more elegant approach with the Adaxes virtual attributes (something I wasn't aware of anyway and am still looking for reference material) I am now afraid to do anything without checking with you guys first :lol: Great work guys! Thanks again!

0

Hello,

Thank you for your feedback, we really appreciate that!

Related questions

0 votes
1 answer

I am using this script modified for my testing. Import-Module Adaxes $csvFilePath = "D:\TestFeed\ImportNewUsers.csv" # Path to pick up feed file $userIdColumn = "Employee Number" # TODO: ... initial. I would like to add a 2 for now if the sam isn't unique.

asked Oct 17, 2022 by mightycabal (1.0k points)
0 votes
1 answer

Would "updating a user" also be triggered when "creating a user"? So for example, if I set a Business Rule trigger to modify a user when their user account is changed, would ... and I could not find one. If there is a document that covers this let me know.

asked Jan 17, 2023 by mobosys (290 points)
0 votes
1 answer

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
0 votes
1 answer

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24 by dhardyuk (20 points)
0 votes
1 answer

For example, if their old password was "Password1", if they try to change it to "Password2" it would block the password reset since it doesn't meet the password requirements.

asked Sep 10 by tsinball (20 points)
3,589 questions
3,278 answers
8,303 comments
548,137 users