Docs
Powered by

# Employee-Departure-Reconciliation.ps1

  • Purpose
  • Dependencies
  • Function
  • Usage
  • Inputs
  • Variables
  • Command Line Flags
  • Outputs
  • Notes

# Purpose

Automates reconciliation for departed employees using a CSV file, normally provided by a HR Department or similar, that dropped into a configured folder.

The script validates if an account of a departed employee is still active (by EmployeeID), disables that account, writes a dated report CSV, records any failures requiring manual follow-up to a separate failure CSV, and moves the processed CSV to a "Complete" folder.

# Dependencies

The script requires an account with permission to query and disable accounts in on-premises Active Directory.

# Function

  1. Selects the latest (or user-selected) CSV from the configured source folder.
  2. Imports the CSV and iterates through each row.
  3. For each row:
    • Uses detnumber (EmployeeID) to find the AD account via Get-ADUser.
    • If an AD account is found and is enabled, the script attempts to disable it (Disable-ADAccount).
    • If a managerEmployeeID column exists in the CSV the script will attempt to resolve the manager by EmployeeID and include the manager's name in the report. Manager lookup failures are recorded in the failure CSV.
    • Successful actions are appended to a dated report CSV.
    • Any AD query or operation failures are recorded to a dated failure CSV for manual follow-up.
  4. After processing all rows the script reports whether any accounts were disabled and prints the locations of the report and failure files.
  5. The processed CSV is moved to the configured "Complete" folder.

# Usage 

./Employee-Departure-Reconciliation.ps1

The script is fully interactive and does not require command-line parameters for standard use. It prompts for file selection and guides the user through the process.

# Inputs

  • User selection of CSV file from a folder (interactive prompt)
  • CSV file must contain at least a detnumber column (employee ID)
  • Optional: managerEmployeeID column if manager resolution is required

# Variables

  • $directory: Folder containing CSV files
  • $csvPath: Path to the selected CSV file
  • $DestinationFolderReport: Path to the output report file
  • $infoWrittenToCSV: Flag indicating if any accounts were disabled
  • $SourceDirectory: Source folder for incoming CSV files (default V:\Employee-Departure-Check)
  • $DestinationFolderReports: Folder where report and failure CSVs are written
  • $DestinationFolderComplete: Folder where processed CSVs are moved
  • $reportFile: Dated report CSV (yyyyMMdd.csv)
  • $failureFile: Dated failure CSV (yyyyMMdd.failures.csv)
  • $logFile: Path to a timestamped log written to $env:TEMP

# Command Line Flags

None for standard use.

# Outputs

  • Disables AD account for the departed employee as needed
  • Logs details to a dated CSV report
  • Provides actionable instructions for ICT follow-up if required
  • Moves processed CSV to a "Complete" folder
  • Dated report CSV containing processed rows: <ReportsFolder>\<yyyyMMdd>.csv
  • Dated failure CSV containing any items requiring manual follow up: <ReportsFolder>\<yyyyMMdd>.failures.csv
  • A plain-text log file in %TEMP% recording script steps and errors (Employee-Departure-Reconciliation.log)
  • Processed CSV moved to the <Complete> folder

# Notes

  • Requires the Active Directory module
  • CSV file must be placed in the correct folder and contain the required columns
  • Script provides clear error messages and instructions for each step
  • The script assumes CSV schema correctness (no additional input validation performed).
  • The manager lookup is performed by searching AD for the manager's EmployeeID (CSV column managerEmployeeID).
  • The script will create the Reports and Complete folders if they do not exist.
  • Any AD operation failures (query or disable) are recorded in the failure CSV to allow manual remediation.

© Copyright 2025, Michael Harris. All rights reserved.