查找不再受雇的活跃客户
Find Active Accounts No Longer Employed
我想为员工离职时不通知 IT 创建一个支持机制。我们每月收到一份 csv 格式的在职员工花名册,其中包括 employeeID 字段。我计划每天要求他们可以通过他们的 HRIS 系统提供。我想最终通过任务调度程序自动复制一份副本,从 HR 将文件放置到我们 运行 我们脚本的位置 - 然后针对复制的 csv 启动下面的脚本到 运行。现在我只需要帮助来正确设置 Powershell 脚本。
我想做的是:
- 在 AD 中搜索具有 employeeID 的员工(不返回空白)
- 导入包含一列 employeeIDs 的 csv
- 根据 AD 结果对 csv 执行搜索
- 对于 AD 中存在但 csv 中不存在的任何员工 ID,将电子邮件地址发送到地址“user $_.Name not an employee
EmployeeID 是我们最可靠的字段,因为 HR 没有 SamAccountNames 列表,而且人们结婚后姓名和电子邮件地址会发生变化。我不想要自动执行禁用帐户的过程,因为这会为 HR 中的流氓行为者启用一种机制来禁用每个人的帐户。
我的脚本全错了,但这是我开始时的思考过程:
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
#
$adusers = Get-ADUser -searchbase "OU=MyOU,DC=MyCompany,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster-test.csv
foreach($emp in $csv)
{
$csvID = $csv.employeeID
$csvName = $csv.Name
if($adusers.EmployeeID -notlike $csvID)
{
echo '**not found in roster**'
echo $ADusers.Name
}
}
我还没有看到电子邮件通知部分,因为我似乎连这个都看不懂。它只是 returns 我花名册中的人与花名册中的人数一致。它倒退了。求助!
编辑 - 使用电子邮件通知更新:
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
$adUsers = Get-ADUser -searchbase "OU=MyOU,DC=Example,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
# Email Server info
$SmtpServer = "emailserver.example.com"
$NotificationEmailAddress = "myemail@example.com"
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster.csv
foreach ($emp in $adUsers) {
$csvIDList = $csv.EmployeeID
if ($emp.EmployeeID -notin $csvIDList) {
$Body = "The following users are still enabled in Active Directory however not found in the active employee roster " + ($($emp.Name) | out-string)
Send-MailMessage -From $NotificationEmailAddress -To $NotificationEmailAddress -Subject "Active Accounts Not In Employee Roster" -Priority High -dno onFailure -SmtpServer $SmtpServer -Body $Body
}
}
我收到每个用户的电子邮件。值得庆幸的是,在我的测试中,我正在做一个小的 OU 和花名册的一个样本子集。呵!有什么建议吗?我想我可能需要创建另一个包含所有结果的变量,是吗?
你的脚本并没有错,实际上你已经很接近了。您在每次迭代时将 AD 查询中所有 returned 用户打印为受影响的用户,而您只是想 return 您正在迭代的用户。与 ID 数组进行比较时,您可以在 HR csv 列表中使用 -notin。
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
#
$adUsers = Get-ADUser -searchbase "OU=MyOU,DC=MyCompany,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster-test.csv
# Email Server info
$smtpServer = "emailserver.example.com"
$notificationEmailAddress = "myemail@example.com"
[System.Collections.ArrayList]$listOfMissing = @()
foreach ($emp in $adUsers) {
$csvIDList = $csv.EmployeeID
if ($emp.EmployeeID -notin $csvIDList) {
Write-Output "**Employee $($emp.Name) not found in roster**"
$listOfMissing.Add($emp.Name)
}
}
if ($listOfMissing) {
$subject = "Active Accounts Not In Employee Roster"
$body = @"
The following users are still enabled in Active Directory however not found in the active employee roster:
$($listOfMissing | Out-String)
"@
$emailParameters = @{
From = $notificationEmailAddress
To = $notificationEmailAddress
Subject = $subject
Priority = 'High'
Dno = 'onFailure'
SmtpServer = $smtpServer
Body = $body
}
Send-MailMessage @emailParameters
} else {
Write-Output 'Email not sent, no users found'
}
我可能还建议使用另一个脚本定期自动更新该 csv,或者集成到 HR 系统,通常是 Workday 或类似的系统,但我知道在我们的职位上有时我们没有这种访问权限. :)
对于电子邮件,您可以
我想为员工离职时不通知 IT 创建一个支持机制。我们每月收到一份 csv 格式的在职员工花名册,其中包括 employeeID 字段。我计划每天要求他们可以通过他们的 HRIS 系统提供。我想最终通过任务调度程序自动复制一份副本,从 HR 将文件放置到我们 运行 我们脚本的位置 - 然后针对复制的 csv 启动下面的脚本到 运行。现在我只需要帮助来正确设置 Powershell 脚本。
我想做的是:
- 在 AD 中搜索具有 employeeID 的员工(不返回空白)
- 导入包含一列 employeeIDs 的 csv
- 根据 AD 结果对 csv 执行搜索
- 对于 AD 中存在但 csv 中不存在的任何员工 ID,将电子邮件地址发送到地址“user $_.Name not an employee
EmployeeID 是我们最可靠的字段,因为 HR 没有 SamAccountNames 列表,而且人们结婚后姓名和电子邮件地址会发生变化。我不想要自动执行禁用帐户的过程,因为这会为 HR 中的流氓行为者启用一种机制来禁用每个人的帐户。
我的脚本全错了,但这是我开始时的思考过程:
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
#
$adusers = Get-ADUser -searchbase "OU=MyOU,DC=MyCompany,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster-test.csv
foreach($emp in $csv)
{
$csvID = $csv.employeeID
$csvName = $csv.Name
if($adusers.EmployeeID -notlike $csvID)
{
echo '**not found in roster**'
echo $ADusers.Name
}
}
我还没有看到电子邮件通知部分,因为我似乎连这个都看不懂。它只是 returns 我花名册中的人与花名册中的人数一致。它倒退了。求助!
编辑 - 使用电子邮件通知更新:
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
$adUsers = Get-ADUser -searchbase "OU=MyOU,DC=Example,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
# Email Server info
$SmtpServer = "emailserver.example.com"
$NotificationEmailAddress = "myemail@example.com"
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster.csv
foreach ($emp in $adUsers) {
$csvIDList = $csv.EmployeeID
if ($emp.EmployeeID -notin $csvIDList) {
$Body = "The following users are still enabled in Active Directory however not found in the active employee roster " + ($($emp.Name) | out-string)
Send-MailMessage -From $NotificationEmailAddress -To $NotificationEmailAddress -Subject "Active Accounts Not In Employee Roster" -Priority High -dno onFailure -SmtpServer $SmtpServer -Body $Body
}
}
我收到每个用户的电子邮件。值得庆幸的是,在我的测试中,我正在做一个小的 OU 和花名册的一个样本子集。呵!有什么建议吗?我想我可能需要创建另一个包含所有结果的变量,是吗?
你的脚本并没有错,实际上你已经很接近了。您在每次迭代时将 AD 查询中所有 returned 用户打印为受影响的用户,而您只是想 return 您正在迭代的用户。与 ID 数组进行比较时,您可以在 HR csv 列表中使用 -notin。
# Return employees with an employeeID field populated - we're not concerned with service accounts, consultants, etc
#
$adUsers = Get-ADUser -searchbase "OU=MyOU,DC=MyCompany,DC=COM" -Filter {employeeID -like "*" -and enabled -eq $true} -Properties employeeID
#
# Import active roster
#
$csv = Import-Csv C:\temp\activeroster-test.csv
# Email Server info
$smtpServer = "emailserver.example.com"
$notificationEmailAddress = "myemail@example.com"
[System.Collections.ArrayList]$listOfMissing = @()
foreach ($emp in $adUsers) {
$csvIDList = $csv.EmployeeID
if ($emp.EmployeeID -notin $csvIDList) {
Write-Output "**Employee $($emp.Name) not found in roster**"
$listOfMissing.Add($emp.Name)
}
}
if ($listOfMissing) {
$subject = "Active Accounts Not In Employee Roster"
$body = @"
The following users are still enabled in Active Directory however not found in the active employee roster:
$($listOfMissing | Out-String)
"@
$emailParameters = @{
From = $notificationEmailAddress
To = $notificationEmailAddress
Subject = $subject
Priority = 'High'
Dno = 'onFailure'
SmtpServer = $smtpServer
Body = $body
}
Send-MailMessage @emailParameters
} else {
Write-Output 'Email not sent, no users found'
}
我可能还建议使用另一个脚本定期自动更新该 csv,或者集成到 HR 系统,通常是 Workday 或类似的系统,但我知道在我们的职位上有时我们没有这种访问权限. :)
对于电子邮件,您可以