Set-LdapUser.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
Function Set-LdapUser
{
    <#
    .SYNOPSIS
        Set attributes on an LDAP user.
 
    .DESCRIPTION
        Uses the System.DirectoryServices Assembly to Set attributes on an LDAP user object in a Non-Microsoft LDAP directory.
 
    .PARAMETER DistinguishedName
        The distinguished name that will have attributes edited.
        Value can be piped from Get-LdapUser
 
    .PARAMETER Server
        DNS name or IP address to connect to.
 
    .PARAMETER Credential
        PSCredential object to bind to LDAP with.
 
    .PARAMETER SecureSocketLayer
        Forces LDAPS connection
 
    .PARAMETER TimeOut
        LDAP timeout in seconds.
        Default value 10000 seconds (166 minutes)
 
    .EXAMPLE
        Set-LdapUser -DistinguishedName "cn=Glen,ou=OU,o=Organisation" -DisabledFlag "1" -logindisabled "TRUE" -Credential $Credential -Server 10.1.1.1
        Sets the disabled flag to 1 and logindisabled setting to TRUE for LDAP user Glen
     
    .OUTPUT
        LDAP return codes from LDAP server
 
    .NOTES
        Author : Glen Buktenica
        Version : 1.0.0.0 20160704 Initial Build
    #>
 
    [CmdletBinding()]
    [OutputType([psobject])]
    Param
    (
        [Parameter(Position=0, 
            Mandatory=$true, 
            ValueFromPipeline=$true, 
            ValueFromPipelineByPropertyName=$true)] 
            [string] $DistinguishedName,
        [Parameter(Mandatory=$true, 
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true)] 
            [ValidateNotNullOrEmpty()] 
            [string] $Server,
        [Parameter(Mandatory=$true, 
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true)] 
            [System.Management.Automation.CredentialAttribute()]
            $Credential,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true)] 
            [switch] $SecureSocketLayer,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true)] 
            [string] $TimeOut = "10000",
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $Fullname,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $GivenName,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $sn,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $initials,
            [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $logindisabled,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $telephonenumber,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $workforceid,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $managerworkforceid,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $sapposition,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $cn,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $saproles,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $ismanager,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $preferredname,
            [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $sapdateofbirth,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $mail,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $disabledflag,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $title,
        [Parameter(Mandatory=$false, 
            ValueFromPipeline=$false)]
            [string] $userPassword
    )
    BEGIN 
    {
        Write-Verbose 'Start Set-LdapUser'
        Write-Verbose "Loading required assemblies"
        Add-Type -AssemblyName System.DirectoryServices.Protocols -ErrorAction Stop
        Add-Type -AssemblyName System.Net -ErrorAction Stop
        $Scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree 
        $attrlist = ,"*"
        Write-Verbose "Connecting to Server:"
        Write-Verbose $Server
        Connect-LdapServer -Server $Server -Credential $Credential -ErrorAction Stop
    }
    PROCESS 
    {
        #Get all non manadatory parameters that have a value
        $MandatoryParameters = @("DistinguishedName","Server","Credential","TimeOut")
        $Keys = (Get-Command -Name $MyInvocation.InvocationName).Parameters.keys
        Write-Output $DistinguishedName
        foreach ($Key in $Keys)
        {
            
            $Variable = Get-Variable -Name $key -ErrorAction SilentlyContinue
            if($Variable.value -and $MandatoryParameters -notcontains $Variable.name)
            {
                Write-Verbose $Variable.name 
                Write-Verbose $Variable.value
                $ModifyRequest = New-Object "System.DirectoryServices.Protocols.ModifyRequest"
                $ModifyRequest.DistinguishedName = $DistinguishedName
                $AttributeModification = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"
                $AttributeModification.Name = $Variable.name
                $AttributeModification.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Replace
                $AttributeModification.Add($Variable.value) | Out-Null
                $ModifyRequest.Modifications.Add($AttributeModification) | Out-Null
                $Result = $global:LdapConnection.SendRequest($ModifyRequest)   
                Write-Output $Result.ResultCode           
            }
        }     
    }
    END 
    {
        Connect-LdapServer -Disconnect
        Write-Verbose 'End Set-LdapUser'
    }
}
Export-ModuleMember -function Set-LdapUser