Public/Push-ADUsersToBB.ps1
|
Function Push-ADUsersToBB { <# .SYNOPSIS Get user information from ActiveDirectory with the information needed in GoBright BrightBooking and process it directly in GoBright BrightBooking .DESCRIPTION Get user information via the Get-ADUser command, retreiving the information needed for GoBright BrightBooking. (Requiring RSAT tools: Remote Server Administration Tools) .PARAMETER Filter A filter used to pass to Get-ADUser, if you don't need a filter, then use: '*' Example: 'samAccountName -like "admin*"' More information: https://technet.microsoft.com/en-us/library/hh531527(v=ws.10).aspx .PARAMETER SearchBase A SearchBase used to pass to Get-ADUser, specifies an Active Directory path to search under. Example: "OU=Office,DC=Company,DC=com" More information: https://technet.microsoft.com/library/hh852208.aspx .PARAMETER Server Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. More information: https://technet.microsoft.com/library/hh852208.aspx .PARAMETER ADUserPincodePropertyName Optional ActiveDirectory User Property which contains the pincode .PARAMETER ADUserNamePropertyName Optional ActiveDirectory User Property which contains the name of the user, in case you do not want to use the default property .PARAMETER ADSpecificUsername Optional way to get a specific username from ActiveDirectory which should be used to authenticate the users when he logs in into GoBright BrightBooking (app/portal). You can choose which username should be used, DOMAIN\UserName or the UserPrincipalName (UPN) .PARAMETER ADUserMobilePropertyName Optional User Property which contains the mobile phone number .PARAMETER ADUserNFCIdPropertyName Optional User Property which contains the NFC Identifier, note that this must be in hex format, example: XX:XX:XX .PARAMETER ADUserDefaultCostCenterIdOrNamePropertyName Optional User Property which contains the Default Cost Center for the user, which can be the Name or the Id, both the name or id can be found in the GoBright portal .PARAMETER BrightBookingApiUrl Address of the GoBright BrightBooking API, e.g.: https://t1b.gobright.cloud/ (please get this from the 'General Settings' page of the portal) .PARAMETER BrightBookingApiKey API key of the user to use to process the import .PARAMETER BrightBookingIntegrationName Name of the integration to link the users to .PARAMETER UserRoleNameForNewUsers Name of the GoBright userrole to link new users to .PARAMETER UserDefaultRoleName Optional default name of role the role the user should get (will be assigned to every user, except for the matches found in 'GroupUserRoleMapping') .PARAMETER GroupUserRoleMapping Optional map of ADGroupNames (by their distinguishedName) and the corresponding role name that should be assigned. First match will be taken, and will override a potential given 'UserDefaultRoleName' Examplestructure to supply in this parameter: $groupToRoleMapping = @() $groupToRoleMapping += @{ADDistinguishedName = "OU=GoBrightBookingManagers,OU=Groups,DC=company,DC=com"; RoleName = "Bookingmanagers"} $groupToRoleMapping += @{ADDistinguishedName = ""; RoleName = "Standard user role"; MatchType = "AddForEveryUser"} # NOTE: Here a special case, by setting MatchType = "AddForEveryUser", every user will be assigned to this "Standard user role" .PARAMETER DeactivateExistingUsersInSameIntegrationThatAreNotLoaded Deactivate users that exist in the platform in the same integration but are not loaded anymore from AD (e.g. because they are not anymore in the group you filter on) .PARAMETER WhatIf Use the WhatIf switch to print out the retreived users, without processing them to the API. This is usefull for testing purposes .EXAMPLE Push-ADUsersToBB -Filter * -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365" # Get all users in the Active Directory and let GoBright process it directly .EXAMPLE Push-ADUsersToBB -Filter * -SearchBase "OU=Office,DC=Company,DC=com" -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365" # Get the users in the Active Directory, which are member of the given group and let GoBright process it directly .EXAMPLE Push-ADUsersToBB -Filter { memberOf -RecursiveMatch "CN=Administrators,DC=Company,DC=com" } -SearchBase "OU=Office,DC=Company,DC=com" -ADUserPincodePropertyName PersonnelNumber -BrightBookingApiUrl "https://t1b.gobright.cloud/" -BrightBookingApiKey "[your api key]" -BrightBookingIntegrationName "Office 365" # Get the users in the Active Directory, which in the specified SearchBase path, and use the custom property 'PersonnelNumber' as pincode and let GoBright BrightBooking process it directly .LINK https://support.gobright.com/ .LINK https://technet.microsoft.com/library/hh852208.aspx .LINK Get-ADUsersForBB .LINK Convert-ADUsersToBBUserExport .LINK Export-ADUsersForBB #> [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Low')] Param( [Parameter(Mandatory = $True)] [string]$Filter, [Parameter(Mandatory = $False)] [string]$SearchBase, [Parameter(Mandatory = $False)] [string]$Server, [Parameter(Mandatory = $False)] [string]$ADUserPincodePropertyName, [Parameter(Mandatory = $False)] [string]$ADUserNamePropertyName, [Parameter(Mandatory = $False)] [string]$ADUserMobilePropertyName = "Mobile", [Parameter(Mandatory = $False)] [string]$ADUserNFCIdPropertyName, [Parameter(Mandatory = $False)] [string]$ADUserDefaultCostCenterIdOrNamePropertyName, [Parameter(Mandatory = $False)] [ValidateSet("None", "UserPrincipalName", "DomainPlusUsername")] [string]$ADSpecificUsername = "None", [Parameter(Mandatory = $True)] [string]$BrightBookingApiUrl, [Parameter(Mandatory = $True)] [string]$BrightBookingApiKey, [Parameter(Mandatory = $True)] [string]$BrightBookingIntegrationName, [Parameter(Mandatory = $False)] [string]$UserRoleNameForNewUsers, [Parameter(Mandatory = $False)] [string]$UserDefaultRoleName, [Parameter(Mandatory = $False)] [System.Object[]]$GroupUserRoleMapping, [switch]$DeactivateExistingUsersInSameIntegrationThatAreNotLoaded ) Begin { If (-not $PSBoundParameters.ContainsKey('Confirm')) { $ConfirmPreference = $PSCmdlet.SessionState.PSVariable.GetValue('ConfirmPreference') } If (-not $PSBoundParameters.ContainsKey('WhatIf')) { $WhatIfPreference = $PSCmdlet.SessionState.PSVariable.GetValue('WhatIfPreference') } } Process { $ConvertUsersParams = @{ ADSpecificUsername = $ADSpecificUsername } $ADUsersParams = @{ Filter = $Filter } If ($SearchBase) { $ADUsersParams.SearchBase = $SearchBase } If ($Server) { $ADUsersParams.Server = $Server } If ($ADUserPincodePropertyName) { $ADUsersParams.ADUserPincodePropertyName = $ADUserPincodePropertyName $ConvertUsersParams.ADUserPincodePropertyName = $ADUserPincodePropertyName } If ($ADUserNamePropertyName) { $ADUsersParams.ADUserNamePropertyName = $ADUserNamePropertyName $ConvertUsersParams.ADUserNamePropertyName = $ADUserNamePropertyName } If ($ADUserMobilePropertyName) { $ADUsersParams.ADUserMobilePropertyName = $ADUserMobilePropertyName $ConvertUsersParams.ADUserMobilePropertyName = $ADUserMobilePropertyName } If ($ADUserNFCIdPropertyName) { $ADUsersParams.ADUserNFCIdPropertyName = $ADUserNFCIdPropertyName $ConvertUsersParams.ADUserNFCIdPropertyName = $ADUserNFCIdPropertyName } If ($ADUserDefaultCostCenterIdOrNamePropertyName) { $ADUsersParams.ADUserDefaultCostCenterIdOrNamePropertyName = $ADUserDefaultCostCenterIdOrNamePropertyName $ConvertUsersParams.ADUserDefaultCostCenterIdOrNamePropertyName = $ADUserDefaultCostCenterIdOrNamePropertyName } If ($UserDefaultRoleName) { $ConvertUsersParams.UserDefaultRoleName = $UserDefaultRoleName } If ($GroupUserRoleMapping) { $ConvertUsersParams.GroupUserRoleMapping = $GroupUserRoleMapping } $convertedUsers = Get-ADUsersForBB @ADUsersParams | Convert-ADUsersToBBUserExport @ConvertUsersParams $syncIncludesUserPincode = $false If ($ADUserPincodePropertyName) { $syncIncludesUserPincode = $true } $syncIncludesUserNFCId = $false If ($ADUserNFCIdPropertyName) { $syncIncludesUserNFCId = $true } # ShouldProcess intercepts WhatIf* --> no need to pass it on If ($PSCmdlet.ShouldProcess("ShouldProcess?")) { If ($DeactivateExistingUsersInSameIntegrationThatAreNotLoaded) { Send-ADUsersToBB -pipelineConvertedADUsers $convertedUsers -BrightBookingApiUrl $BrightBookingApiUrl -BrightBookingApiKey $BrightBookingApiKey -BrightBookingIntegrationName $BrightBookingIntegrationName -UserRoleNameForNewUsers $UserRoleNameForNewUsers -SyncIncludesUserPincode $syncIncludesUserPincode -SyncIncludesUserNFCId $syncIncludesUserNFCId -DeactivateExistingUsersInSameIntegrationThatAreNotLoaded } Else { Send-ADUsersToBB -pipelineConvertedADUsers $convertedUsers -BrightBookingApiUrl $BrightBookingApiUrl -BrightBookingApiKey $BrightBookingApiKey -BrightBookingIntegrationName $BrightBookingIntegrationName -UserRoleNameForNewUsers $UserRoleNameForNewUsers -SyncIncludesUserPincode $syncIncludesUserPincode -SyncIncludesUserNFCId $syncIncludesUserNFCId } } Else { $countConvertedUsers = $convertedUsers | Measure-Object | Select-Object -ExpandProperty Count; Write-Output "============ Test mode ============" Write-Output "When run in normal mode, it would now process the following $countConvertedUsers users to the API." Write-Output "If you want to run it for real, you should run without the WhatIf parameter." If ($syncIncludesUserNFCId) { Write-Output "Sync will process NFC ids" } Return $convertedUsers } } } |