$countries = Import-CSV "$PSScriptRoot\ISO3166.csv" -Delimiter ";" -Encoding UTF8 $users = Get-ADUser -LDAPFilter "(|(|(!(countryCode=0))(c=*))(co=*))" -Properties c,co,countryCode foreach ($user in $users) { $c_valid = $false $cc_valid = $false if ($null -ne $user.c) { $c_country = $countries.Where({$_.Code -eq $user.c}) if ($c_country.Count -gt 0) { $c_valid = $true } } if (0 -ne $user.countryCode) { $cc_country = $countries.Where({$_.Numeric -eq $user.countryCode}) if ($cc_country.Count -gt 0) { $cc_valid = $true } } if ($c_valid -and $cc_valid) { $country = $countries.Where({($_.Numeric -eq $user.countryCode) -and ($_.Code -eq $user.c)}) if ($country.Count -gt 0) { Set-ADUser -Identity $user.DistinguishedName -Replace @{co=$country.Name} } else { Write-Warning ("User {0}: c ({1}) and countryCode ({2}) are both set to valid values but belong to different countries!" -f $user.SamAccountName,$user.c,$user.countryCode) } } elseif ($c_valid) { # cc is invalid Set-ADUser -Identity $user.DistinguishedName -Replace @{countryCode=$c_country.Numeric;co=$c_country.Name} } elseif ($cc_valid) { # c is invalid Set-ADUser -Identity $user.DistinguishedName -Replace @{c=$cc_country.Code;co=$cc_country.Name} } else { # both c and cc are invalid, clearing all attributes... Set-ADUser -Identity $user.DistinguishedName -Replace @{countryCode=0} -Clear @("c","co") } }