批量 Azure AD 更新
Bulk Azure AD Update
我编写了一个脚本来更新 Azure AD 中用户的联系信息。我使用的 CSV 是从我们本地 AD 导出的。我找到了一些示例作为起点,这就是我破解的内容...
Start-Transcript "transcript.log"
# Connect to AzureAD
Connect-AzureAD
# Get CSV content
$CSVrecords = Import-Csv userexport.csv -Delimiter ","
# Create arrays for skipped and failed users
$SkippedUsers = @()
$FailedUsers = @()
# Loop trough CSV records
foreach ($CSVrecord in $CSVrecords) {
$upn = $CSVrecord.samaccountname + "@daytonrogers.com"
$user = Get-AzureADUser -Filter "userPrincipalName eq '$upn'"
if ($user) {
$command = "Set-AzureADUser -ObjectID $($user.objectid) "
if ($CSVrecord.title) {$command = "$command -jobtitle '$($CSVrecord.title)'"}
if ($CSVrecord.department) {$command = "$command -department '$($CSVrecord.department)'"}
if ($CSVrecord.office) {$command = "$command -PhysicalDeliveryOfficeName '$($CSVrecord.office)'"}
if ($CSVrecord.officephone) {$command = "$command -TelephoneNumber '$($CSVrecord.officephone)'"}
if ($CSVrecord.fax) {$command = "$command -FacsimileTelephoneNumber '$($CSVrecord.fax)'"}
if ($CSVrecord.mobilephone) {$command = "$command -Mobile '$($CSVrecord.mobilephone)'"}
if ($CSVrecord.streetaddress) {$command = "$command -streetaddress '$($CSVrecord.streetaddress)'"}
if ($CSVrecord.city) {$command = "$command -city '$($CSVrecord.city)'"}
if ($CSVrecord.state) {$command = "$command -state '$($CSVrecord.state)'"}
if ($CSVrecord.postalcode) {$command = "$command -postalcode '$($CSVrecord.postalcode)'"}
Write-Information $command
try{
$command
} catch {
$FailedUsers += $upn
Write-Warning "$upn user found, but FAILED to update."
}
}
else {
Write-Warning "$upn not found, skipped"
$SkippedUsers += $upn
}
}
Stop-Transcript
它 运行 可以很好地构建命令。但是,none 的用户得到更新。如果我从 transcript.log 文件复制/粘贴命令,它就可以工作。如果我 运行 来自 PowerShell 命令行的脚本,它就不起作用。
我在这里错过了什么?
我认为创建命令字符串然后执行它们会导致不良做法。您将不得不求助于 Invoke-Expression。这是我们要避免的事情。我将使用您的参数构建散列 table 并使用 splatting. 从中,您可以构建命令字符串以发送到信息流。请参阅下面的示例。
if ($user) {
$command = "Set-AzureADUser"
$params = @{}
$params.ObjectID = $user.objectid
if ($CSVrecord.title) {$params.jobtitle = $CSVrecord.title}
if ($CSVrecord.department) {$params.department = $CSVrecord.department}
if ($CSVrecord.office) {$params.PhysicalDeliveryOfficeName = $CSVrecord.office}
if ($CSVrecord.officephone) {$params.TelephoneNumber = $CSVrecord.officephone}
if ($CSVrecord.fax) {$params.FacsimileTelephoneNumber = $CSVrecord.fax}
if ($CSVrecord.mobilephone) {$params.Mobile = $CSVrecord.mobilephone}
if ($CSVrecord.streetaddress) {$params.streetaddress = $CSVrecord.streetaddress}
if ($CSVrecord.city) {$params.city = $CSVrecord.city}
if ($CSVrecord.state) {$params.state = $CSVrecord.state}
if ($CSVrecord.postalcode) {$params.postalcode = $CSVrecord.postalcode}
Write-Information "$command $($params.GetEnumerator() |% {"-{0} '{1}'" -f $_.Key,$_.Value})"
& $command @params
}
我编写了一个脚本来更新 Azure AD 中用户的联系信息。我使用的 CSV 是从我们本地 AD 导出的。我找到了一些示例作为起点,这就是我破解的内容...
Start-Transcript "transcript.log"
# Connect to AzureAD
Connect-AzureAD
# Get CSV content
$CSVrecords = Import-Csv userexport.csv -Delimiter ","
# Create arrays for skipped and failed users
$SkippedUsers = @()
$FailedUsers = @()
# Loop trough CSV records
foreach ($CSVrecord in $CSVrecords) {
$upn = $CSVrecord.samaccountname + "@daytonrogers.com"
$user = Get-AzureADUser -Filter "userPrincipalName eq '$upn'"
if ($user) {
$command = "Set-AzureADUser -ObjectID $($user.objectid) "
if ($CSVrecord.title) {$command = "$command -jobtitle '$($CSVrecord.title)'"}
if ($CSVrecord.department) {$command = "$command -department '$($CSVrecord.department)'"}
if ($CSVrecord.office) {$command = "$command -PhysicalDeliveryOfficeName '$($CSVrecord.office)'"}
if ($CSVrecord.officephone) {$command = "$command -TelephoneNumber '$($CSVrecord.officephone)'"}
if ($CSVrecord.fax) {$command = "$command -FacsimileTelephoneNumber '$($CSVrecord.fax)'"}
if ($CSVrecord.mobilephone) {$command = "$command -Mobile '$($CSVrecord.mobilephone)'"}
if ($CSVrecord.streetaddress) {$command = "$command -streetaddress '$($CSVrecord.streetaddress)'"}
if ($CSVrecord.city) {$command = "$command -city '$($CSVrecord.city)'"}
if ($CSVrecord.state) {$command = "$command -state '$($CSVrecord.state)'"}
if ($CSVrecord.postalcode) {$command = "$command -postalcode '$($CSVrecord.postalcode)'"}
Write-Information $command
try{
$command
} catch {
$FailedUsers += $upn
Write-Warning "$upn user found, but FAILED to update."
}
}
else {
Write-Warning "$upn not found, skipped"
$SkippedUsers += $upn
}
}
Stop-Transcript
它 运行 可以很好地构建命令。但是,none 的用户得到更新。如果我从 transcript.log 文件复制/粘贴命令,它就可以工作。如果我 运行 来自 PowerShell 命令行的脚本,它就不起作用。
我在这里错过了什么?
我认为创建命令字符串然后执行它们会导致不良做法。您将不得不求助于 Invoke-Expression。这是我们要避免的事情。我将使用您的参数构建散列 table 并使用 splatting. 从中,您可以构建命令字符串以发送到信息流。请参阅下面的示例。
if ($user) {
$command = "Set-AzureADUser"
$params = @{}
$params.ObjectID = $user.objectid
if ($CSVrecord.title) {$params.jobtitle = $CSVrecord.title}
if ($CSVrecord.department) {$params.department = $CSVrecord.department}
if ($CSVrecord.office) {$params.PhysicalDeliveryOfficeName = $CSVrecord.office}
if ($CSVrecord.officephone) {$params.TelephoneNumber = $CSVrecord.officephone}
if ($CSVrecord.fax) {$params.FacsimileTelephoneNumber = $CSVrecord.fax}
if ($CSVrecord.mobilephone) {$params.Mobile = $CSVrecord.mobilephone}
if ($CSVrecord.streetaddress) {$params.streetaddress = $CSVrecord.streetaddress}
if ($CSVrecord.city) {$params.city = $CSVrecord.city}
if ($CSVrecord.state) {$params.state = $CSVrecord.state}
if ($CSVrecord.postalcode) {$params.postalcode = $CSVrecord.postalcode}
Write-Information "$command $($params.GetEnumerator() |% {"-{0} '{1}'" -f $_.Key,$_.Value})"
& $command @params
}