0 votes

Need help creating and updating users from a fixed formatted file exported daily by the HR system system. I just want to make sure that I am on the right track before getting deeply involved.

The HR file contains employee records that will need to be added, updated and/terminated in AD. It contains a field that determines this action and around 44 other fields which defines employee's ID, department, address, manager, ...

I plan on scheduling a task running PS script, parsing the HR file and acting accordingly. I found sample scripts which handle a csv formatted file but none that can work with a fixed formatted file. I found a PS function on the Internet that will do this and create PS objects for each records, will this work? Any suggestions as to how to handle this scenario, best practices?

Thanks!

by (50 points)
0

Hello,

Since the functions transform TXT file entries to PS objects, there should be no issues in adding those objects to Active Directory using the New-AdmUser cmdlet from Adaxes PowerShell Module. If you could post here or send us to support[at]adaxes.com a sample of your text file and the functions you've found, we could provide you more specific guidance or samples.

0

Hello support, thanks for your response! I am attaching the sample txt file and the function that I'll be using. Please let me know if this will work in my case and if so, any recommendations and/or sample files will be much appreciated.

Thanks.

My files.zip

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, you can do what you want with the help of a PowerShell script, but we need a couple of clarifications to provide you a sample:

  • It is not quite clear, which column matches which AD attribute. For example, it is quite clear that the columns that contain the words Jane and Joe are for the first name of a user, but what about the columns that contain E or L? Could you provide a full mapping of each column and its respective AD attribute? For example:

    • Column 1 = department
    • Column 2 = whenCreated
      ...
  • In order to convert data from fixed formatted text to PS objects, it is necessary to specify the width of each column. Can you provide the column widths (in characters)?

0

I am sorry, I should've included that information. I have attached two files here that should clear both of your questions. Looking forward to hearing from you.

Thanks

parse.zip

0

Hello,

OK, almost there :) Could you clarify the following:

  • We've found several non-standard LDAP attributes (e.g. terminationDate, positionDepartmentCode, positionUnitCode). Were the attributes added to your AD by extending the schema?
  • What about column Record Type? Does it map to any attribute?
0

Hello, good questions and obviously I should have thought about it!

Yes, the schema was extended and I am expecting the non-standard attributes to be there.

Column one or Record Type determines if the record is for a 1=New Employee, 2=Update Employee, 3=Terminate Employee

Thanks!

0

Hello,

OK got it. There should be no problems with attributes you added to your schema.

2 more questions and we are done:

  1. 3=Terminate Employee - what should the script do with such employees? In Adaxes, there is a built-in Custom Command for user deprovisioning called Deprovision. Should the script execute it on such users, simply disable such accounts or anything else?
  2. Is there an attribute that is unique, never changes, and that we can use for searching for employees? Maybe, employeeID?
0

Hello,

Sounds like you already have the answers :D

1 - Exactly! Disable account and move to disabled container (I have not looked at the custom command but I assume that's what it does).

2 - Yes, column 7 which maps to employeeID is a unique attribute and should be used for this purpose.

Thanks!

0

Hello,

Any updates? From your questions I thought I'll be getting more help in the way samples ....
Thanks

0

Hello,

Sorry for a delayed reply. The script you requested is ready. We've decided to add it to our Script Repository. See Import user information from fixed formatted text file.

To create a Scheduled Task that will perform user import on a regular basis:

  1. Create a new Scheduled Task.
  2. On step 3 of the Create Scheduled Task wizard, select Show all object types.
  3. Select the Domain-DNS object type.
  4. On step 4 add the Run a program or PowerShell script action and paste the script from the Script Repository.
  5. Modify parameters of the script as necessary.
  6. Add a short description for the script and click OK.
  7. On step 5, assign the Scheduled Task over any of your AD domains.
  8. Click Finish.
0

Thanks! You guys have a great product and the support to go with it :D I'll give it a shot and perhaps come back with more questions.

0

Just finished trying this out and it works like a charm, thanks again!

One more question and let me know if I need to start a new thread. I need to kick off an approval after the search for an existing employee (using employeeID) returns a match (option 1, creating new user). If approved go ahead and create the user and if denied, do nothing. I tried the SubmitForApproval command but was not able to get the result I need. Can you think of a better way of handling this scenario?

Thanks.

0

Hello,

Since the script creates users via Adaxes service, it triggers Business Rules on user creation and update. So, instead of sending for approval directly in the script, you can create a Business Rule triggered before creating a user for this purpose. To distinguish duplicate accounts from other new accounts, you can set a certain attribute of duplicate accounts to a certain value. Then, in your Business Rule, you can send the operation for approval only if the attribute is set to that specific value. As for an attribute that you can use, we suggest an Adaxes virtual attribute that stores boolean (True/False) values and set it to True. Such attributes are not stored in AD, but can be used the same as any other attributes of AD accounts.

To implement such a solution:
I. Change the script

To configure the script to set a virtual attribute to True when a duplicate account is being created, find the following block in the script:

<i class="text-italic"><s>if ($user -ne $NULL)
    {
        $Context.LogMessage("Cannot create user with Employee ID $($userProperties.EmployeeID). A user with the same Employee ID already exists.", "Error")
        return
    }</s></i>

and replace it with the following one:

<i class="text-italic">if ($user -ne $NULL)
    {
        # Duplicate account found
        $userProperties.Add(<strong class="text-bold">"adm-CustomAttributeBoolean1"</strong>, $True)
    }</i>

where adm-CustomAttributeBoolean1 is the LDAP display name of the virtual attribute you want to use.

II. Create a Business Rule that will sent the operation for approval

To create a Business Rule that will sent a new user for approval if the virtual attribute is set to True:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule wizard, select User and Before Creating a User.

  3. On step 3, add the Send this operation for approval action.

  4. Specify possible approvers and click OK.

  5. Double-click Always.

  6. Select If <property> <relation> <value>.

  7. Specify If CustomAttributeBoolean1 equals true

    where CustomAttributeBoolean1 is the name of the virtual attribute that you used in the script.

  8. Click OK and finish creation of the Business Rule.

0

Thanks! I woke up early this morning and was thinking along the same lines, stuffing an attribute with a flag and having a business rule take care of it. Then I saw your reply :) Obviously a much more elegant approach with the Adaxes virtual attributes (something I wasn't aware of anyway and am still looking for reference material) I am now afraid to do anything without checking with you guys first :lol: Great work guys! Thanks again!

0

Hello,

Thank you for your feedback, we really appreciate that!

Related questions

0 votes
1 answer

I am using this script modified for my testing. Import-Module Adaxes $csvFilePath = "D:\TestFeed\ImportNewUsers.csv" # Path to pick up feed file $userIdColumn = "Employee Number" # TODO: ... initial. I would like to add a 2 for now if the sam isn't unique.

asked Oct 17, 2022 by mightycabal (1.0k points)
0 votes
1 answer

Would "updating a user" also be triggered when "creating a user"? So for example, if I set a Business Rule trigger to modify a user when their user account is changed, would ... and I could not find one. If there is a document that covers this let me know.

asked Jan 17, 2023 by mobosys (290 points)
0 votes
1 answer

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
0 votes
1 answer

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24 by dhardyuk (20 points)
0 votes
1 answer

For example, if their old password was "Password1", if they try to change it to "Password2" it would block the password reset since it doesn't meet the password requirements.

asked Sep 10 by tsinball (20 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users