Public/Convert-ADUsersToBBUserExport.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
Function Convert-ADUsersToBBUserExport {
    <#
    .SYNOPSIS
        Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking
    .DESCRIPTION
        Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking. Expecting the output of Get-ADUsersForBB
    .PARAMETER ADUserPincodePropertyName
        Optional ActiveDirectory User Property which contains the pincode
    .PARAMETER ADUserNamePropertyName
        Optional ActiveDirectory User Property which contains the name of the user, in case you do not want to use the default property
    .PARAMETER ADSpecificUsername
        Optional way to get a specific username from ActiveDirectory which should be used to authenticate the users when he logs in into GoBright BrightBooking (app/portal). You can choose which username should be used, DOMAIN\UserName or the UserPrincipalName (UPN)
    .PARAMETER UserDefaultRoleName
        Optional default name of role the role the user should get (will be assigned to every user, except for the matches find in 'GroupUserRoleMapping')
    .PARAMETER GroupUserRoleMapping
        Optional map of ADGroupNames (by their distinguishedName) and the corresponding role name that should be assigned. First match will be taken, and will override a potential given 'UserDefaultRoleName'
        Examplestructure to supply in this parameter:
        $groupToRoleMapping = @()
        $groupToRoleMapping += @{ADDistinguishedName = "OU=GoBrightBookingManagers,OU=Groups,DC=company,DC=com"; RoleName = "Bookingmanagers"}
        $groupToRoleMapping += @{ADDistinguishedName = ""; RoleName = "Standard user role"; MatchType = "AddForEveryUser"} # NOTE: Here a special case, by setting MatchType = "AddForEveryUser", every user will be assigned to this "Standard user role"
    .EXAMPLE
        Get-ADUsersForBB -Filter * | Convert-ADUsersToBBUserExport
        # Get all users in the Active Directory and convert the information to the needed format
    .EXAMPLE
        Get-ADUsersForBB -SearchBase "OU=Office,DC=Company,DC=com" -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName | Convert-ADUsersToBBUserExport -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName
        # Get the users in the Active Directory, which in the specified SearchBase path, and use the custom property 'PersonnelNumber' as pincode, and the custom property 'FullUserName' as username
    .LINK
        https://support.gobright.com/
    .LINK
        https://technet.microsoft.com/library/hh852208.aspx
    .LINK
        Get-ADUsersForBB
    .LINK
        Export-ADUsersToBB
    #>


    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $True, ValueFromPipeline = $True)]
        [System.Object[]]$pipelineADUsers,

        [Parameter(Mandatory = $False, Position = 1)]
        [string]$ADUserPincodePropertyName,
       
        [Parameter(Mandatory = $False, Position = 2)]
        [string]$ADUserNamePropertyName,
       
        [Parameter(Mandatory = $False)]
        [string]$ADUserMobilePropertyName = "Mobile",
       
        [Parameter(Mandatory = $False)]
        [string]$ADUserNFCIdPropertyName,

        [Parameter(Mandatory = $False, Position = 3)]
        [ValidateSet("None", "UserPrincipalName", "DomainPlusUsername")]
        [string]$ADSpecificUsername = "None",
       
        [Parameter(Mandatory = $False)]
        [string]$UserDefaultRoleName,

        [Parameter(Mandatory = $False)]
        [System.Object[]]$GroupUserRoleMapping
    )

    Begin {
        # Process the incoming ADUsers
        $outputUsers = @()
    }

    Process {
        $lastDCParts = ""
        $lastDomainNetbiosName = ""
        
        Foreach ($ADUser in $pipelineADUsers) {
            $userName = ""
            If ($ADUserNamePropertyName) {
                $userName = $ADUser.$ADUserNamePropertyName
            }
            Else {
                $userName = $ADUser.DisplayName
            }
                        
            $userMobile = ""
            If ($ADUserMobilePropertyName) {
                $userMobile = $ADUser.$ADUserMobilePropertyName
            }
            
            $userNFCId = ""
            If ($ADUserNFCIdPropertyName) {
                $userNFCId = $ADUser.$ADUserNFCIdPropertyName
            }

            $userEmailAddress = $ADUser.Mail
            
            $userEnabled = $false
            If ($ADUser.Enabled -And $userEmailAddress) {
                $userEnabled = $true
            }

            $userAuthenticationUsername = "";
            If ($ADSpecificUsername -eq "UserPrincipalName") {
                $userAuthenticationUsername = $ADUser.UserPrincipalName;    
            }
            ElseIf ($ADSpecificUsername -eq "DomainPlusUsername") {                
                $dcParts = (($ADUser.DistinguishedName.Split(",") | Where-Object { $_ -like "DC=*" }) -join ",")
                If ($dcParts -ne $lastDCParts) {
                    $lastDomainNetbiosName = (Get-ADDomain $dcParts).NetBIOSName
                    $lastDCParts = $dcParts
                }
                $userAuthenticationUsername = "$($lastDomainNetbiosName)\$($ADUser.SamAccountName)"
            }
            
            $userPincode = ""
            If ($ADUserPincodePropertyName) {
                $userPincode = $ADUser.$ADUserPincodePropertyName
            }
            
            $userMappedRoles = @()
            If ($GroupUserRoleMapping) {
                # lookup a groupname, we do this in the order of the supplied key/values
                Foreach ($mappingItem in $GroupUserRoleMapping)    {
                    $userMatches = $false

                    # check if there is a 'special' matchtype, and otherwise match the default way
                    If ($groupUserRoleMappingItem.MatchType -eq "AddForEveryUser") {
                        $userMatches = $true
                    }
                    Else {
                        If ($ADUser.MemberOf -contains $mappingItem.ADDistinguishedName) {
                            # checking the key, this is case-insensitive
                            $userMatches = $true
                        }
                    }

                    If ($userMatches) {
                        $propertiesHash = [ordered]@{
                            RoleName = $mappingItem.RoleName
                        }
                        $userMappedRoles += New-Object PSObject -Property $propertiesHash
                    }
                }
            }
            # if nothing matched, then add the default rolename
            If ($UserDefaultRoleName) {
                If ($userMappedRoles.Count -eq 0) {
                    $propertiesHash = [ordered]@{
                        RoleName = $UserDefaultRoleName
                    }
                    $userMappedRoles += New-Object PSObject -Property $propertiesHash
                }
            }


            $outputUserPropertiesHash = [ordered]@{
                EmailAddress           = $userEmailAddress
                Name                   = $userName
                TelephoneMobile        = $userMobile
                AuthenticationUsername = $userAuthenticationUsername
                Pincode                = $userPincode 
                Active                 = $userEnabled
                UniqueImportID         = $ADUser.ObjectGUID 
                UserMappedRoles        = $userMappedRoles
                NFCId                  = $userNFCId
            }

            $outputUser = New-Object PSObject -Property $outputUserPropertiesHash
            $outputUsers += $outputUser
        }
    }

    End {
        # Return the converted users
        Return $outputUsers
    }
}