Share via

Bulk Update of Users in Entra ID

Nicholas Truden 40 Reputation points
2024-06-24T15:33:39.61+00:00

I need a PowerShell script that updates all of my users' Employee IDs. NONE of the scripts I have found have worked due to one reason or another. I need a script that is recent using cmdlets and parameters that actually work.

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,582 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,076 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganeshkumar R 660 Reputation points
    2024-06-24T15:39:56.7866667+00:00

    To update the Employee ID for all users in Active Directory using PowerShell, you can use the Set-ADUser cmdlet from the Active Directory module. This script assumes you have the necessary permissions to update user attributes in Active Directory and that you have the Active Directory module installed.

    Here’s a step-by-step guide to create a PowerShell script that updates the Employee ID for all users:

    1. Install the Active Directory Module

    If you haven't already installed the Active Directory module, you can install it using the following command on Windows Server or Windows 10/11 with RSAT (Remote Server Administration Tools) installed:

    
Install-WindowsFeature RSAT-AD-PowerShell

    On Windows 10/11, you can enable RSAT features:

    
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online

    2. Prepare the CSV File

    Prepare a CSV file with the following format, where SamAccountName is the user’s logon name, and EmployeeID is the new employee ID you want to set:

    
SamAccountName,EmployeeID

jdoe,12345

asmith,67890

    3. Create the PowerShell Script

    Create a PowerShell script to read the CSV file and update the Employee ID for each user:

    
# Import the Active Directory module

Import-Module ActiveDirectory

# Define the path to the CSV file

$csvFilePath = "C:\Path\To\EmployeeIDs.csv"

# Import the CSV file

$userData = Import-Csv -Path $csvFilePath

# Iterate over each row in the CSV file

foreach ($user in $userData) {

    # Get the user's SamAccountName and EmployeeID

    $samAccountName = $user.SamAccountName

    $employeeID = $user.EmployeeID

    # Update the EmployeeID attribute for the user

    try {

        Set-ADUser -Identity $samAccountName -EmployeeID $employeeID

        Write-Host "Successfully updated EmployeeID for user: $samAccountName"

    } catch {

        Write-Host "Failed to update EmployeeID for user: $samAccountName. Error: $_"

    }

}

    4. Run the Script

    Run the script in a PowerShell session with administrative privileges:

    
.\Update-EmployeeID.ps1

    Notes:

    • Permissions: Ensure the account running the script has the necessary permissions to modify user attributes in Active Directory.
    • Error Handling: The script includes basic error handling to catch and display any errors that occur during the update process.
    • Logging: You can enhance the script by adding logging to a file if needed.

    Example with Enhanced Logging and Error Handling:

    
# Import the Active Directory module

Import-Module ActiveDirectory

# Define the path to the CSV file

$csvFilePath = "C:\Path\To\EmployeeIDs.csv"

# Define the path to the log file

$logFilePath = "C:\Path\To\UpdateEmployeeID.log"

# Function to log messages

function Log-Message {

    param (

        [string]$message

    )

    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

    $logMessage = "$timestamp - $message"

    Write-Host $logMessage

    Add-Content -Path $logFilePath -Value $logMessage

}

# Import the CSV file

$userData = Import-Csv -Path $csvFilePath

# Iterate over each row in the CSV file

foreach ($user in $userData) {

    # Get the user's SamAccountName and EmployeeID

    $samAccountName = $user.SamAccountName

    $employeeID = $user.EmployeeID

    # Update the EmployeeID attribute for the user

    try {

        Set-ADUser -Identity $samAccountName -EmployeeID $employeeID

        Log-Message "Successfully updated EmployeeID for user: $samAccountName"

    } catch {

        Log-Message "Failed to update EmployeeID for user: $samAccountName. Error: $_"

    }

}

    This enhanced script logs each success and failure to a log file, providing a record of the updates made and any errors encountered.

    By following these steps and using the provided script, you should be able to update the Employee IDs for all your users in Active Directory.

  2. Ganeshkumar R 660 Reputation points
    2024-06-25T12:49:20.45+00:00

    To update users' Employee IDs in Microsoft Entra ID (formerly known as Azure AD), you can use the Azure AD PowerShell module. Below is a script that should help you achieve this. Make sure you have the AzureAD module installed and that you have the necessary permissions to update user attributes.

    1. Install the AzureAD module (if you haven't already): 
      
   Install-Module -Name AzureAD
    2. Connect to Azure AD: 
      
   Connect-AzureAD
    3. Script to update Employee IDs: 
      
   # Import the AzureAD module

   Import-Module AzureAD

   # Connect to Azure AD

   Connect-AzureAD

   # Define a hash table with UserPrincipalName and the corresponding EmployeeID

   $userEmployeeIDMap = @{

       "user1@domain.com" = "EID001"

       "user2@domain.com" = "EID002"

       "user3@domain.com" = "EID003"

       # Add more users as needed

   }

   # Loop through each user and update the EmployeeID attribute

   foreach ($user in $userEmployeeIDMap.Keys) {

       $employeeID = $userEmployeeIDMap[$user]

       try {

           # Get the user object

           $userObject = Get-AzureADUser -ObjectId $user

           if ($userObject) {

               # Update the EmployeeID

               Set-AzureADUser -ObjectId $userObject.ObjectId -EmployeeID $employeeID

               Write-Host "Successfully updated EmployeeID for $user to $employeeID"

           } else {

               Write-Host "User $user not found."

           }

       } catch {

           Write-Host "Failed to update EmployeeID for $user. Error: $_"

       }

   }

    Explanation:

    • $userEmployeeIDMap: This is a hash table where you can map UserPrincipalNames to their new Employee IDs. Add your users and their respective Employee IDs here.
    • Get-AzureADUser: Retrieves the user object from Azure AD.
    • Set-AzureADUser: Updates the EmployeeID attribute for the user.

    Running the script:

    1. Open PowerShell with administrative privileges.
    2. Copy and paste the script into the PowerShell window or save it as a .ps1 file and execute it.
    3. Make sure to replace the placeholders in the $userEmployeeIDMap with actual user principal names and employee IDs.

    Note:

    • Ensure that you have the necessary permissions to update user attributes in Azure AD.
    • If you encounter any issues, double-check the user principal names and ensure they are correctly formatted and exist in your directory.
    • This script assumes you have the AzureAD module. If you're using the newer Microsoft.Graph module, the cmdlets will differ.

    Let me know if you need any further assistance or modifications to this script!

    0 comments
  3. Neuvi Jiang 1,450 Reputation points Microsoft Vendor
    2024-06-27T05:17:07.2433333+00:00

    Hi Nicholas Truden,

    Thank you for posting in the Q&A Forums.

    # Import the Active Directory module  
Import-Module ActiveDirectory  
  
# Define the new employee ID value or a function to retrieve it (this is just an example value)  
$newEmployeeID = "12345"  
  
# Get all users in the domain (assuming your domain is example.com, replace with your actual domain)  
$users = Get-ADUser -Filter * -SearchBase "DC=example,DC=com" -Properties extensionAttribute1  
  
foreach ($user in $users) {  
    # Check if extensionAttribute1 already has a value or perform other checks based on your requirements  
    if ([string]::IsNullOrWhiteSpace($user.extensionAttribute1)) {  
        # If extensionAttribute1 is empty, set the new employee ID  
        Set-ADUser -Identity $user.SamAccountName -Replace @{extensionAttribute1=$newEmployeeID}  
        Write-Host "Updated employee ID for user: $($user.SamAccountName)"  
    } else {  
        # If extensionAttribute1 already has a value, you can choose to skip, overwrite, or perform other actions  
        # Here, we just print a message as an example  
        Write-Host "Skipping user: $($user.SamAccountName) because extensionAttribute1 already has a value."  
    }  
}

    Note:

    1. Please replace with your actual domain name.example.com
    2. If your employee ID is not stored in , replace it with the correct attribute name.extensionAttribute1
    3. $newEmployeeID should be a function or logic to generate or retrieve a new employee ID for each user. In the example above, I just set a fixed value for all users.
    4. Depending on your requirements, you may need to add error handling and other logic.
    5. In large environments, this script may take some time to complete as it needs to iterate through all users and update them individually. Please consider the performance and potential impact when performing such operations.

    Best regards

    NeuviJ

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.