BitTitan.Runbooks.Sync.Beta

0.1.7

Functions/Get-SyncActiveDirectoryUsersScriptBlocks.ps1

                                <#

.SYNOPSIS

    This function returns the script blocks used to sync Active Directory users.

#>

function Get-SyncActiveDirectoryUsersScriptBlocks {

    [CmdletBinding(PositionalBinding=$false)]

    [OutputType([PSCustomObject])]

    param ()

    # Return the script blocks

    return [PSCustomObject]@{

        # The script block used to create an Active Directory user

        CreateEntity = {

            # Create a hash table for the cmdlet parameters

            $newADUserParams = @{}

            # Add the properties which are defined in the expected user

            $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList

            foreach ($property in $activeDirectoryUserProperties) {

                if (![String]::IsNullOrWhiteSpace($entity.Expected.$property)) {

                    $newADUserParams.Add($property, $entity.Expected.$property)

                }

            }

            # Create the user

            $newUser = New-ADUser @newADUserParams -PassThru -ErrorVariable errorVariable

            if (!$newUser) {

                throw "Failed to create Active Directory user.`r`n$($errorVariable)"

            }

            # Created the user

            "success"

        }

        # The script block used to compare two Active Directory users for equality

        CompareEntities = {

            # The 'None' output stream is selected to suppress the difference messages

            # Only the the true/false result of the compare is required here

            return Compare-ActiveDirectoryUsers -ReferenceUser $entity.Expected -ComparisonUser $entity.Current -OutputStream "None"

        }

        # The script block used to update a current user's properties to match the expected user

        UpdateEntity = {

            # Create a hash table for the cmdlet parameters

            $setADUserParams = @{

                Identity = $entity.Current.ObjectGUID

            }

            # Add the properties which are defined in the expected user and are different from the current user

            $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList

            foreach ($property in $activeDirectoryUserProperties) {

                if (![String]::IsNullOrWhiteSpace($entity.Expected.$property) -and $entity.Expected.$property -ne $entity.Current.$property) {

                    Write-Information "The property '$($property)' will be updated on the current user from '$($entity.Current.$property)' to '$($entity.Expected.$property)'."

                    $setADUserParams.Add($property, $entity.Expected.$property)

                }

            }

            # Update the user

            $updatedUser = Set-ADUser @setADUserParams -PassThru -ErrorVariable errorVariable

            if (!$updatedUser) {

                throw "Failed to update Active Directory user.`r`n$($errorVariable)"

            }

            # Updated the user

            "success"

        }

        # The script block used to delete a current user

        DeleteEntity = {

            Remove-ADUser -Identity $entity.Current.ObjectGUID -Confirm:$false

            # Deleted the user

            "success"

        }

    }

}