Public/Push-ADUsersToBB.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
Function Push-ADUsersToBB {
    <#
    .SYNOPSIS
        Get user information from ActiveDirectory with the information needed in GoBright BrightBooking and process it directly in GoBright BrightBooking
    .DESCRIPTION
        Get user information via the Get-ADUser command, retreiving the information needed for GoBright BrightBooking. (Requiring RSAT tools: Remote Server Administration Tools)
    .PARAMETER Filter
        A filter used to pass to Get-ADUser, if you don't need a filter, then use: '*'
        Example: 'samAccountName -like "admin*"'
        More information: https://technet.microsoft.com/en-us/library/hh531527(v=ws.10).aspx
    .PARAMETER SearchBase
        A SearchBase used to pass to Get-ADUser, specifies an Active Directory path to search under.
        Example: "OU=Office,DC=Company,DC=com"
        More information: https://technet.microsoft.com/library/hh852208.aspx
    .PARAMETER Server
        Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
        More information: https://technet.microsoft.com/library/hh852208.aspx
    .PARAMETER ADUserPincodePropertyName
        Optional ActiveDirectory User Property which contains the pincode
    .PARAMETER ADUserNamePropertyName
        Optional ActiveDirectory User Property which contains the name of the user, in case you do not want to use the default property
    .PARAMETER ADSpecificUsername
        Optional way to get a specific username from ActiveDirectory which should be used to authenticate the users when he logs in into GoBright BrightBooking (app/portal). You can choose which username should be used, DOMAIN\UserName or the UserPrincipalName (UPN)
    .PARAMETER BrightBookingApiUrl
        Address of the GoBright BrightBooking API, e.g.: https://t1b.gobright.cloud/ (please get this from the 'General Settings' page of the portal)
    .PARAMETER BrightBookingApiKey
        API key of the user to use to process the import
    .PARAMETER BrightBookingIntegrationName
        Name of the integration to link the users to
    .PARAMETER UserRoleNameForNewUsers
        Name of the GoBright userrole to link new users to
    .PARAMETER UserDefaultRoleName
        Optional default name of role the role the user should get (will be assigned to every user, except for the matches found in 'GroupUserRoleMapping')
    .PARAMETER GroupUserRoleMapping
        Optional map of ADGroupNames (by their distinguishedName) and the corresponding role name that should be assigned. First match will be taken, and will override a potential given 'UserDefaultRoleName'
        Examplestructure to supply in this parameter:
        $groupToRoleMapping = @()
        $groupToRoleMapping += @{ADDistinguishedName = "OU=GoBrightBookingManagers,OU=Groups,DC=company,DC=com"; RoleName = "Bookingmanagers"}
        $groupToRoleMapping += @{ADDistinguishedName = ""; RoleName = "Standard user role"; MatchType = "AddForEveryUser"} # NOTE: Here a special case, by setting MatchType = "AddForEveryUser", every user will be assigned to this "Standard user role"
    .PARAMETER DeactivateExistingUsersInSameIntegrationThatAreNotLoaded
        Deactivate users that exist in the platform in the same integration but are not loaded anymore from AD (e.g. because they are not anymore in the group you filter on)
    .PARAMETER WhatIf
        Use the WhatIf switch to print out the retreived users, without processing them to the API. This is usefull for testing purposes
    .EXAMPLE
        Push-ADUsersToBB -Filter * -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365"
        # Get all users in the Active Directory and let GoBright process it directly
    .EXAMPLE
        Push-ADUsersToBB -Filter * -SearchBase "OU=Office,DC=Company,DC=com" -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365"
        # Get the users in the Active Directory, which are member of the given group and let GoBright process it directly
    .EXAMPLE
        Push-ADUsersToBB -Filter { memberOf -RecursiveMatch "CN=Administrators,DC=Company,DC=com" } -SearchBase "OU=Office,DC=Company,DC=com" -ADUserPincodePropertyName PersonnelNumber -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365"
        # Get the users in the Active Directory, which in the specified SearchBase path, and use the custom property 'PersonnelNumber' as pincode and let GoBright BrightBooking process it directly
    .LINK
        https://support.gobright.com/
    .LINK
        https://technet.microsoft.com/library/hh852208.aspx
    .LINK
        Get-ADUsersForBB
    .LINK
        Convert-ADUsersToBBUserExport
    .LINK
        Export-ADUsersForBB
    #>


    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Low')]
    Param(
        [Parameter(Mandatory = $True)]
        [string]$Filter,
   
        [Parameter(Mandatory = $False)]
        [string]$SearchBase,
      
        [Parameter(Mandatory = $False)]
        [string]$Server,

        [Parameter(Mandatory = $False)]
        [string]$ADUserPincodePropertyName,

        [Parameter(Mandatory = $False)]
        [string]$ADUserNamePropertyName,
       
        [Parameter(Mandatory = $False)]
        [string]$ADUserMobilePropertyName = "Mobile",
       
        [Parameter(Mandatory = $False)]
        [string]$ADUserNFCIdPropertyName,
       
        [Parameter(Mandatory = $False)]
        [ValidateSet("None", "UserPrincipalName", "DomainPlusUsername")]
        [string]$ADSpecificUsername = "None",

        [Parameter(Mandatory = $True)]
        [string]$BrightBookingApiUrl,

        [Parameter(Mandatory = $True)]
        [string]$BrightBookingApiKey,

        [Parameter(Mandatory = $True)]
        [string]$BrightBookingIntegrationName,
       
        [Parameter(Mandatory = $False)]
        [string]$UserRoleNameForNewUsers,
       
        [Parameter(Mandatory = $False)]
        [string]$UserDefaultRoleName,

        [Parameter(Mandatory = $False)]
        [System.Object[]]$GroupUserRoleMapping,
       
        [switch]$DeactivateExistingUsersInSameIntegrationThatAreNotLoaded
    )
    
    Begin {
        If (-not $PSBoundParameters.ContainsKey('Confirm')) {
            $ConfirmPreference = $PSCmdlet.SessionState.PSVariable.GetValue('ConfirmPreference')
        }
        If (-not $PSBoundParameters.ContainsKey('WhatIf')) {
            $WhatIfPreference = $PSCmdlet.SessionState.PSVariable.GetValue('WhatIfPreference')
        }
    }

    Process {
        $ConvertUsersParams = @{
            ADSpecificUsername = $ADSpecificUsername
        }
        
        $ADUsersParams = @{
            Filter = $Filter
        }
        If ($SearchBase) {
            $ADUsersParams.SearchBase = $SearchBase
        }
        If ($Server) {    
            $ADUsersParams.Server = $Server
        }
        If ($ADUserPincodePropertyName) {
            $ADUsersParams.ADUserPincodePropertyName = $ADUserPincodePropertyName
            $ConvertUsersParams.ADUserPincodePropertyName = $ADUserPincodePropertyName
        }
        If ($ADUserNamePropertyName) {
            $ADUsersParams.ADUserNamePropertyName = $ADUserNamePropertyName
            $ConvertUsersParams.ADUserNamePropertyName = $ADUserNamePropertyName
        }
        If ($ADUserMobilePropertyName) {
            $ADUsersParams.ADUserMobilePropertyName = $ADUserMobilePropertyName
            $ConvertUsersParams.ADUserMobilePropertyName = $ADUserMobilePropertyName
        }
        If ($ADUserNFCIdPropertyName) {
            $ADUsersParams.ADUserNFCIdPropertyName = $ADUserNFCIdPropertyName
            $ConvertUsersParams.ADUserNFCIdPropertyName = $ADUserNFCIdPropertyName
        }
        If ($UserDefaultRoleName) {
            $ConvertUsersParams.UserDefaultRoleName = $UserDefaultRoleName
        }
        If ($GroupUserRoleMapping) {
            $ConvertUsersParams.GroupUserRoleMapping = $GroupUserRoleMapping
        }
        
        $convertedUsers = Get-ADUsersForBB @ADUsersParams | Convert-ADUsersToBBUserExport @ConvertUsersParams
        
        $syncIncludesUserPincode = $false
        If ($ADUserPincodePropertyName) {
            $syncIncludesUserPincode = $true
        }
        
        $syncIncludesUserNFCId = $false
        If ($ADUserNFCIdPropertyName) {
            $syncIncludesUserNFCId = $true
        }
        
        # ShouldProcess intercepts WhatIf* --> no need to pass it on
        If ($PSCmdlet.ShouldProcess("ShouldProcess?")) {
            If ($DeactivateExistingUsersInSameIntegrationThatAreNotLoaded) {
                Send-ADUsersToBB -pipelineConvertedADUsers $convertedUsers -BrightBookingApiUrl $BrightBookingApiUrl -BrightBookingApiKey $BrightBookingApiKey -BrightBookingIntegrationName $BrightBookingIntegrationName -UserRoleNameForNewUsers $UserRoleNameForNewUsers -SyncIncludesUserPincode $syncIncludesUserPincode -SyncIncludesUserNFCId $syncIncludesUserNFCId -DeactivateExistingUsersInSameIntegrationThatAreNotLoaded
            }
            Else {
                Send-ADUsersToBB -pipelineConvertedADUsers $convertedUsers -BrightBookingApiUrl $BrightBookingApiUrl -BrightBookingApiKey $BrightBookingApiKey -BrightBookingIntegrationName $BrightBookingIntegrationName -UserRoleNameForNewUsers $UserRoleNameForNewUsers -SyncIncludesUserPincode $syncIncludesUserPincode -SyncIncludesUserNFCId $syncIncludesUserNFCId
            }
        }
        Else {
            $countConvertedUsers = $convertedUsers | Measure-Object | Select-Object -ExpandProperty Count;
            
            Write-Output "============ Test mode ============"
            Write-Output "When run in normal mode, it would now process the following $countConvertedUsers users to the API."
            Write-Output "If you want to run it for real, you should run without the WhatIf parameter."
            If ($syncIncludesUserNFCId) {
                Write-Output "Sync will process NFC ids"
            }
            Return $convertedUsers                   
        }
    }
}