Assigning Unique Employee IDs in Active Directory for AD Linked Synchronization

When preparing your Active Directory (AD) for integration with your Human Resource Management System (HRMS) using AD Linked, it’s crucial to ensure that each user in AD has a unique identifier, such as an Employee ID. This one-time setup is essential for AD Linked to function properly, allowing it to accurately match users and perform automated updates based on HR data.

In this post, we’ll explore two ways to assign Employee IDs to users in Active Directory:

  1. PowerShell script that assigns Employee IDs from an HR system export (CSV file).
  2. AD Linked, which can automate the assignment process using the same CSV file before syncing HR data.

Why Assign Employee IDs?

Employee IDs serve as a unique and reliable key to match users between your HRMS and Active Directory. Without a unique key like Employee ID, syncing HR data to AD can lead to errors or mismatches. Assigning these IDs is a vital step to ensure accurate, seamless updates when AD Linked starts syncing data between systems.

Solution 1: Using PowerShell to Assign Employee IDs in Active Directory

Before running AD Linked, you can use PowerShell to assign Employee IDs based on data exported from your HR system. This is a one-time setup to ensure every user in AD has a unique Employee ID.

Step 1: Export Employee Data from HR System

Export the employee data from your HR system into a CSV file. The file should include:

  • Employee ID (from the HR system)
  • FirstName
  • LastName
  • Other fields, such as Email, that will help identify users in AD (since HR systems typically don’t have the SamAccountName).

Example CSV format: 

Email,EmployeeID,FirstName,LastName
[email protected],12345,John,Doe
[email protected],67890,Jane,Smith
In this example, the Email field will be used to identify users in AD, and the Employee ID will be assigned to them.

Step 2: Write the PowerShell Script

This PowerShell script will read the CSV file, search for users in AD by their email address, and assign the corresponding Employee ID.

# Import the Active Directory module
Import-Module ActiveDirectory

# Path to the CSV file
$csvFile = "C:\path\to\employee_data.csv"

# Import the CSV file
$employees = Import-Csv -Path $csvFile

# Loop through each employee record
foreach ($employee in $employees) {
    # Find the user in AD by Email
    $adUser = Get-ADUser -Filter {EmailAddress -eq $employee.Email}

    # If the user exists in AD, assign the EmployeeID
    if ($adUser) {
        Set-ADUser -Identity $adUser -EmployeeID $employee.EmployeeID
        Write-Host "Assigned EmployeeID $($employee.EmployeeID) to $($employee.Email)"
    }
    else {
        Write-Host "User with Email $($employee.Email) not found in AD."
    }
}

This script does the following:

Matches users in AD by their Email.
Assigns the corresponding EmployeeID from the HR system to each user in AD.

Step 3: Run the Script

Run the script with administrative permissions. Once it completes, every user in AD will have an Employee ID assigned, ensuring that AD Linked can later match users correctly during the sync process.

Solution 2: Using AD Linked to Assign Employee IDs

Before syncing HR data with AD, AD Linked can also be used to assign Employee IDs from the same CSV file as part of your one-time AD preparation.

Here’s how you can configure AD Linked to automate this process:

  1. Upload the CSV File: Export the employee data from your HR system into a CSV file that contains a unique field, such as **Email**, to identify existing users in AD.
  2. Set the Unique Identifier: Configure AD Linked to use **Email** or another unique field from the HRMS as the matching key for users in AD.
  3. Assign Employee IDs: AD Linked will automatically match users in AD by the chosen unique key (e.g., **Email**) and assign their corresponding **Employee ID** to the AD attribute. This is a one-time process, preparing AD for future syncing.
  4. Verify the Assignment: After AD Linked assigns the Employee IDs, you can verify that each user in AD now has a unique Employee ID, ensuring a smooth synchronization when you start syncing HR data with AD Linked.

Conclusion: PowerShell vs AD Linked for One-Time Employee ID Assignment

Assigning Employee IDs is an essential step in preparing Active Directory for integration with AD Linked. Whether you use a PowerShell script or AD Linked to automate the process, the goal is to ensure every user in AD has a unique Employee ID before syncing HR data.

  • PowerShell: Ideal for manually assigning Employee IDs based on a CSV export, especially if you need flexibility in matching fields.
  • AD Linked: Streamlines the Employee ID assignment process, handling it automatically based on the exported HR data file.

Once Employee IDs are assigned, your Active Directory will be ready for AD Linked to perform ongoing synchronization between your HR system and AD.

With AD Linked and Adaxes working together, your HRMS truly becomes the Single Source of Truth (SSOT) for both HR and IT, providing a seamless, secure, and efficient user management process.