Powershell Import/Update Users/Groups From CSV File

1. #Information: Rocket City Tech (rocketcitytech.tv) created this script for a situation requiring a temporary synch from a CSV file to
2. #Active Directory. Use at your own risk!! By default, if users have no group membership in CSV, they are deleted!
3.  
4. # Import active directory module
5. Import-Module activedirectory
6.  
7. #Load data from file.csv into $ADUsers variable. Change this to wherever your CSV file is located.
8. $ADUsers = Import-csv x:\path\to\csv\file.csv
9.  
10. #Go through each row that has user data in the CSV we just imported
11. foreach ($User in $ADUsers)
12. {
13.     #Read user data from each field in each row and assign to variables. CSV headers should match: sAMAccountName,
14.     #password, givenName, sn, pager, groups. The groups field should be split with a ; so multiple groups can be added to a user.
15.     #For example, a groups field for a user with 3 groups may look like this:
16.     #CN=accounting,CN=Users,DC=example,DC=com;CN=wifi,CN=Users,DC=example,DC=com;CN=donuts,CN=Users,DC=example,DC=com
17.     #Also, the password field should be in plain text.
18.        
19.     $Username = $User.sAMAccountName
20.     $Password = $User.password
21.     $Firstname = $User.givenName
22.     $Lastname = $User.sn
23.     $Pager = $User.pager
24.     $groups = $User.groups -split ";"
25.  
26.     #If the user group membership is empty in CSV file, we delete the user from AD. You can remove this if you want.
27.     if ([string]::IsNullOrWhiteSpace($groups))
28.     {  
29.         Remove-ADUser -Identity $Username -Confirm:$false
30.         Write-Output "$Username has no groups, removing from AD"
31.     }
32.    
33.     #If the user group membership field does have data, let's continue on...
34.     else
35.     {
36.    
37.     #Check to see if the user already exists in AD. If they do, we are updating, not creating a new user.
38.     if (Get-ADUser -F {SamAccountName -eq $Username})
39.     {
40.          #If user does exist, remove from all groups, update password, pager, & re-assign groups
41.          
42.          Get-ADUser -Identity $Username -Properties MemberOf | ForEach-Object {
43.                 $_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
44.             }
45.          
46.          Set-ADUser -Identity $Username -Replace @{Pager=$Pager}
47.          
48.          #You should change example.com to your domain.
49.          Set-ADUser -Identity $Username -PasswordNeverExpires $True -Enabled $True -EmailAddress "$Username@example.com" -DisplayName "$Firstname $Lastname"
50.          
51.          foreach($group in $groups){Add-ADGroupMember $group -Members $Username}
52.          
53.          Set-ADAccountPassword -Identity $Username -NewPassword (ConvertTo-SecureString $Password -AsPlainText -force) -Reset
54.    
55.          #Write output so we know WTH happened.
56.          Write-Output "$Username already existed and has been updated"
57.     }
58.    
59.     else
60.     {
61.         #If the user does not exist, then go ahead and create the account with necessary attributes. You should change example.com
62.        
63.         New-ADUser `
64.             -SamAccountName $Username `
65.             -UserPrincipalName "$Username@example.com" `
66.             -Name "$Firstname $Lastname" `
67.             -GivenName $Firstname `
68.             -Surname $Lastname `
69.             -Enabled $True `
70.             -DisplayName "$Firstname $Lastname" `
71.             -EmailAddress "$Username@example.com" `
72.             -AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
73.             -PasswordNeverExpires $True
74.            
75.        
76.         #Now that the user has been created, add them to the correct groups
77.         foreach($group in $groups){Add-ADGroupMember $group -Members $Username}
78.  
79.         #And again, let us know what happened.
80.         Write-Output "$Username was new and has been created"
81.     }
82.   }
83. }