Functions/Get-SyncActiveDirectoryUsersScriptBlocks.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<#
.SYNOPSIS
    This function returns the script blocks used to sync Active Directory users.
#>

function Get-SyncActiveDirectoryUsersScriptBlocks {
    [CmdletBinding(PositionalBinding=$false)]
    [OutputType([PSCustomObject])]
    param ()

    # Return the script blocks
    return [PSCustomObject]@{
        # The script block used to create an Active Directory user
        CreateEntity = {
            # Create a hash table for the cmdlet parameters
            $newADUserParams = @{}

            # Add the properties which are defined in the expected user
            $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList
            foreach ($property in $activeDirectoryUserProperties) {
                if (![String]::IsNullOrWhiteSpace($entity.Expected.$property)) {
                    $newADUserParams.Add($property, $entity.Expected.$property)
                }
            }

            # Create the user
            $newUser = New-ADUser @newADUserParams -PassThru -ErrorVariable errorVariable
            if (!$newUser) {
                throw "Failed to create Active Directory user.`r`n$($errorVariable)"
            }

            # Created the user
            "success"
        }

        # The script block used to compare two Active Directory users for equality
        CompareEntities = {
            # The 'None' output stream is selected to suppress the difference messages
            # Only the the true/false result of the compare is required here
            return Compare-ActiveDirectoryUsers -ReferenceUser $entity.Expected -ComparisonUser $entity.Current -OutputStream "None"
        }

        # The script block used to update a current user's properties to match the expected user
        UpdateEntity = {
            # Create a hash table for the cmdlet parameters
            $setADUserParams = @{
                Identity = $entity.Current.ObjectGUID
            }

            # Add the properties which are defined in the expected user and are different from the current user
            $activeDirectoryUserProperties = Get-ActiveDirectoryUserPropertyList
            foreach ($property in $activeDirectoryUserProperties) {
                if (![String]::IsNullOrWhiteSpace($entity.Expected.$property) -and $entity.Expected.$property -ne $entity.Current.$property) {
                    Write-Information "The property '$($property)' will be updated on the current user from '$($entity.Current.$property)' to '$($entity.Expected.$property)'."
                    $setADUserParams.Add($property, $entity.Expected.$property)
                }
            }

            # Update the user
            $updatedUser = Set-ADUser @setADUserParams -PassThru -ErrorVariable errorVariable
            if (!$updatedUser) {
                throw "Failed to update Active Directory user.`r`n$($errorVariable)"
            }

            # Updated the user
            "success"
        }

        # The script block used to delete a current user
        DeleteEntity = {
            Remove-ADUser -Identity $entity.Current.ObjectGUID -Confirm:$false

            # Deleted the user
            "success"
        }
    }
}