Functions/Get-SyncActiveDirectoryUsersScriptBlocks.ps1
<#
.SYNOPSIS This function returns the script blocks used to sync Active Directory users. #> function Get-SyncActiveDirectoryUsersScriptBlocks { [CmdletBinding(PositionalBinding=$false)] [OutputType([PSCustomObject])] param () # Return the script blocks return [PSCustomObject]@{ # The script block used to create an Active Directory user CreateEntity = { # Create a hash table for the cmdlet parameters $newADUserParams = @{} # Add the properties which are defined in the expected user $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList foreach ($property in $activeDirectoryUserProperties) { if (![String]::IsNullOrWhiteSpace($entity.Expected.$property)) { $newADUserParams.Add($property, $entity.Expected.$property) } } # Create the user $newUser = New-ADUser @newADUserParams -PassThru -ErrorVariable errorVariable if (!$newUser) { throw "Failed to create Active Directory user.`r`n$($errorVariable)" } # Created the user "success" } # The script block used to compare two Active Directory users for equality CompareEntities = { # The 'None' output stream is selected to suppress the difference messages # Only the the true/false result of the compare is required here return Compare-ActiveDirectoryUsers -ReferenceUser $entity.Expected -ComparisonUser $entity.Current -OutputStream "None" } # The script block used to update a current user's properties to match the expected user UpdateEntity = { # Create a hash table for the cmdlet parameters $setADUserParams = @{ Identity = $entity.Current.ObjectGUID } # Add the properties which are defined in the expected user and are different from the current user $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList foreach ($property in $activeDirectoryUserProperties) { if (![String]::IsNullOrWhiteSpace($entity.Expected.$property) -and $entity.Expected.$property -ne $entity.Current.$property) { Write-Information "The property '$($property)' will be updated on the current user from '$($entity.Current.$property)' to '$($entity.Expected.$property)'." $setADUserParams.Add($property, $entity.Expected.$property) } } # Update the user $updatedUser = Set-ADUser @setADUserParams -PassThru -ErrorVariable errorVariable if (!$updatedUser) { throw "Failed to update Active Directory user.`r`n$($errorVariable)" } # Updated the user "success" } # The script block used to delete a current user DeleteEntity = { Remove-ADUser -Identity $entity.Current.ObjectGUID -Confirm:$false # Deleted the user "success" } } } |