AzureAD/Create-AadUsersInNavContainer.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<#
 .Synopsis
  Enumerate users in AAD and create them in NAV Container
 .Description
  This function will create an app in AAD, to allow NAV Web and Windows Client to use AAD for authentication
  Optionally the function can also create apps for the Excel AddIn and/or PowerBI integration
 .Parameter containerName
  Name of the container in which you want to create the users (default navserver)
 .Parameter tenant
  Name of tenant in which you want to create a users
 .Parameter AadAdminCredential
  Credentials for your AAD/Office 365 administrator user, who can enumerate users in the AAD
 .Parameter ChangePasswordAtNextLogOn
  Switch to indicate that the users needs to change password at next login (if using NavUserPassword authentication)
 .Parameter PermissionSetId
  Name of the permissionSetId to assign to the user (default is SUPER)
 .Parameter SecurePassword
  Default password for all users
 .Example
  Create-AadUsersInNavContainer -containerName test -AadAdminCredential (Get-Credential)
#>

function Create-AadUsersInNavContainer
{
    Param
    (
        [Parameter(Mandatory=$false)]
        [string]$containerName = "navserver",
        [Parameter(Mandatory=$false)]
        [string]$tenant = "default",
        [Parameter(Mandatory=$true)]
        [System.Management.Automation.PSCredential]$AadAdminCredential,
        [parameter(Mandatory=$false)]
        [bool]$ChangePasswordAtNextLogOn = $true,
        [Parameter(Mandatory=$false)]
        [string]$permissionSetId = "SUPER",
        [Parameter(Mandatory=$false)]
        [Securestring]$securePassword = $AadAdminCredential.Password
    )
    
    if (!(Get-PackageProvider -Name NuGet -ListAvailable -ErrorAction Ignore)) {
        Write-Host "Installing NuGet Package Provider"
        Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -WarningAction Ignore | Out-Null
    }

    if (!(Get-Package -Name AzureAD -ErrorAction Ignore)) {
        Write-Host "Installing AzureAD PowerShell package"
        Install-Package AzureAD -Force -WarningAction Ignore | Out-Null
    }

    # Login to AzureRm
    $account = Connect-AzureAD -Credential $AadAdminCredential
    Get-AzureADUser -All $true | Where-Object { $_.AccountEnabled } | ForEach-Object {
        $userName = $_.MailNickName
        if (Get-NavContainerNavUser -containerName $containerName -tenant $tenant | Where-Object { $_.UserName -eq $userName }) {
            Write-Host "User $userName already exists"
        } else {
            $Credential = [System.Management.Automation.PSCredential]::new($userName, $securePassword)
            New-NavContainerNavUser -containerName $containerName -tenant $tenant -AuthenticationEmail $_.UserPrincipalName -Credential $Credential -PermissionSetId $permissionSetId -ChangePasswordAtNextLogOn $ChangePasswordAtNextLogOn
        }
    }
}
Export-ModuleMember -Function Create-AadUsersInNavContainer