AzureAD - Block Access by EmployeeID

Question

Working on blocking users by EmployeeID in AzureAD.

The CSV file has a column EmployeeID setup as:

EmployeID
---------

9999
12345
23452
24354
234234

Here is what I have so far

$TermedUsers = Import-csv "C:\temp\testtermed1.csv"

foreach ($Termed in $TermedUsers){

Set-AzureADUser -ObjectID (Get-AzureADUser | where-object {$_.ExtensionProperty.employeeId -eq $Termed}).EmployeeID -AccountEnabled $false

}

The error message I get is:

Set-AzureADUser : Cannot bind argument to parameter 'ObjectId' because it is null.
At line:5 char:27

I attempted to work off a script I found on Microsoft, which will block via UPN in .txt:

Get-Content "C:\My Documents\Accounts.txt" | ForEach { Set-AzureADUSer -ObjectID $_ -AccountEnabled $true }

Any help is appreciated.

Thank you,

Answer 1

According to the script you provided, we cannot use the property "EmployeeId" as the ObjectId. They are different properties of a user.

EmployeeId : The employee identifier assigned to the user by the organization ObjectId : The unique identifier for the user. Inherited from Directory.

Regarding how to set Azure AD user, please refer to the following script :

1. CSV file

2. Script

Connect-AzureAD

$r = Import-csv E:\test.csv

$r.EmployeeID

foreach($id in $r.EmployeeID ){

 Set-AzureADUser -ObjectId (Get-AzureADUser | where-object {$_.ExtensionProperty.employeeId -eq $id}).ObjectId -AccountEnabled $false
 (Get-AzureADUser | where-object {$_.ExtensionProperty.employeeId -eq $id}) | Select-Object ObjectId , AccountEnabled

}  

Update

According to my test, if we directly pass $Termed to filter Azure AD user, it is wrong. It is an Object, it is like @{EmployeeID=666}. So we need to pass $Termed.EmployeeID to filter Azure AD User.