Public/Convert-ADUsersToBBUserExport.ps1
Function Convert-ADUsersToBBUserExport { <# .SYNOPSIS Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking .DESCRIPTION Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking. Expecting the output of Get-ADUsersForBB .PARAMETER ADUserPincodePropertyName Optional ActiveDirectory User Property which contains the pincode .PARAMETER ADUserNamePropertyName Optional ActiveDirectory User Property which contains the name of the user, in case you do not want to use the default property .PARAMETER ADUserMobilePropertyName Optional User Property which contains the mobile phone number .PARAMETER ADUserNFCIdPropertyName Optional User Property which contains the NFC Identifier, note that this must be in hex format, example: XX:XX:XX .PARAMETER ADUserDefaultCostCenterIdOrNamePropertyName Optional User Property which contains the Default Cost Center for the user, which can be the Name or the Id, both the name or id can be found in the GoBright portal .PARAMETER ADSpecificUsername Optional way to get a specific username from ActiveDirectory which should be used to authenticate the users when he logs in into GoBright BrightBooking (app/portal). You can choose which username should be used, DOMAIN\UserName or the UserPrincipalName (UPN) .PARAMETER UserDefaultRoleName Optional default name of role the role the user should get (will be assigned to every user, except for the matches find in 'GroupUserRoleMapping') .PARAMETER GroupUserRoleMapping Optional map of ADGroupNames (by their distinguishedName) and the corresponding role name that should be assigned. First match will be taken, and will override a potential given 'UserDefaultRoleName' Examplestructure to supply in this parameter: $groupToRoleMapping = @() $groupToRoleMapping += @{ADDistinguishedName = "OU=GoBrightBookingManagers,OU=Groups,DC=company,DC=com"; RoleName = "Bookingmanagers"} $groupToRoleMapping += @{ADDistinguishedName = ""; RoleName = "Standard user role"; MatchType = "AddForEveryUser"} # NOTE: Here a special case, by setting MatchType = "AddForEveryUser", every user will be assigned to this "Standard user role" .EXAMPLE Get-ADUsersForBB -Filter * | Convert-ADUsersToBBUserExport # Get all users in the Active Directory and convert the information to the needed format .EXAMPLE Get-ADUsersForBB -SearchBase "OU=Office,DC=Company,DC=com" -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName | Convert-ADUsersToBBUserExport -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName # Get the users in the Active Directory, which in the specified SearchBase path, and use the custom property 'PersonnelNumber' as pincode, and the custom property 'FullUserName' as username .LINK https://support.gobright.com/ .LINK https://technet.microsoft.com/library/hh852208.aspx .LINK Get-ADUsersForBB .LINK Export-ADUsersToBB #> [CmdletBinding()] Param( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [System.Object[]]$pipelineADUsers, [Parameter(Mandatory = $False, Position = 1)] [string]$ADUserPincodePropertyName, [Parameter(Mandatory = $False, Position = 2)] [string]$ADUserNamePropertyName, [Parameter(Mandatory = $False)] [string]$ADUserMobilePropertyName = "Mobile", [Parameter(Mandatory = $False)] [string]$ADUserNFCIdPropertyName, [Parameter(Mandatory = $False)] [string]$ADUserDefaultCostCenterIdOrNamePropertyName, [Parameter(Mandatory = $False, Position = 3)] [ValidateSet("None", "UserPrincipalName", "DomainPlusUsername")] [string]$ADSpecificUsername = "None", [Parameter(Mandatory = $False)] [string]$UserDefaultRoleName, [Parameter(Mandatory = $False)] [System.Object[]]$GroupUserRoleMapping ) Begin { # Process the incoming ADUsers $outputUsers = @() } Process { $lastDCParts = "" $lastDomainNetbiosName = "" Foreach ($ADUser in $pipelineADUsers) { $userName = "" If ($ADUserNamePropertyName) { $userName = $ADUser.$ADUserNamePropertyName } Else { $userName = $ADUser.DisplayName } $userMobile = "" If ($ADUserMobilePropertyName) { $userMobile = $ADUser.$ADUserMobilePropertyName } $userNFCId = "" If ($ADUserNFCIdPropertyName) { $userNFCId = $ADUser.$ADUserNFCIdPropertyName } $userDefaultCostCenterIdOrName = "" If ($ADUserDefaultCostCenterIdOrNamePropertyName) { $userDefaultCostCenterIdOrName = $ADUser.$ADUserDefaultCostCenterIdOrNamePropertyName } $userEmailAddress = $ADUser.Mail $userEnabled = $false If ($ADUser.Enabled -And $userEmailAddress) { $userEnabled = $true } $userAuthenticationUsername = ""; If ($ADSpecificUsername -eq "UserPrincipalName") { $userAuthenticationUsername = $ADUser.UserPrincipalName; } ElseIf ($ADSpecificUsername -eq "DomainPlusUsername") { $dcParts = (($ADUser.DistinguishedName.Split(",") | Where-Object { $_ -like "DC=*" }) -join ",") If ($dcParts -ne $lastDCParts) { $lastDomainNetbiosName = (Get-ADDomain $dcParts).NetBIOSName $lastDCParts = $dcParts } $userAuthenticationUsername = "$($lastDomainNetbiosName)\$($ADUser.SamAccountName)" } $userPincode = "" If ($ADUserPincodePropertyName) { $userPincode = $ADUser.$ADUserPincodePropertyName } $userMappedRoles = @() If ($GroupUserRoleMapping) { # lookup a groupname, we do this in the order of the supplied key/values Foreach ($mappingItem in $GroupUserRoleMapping) { $userMatches = $false If (-not ((-not $mappingItem.RoleType) -or ($mappingItem.RoleType -eq "MWV") -or ($mappingItem.RoleType -eq "View"))) { Write-Error "RoleType is not correct for role '$($mappingItem.RoleName)', valid RoleType values are: MWV or View, but found: '$($mappingItem.RoleType)', this rolemapping will be skipped" continue } # check if there is a 'special' matchtype, and otherwise match the default way If ($mappingItem.MatchType -eq "AddForEveryUser") { $userMatches = $true } Else { If ($ADUser.MemberOf -contains $mappingItem.ADDistinguishedName) { # checking the key, this is case-insensitive $userMatches = $true } } If ($userMatches) { $propertiesHash = [ordered]@{ RoleName = $mappingItem.RoleName RoleType = $mappingItem.RoleType } $userMappedRoles += New-Object PSObject -Property $propertiesHash } } } # if nothing matched, then add the default rolename If ($UserDefaultRoleName) { If ($userMappedRoles.Count -eq 0) { $propertiesHash = [ordered]@{ RoleName = $UserDefaultRoleName } $userMappedRoles += New-Object PSObject -Property $propertiesHash } } $outputUserPropertiesHash = [ordered]@{ EmailAddress = $userEmailAddress Name = $userName TelephoneMobile = $userMobile AuthenticationUsername = $userAuthenticationUsername Pincode = $userPincode Active = $userEnabled UniqueImportID = $ADUser.ObjectGUID UserMappedRoles = $userMappedRoles NFCId = $userNFCId DefaultCostCenterIdOrName = $userDefaultCostCenterIdOrName } $outputUser = New-Object PSObject -Property $outputUserPropertiesHash $outputUsers += $outputUser } } End { # Return the converted users Return $outputUsers } } |