functions/import-d365externaluser.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

<#
    .SYNOPSIS
        Import an user from an external Azure Active Directory (AAD)
         
    .DESCRIPTION
        Imports an user from an AAD that is NOT the same as the AAD tenant that the D365FO environment is running under
         
    .PARAMETER Id
        The internal Id that the user must be imported with
         
        The Id has to unique across the entire user base
         
    .PARAMETER Name
        The display name of the user inside the D365FO environment
         
    .PARAMETER Email
        The email address of the user that you want to import
         
        This is also the sign-in user name / e-mail address to gain access to the system
         
        If the external AAD tenant has multiple custom domain names, you have to use the domain that they have configured as default
         
    .PARAMETER Company
        Default company that should be configured for the user, for when they sign-in to the D365 environment
         
        Default value is "DAT"
         
    .PARAMETER Language
        Language that should be configured for the user, for when they sign-in to the D365 environment
         
        Default value is "en-US"
         
    .PARAMETER Enabled
        Should the imported user be enabled or not?
         
        Default value is 1, which equals true / yes
         
    .PARAMETER DatabaseServer
        The name of the database server
         
        If on-premises or classic SQL Server, use either short name og Fully Qualified Domain Name (FQDN)
         
        If Azure use the full address to the database server, e.g. server.database.windows.net
         
    .PARAMETER DatabaseName
        The name of the database
         
    .PARAMETER SqlUser
        The login name for the SQL Server instance
         
    .PARAMETER SqlPwd
        The password for the SQL Server user
         
    .EXAMPLE
        PS C:\> Import-D365ExternalUser -Id "John" -Name "John Doe" -Email "John@contoso.com"
         
        This will import an user from an external Azure Active Directory.
        The new user will get the system wide Id "John".
        The name of the new user will be "John Doe".
        The e-mail address / sign-in e-mail address will be registered as "John@contoso.com".
         
    .NOTES
        Tags: User, Users, Security, Configuration, Permission, AAD, Azure Active Directory
         
        Author: Anderson Joyle (@AndersonJoyle)
         
        Author: Mötz Jensen (@Splaxi)
#>


function Import-D365ExternalUser {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $Id,

        [Parameter(Mandatory = $true)]
        [string] $Name,

        [Parameter(Mandatory = $true)]
        [string] $Email,

        [Parameter(Mandatory = $false)]
        [int] $Enabled = 1,

        [Parameter(Mandatory = $false)]
        [string] $Company = "DAT",

        [Parameter(Mandatory = $false)]
        [string] $Language = "en-us",

        [Parameter(Mandatory = $false)]
        [string]$DatabaseServer = $Script:DatabaseServer,

        [Parameter(Mandatory = $false)]
        [string]$DatabaseName = $Script:DatabaseName,

        [Parameter(Mandatory = $false)]
        [string]$SqlUser = $Script:DatabaseUserName,

        [Parameter(Mandatory = $false)]
        [string]$SqlPwd = $Script:DatabaseUserPassword
    )

    begin {
        Invoke-TimeSignal -Start

        $UseTrustedConnection = Test-TrustedConnection $PSBoundParameters

        $SqlParams = @{ DatabaseServer = $DatabaseServer; DatabaseName = $DatabaseName;
            SqlUser = $SqlUser; SqlPwd = $SqlPwd
        }

        $SqlCommand = Get-SqlCommand @SqlParams -TrustedConnection $UseTrustedConnection

        try {
            $sqlCommand.Connection.Open()
        }
        catch {
            Write-PSFMessage -Level Host -Message "Something went wrong while working against the database" -Exception $PSItem.Exception
            Stop-PSFFunction -Message "Stopping because of errors"
            return
        }
    }

    process {
        if (Test-PSFFunctionInterrupt) { return }
        
        try {
            $userAuth = Get-D365UserAuthenticationDetail $Email

            $provider = $userAuth.NetworkDomain
            $sid = $userAuth.SID
            
            Write-PSFMessage -Level Verbose -Message "Extracted sid: $sid"

            Import-AadUserIntoD365FO -SqlCommand $SqlCommand -SignInName $Email -Name $Name -Id $Id -SID $SID -StartUpCompany $Company -IdentityProvider $provider -NetworkDomain $provider -Language $Language

            if (Test-PSFFunctionInterrupt) { return }
        }
        catch {
            Write-PSFMessage -Level Host -Message "Something went wrong while working against the database" -Exception $PSItem.Exception
            Stop-PSFFunction -Message "Stopping because of errors"
            return
        }
        finally {
            if ($sqlCommand.Connection.State -ne [System.Data.ConnectionState]::Closed) {
                $sqlCommand.Connection.Close()
            }
            $sqlCommand.Dispose()
        }
    }

    end {
        if ($sqlCommand.Connection.State -ne [System.Data.ConnectionState]::Closed) {
            $sqlCommand.Connection.Close()
        }

        $sqlCommand.Dispose()

        Invoke-TimeSignal -End
    }
}