Public/Convert-ADUsersToBBUserExport.ps1

Function Convert-ADUsersToBBUserExport {
    <#
    .SYNOPSIS
        Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking
    .DESCRIPTION
        Convert-ADUsersToBBUserExport the user information from ActiveDirectory to the format needed for GoBright BrightBooking. Expecting the output of Get-ADUsersForBB
    .PARAMETER ADUserPincodePropertyName
        Optional ActiveDirectory User Property which contains the pincode
    .PARAMETER ADUserNamePropertyName
        Optional ActiveDirectory User Property which contains the name of the user, in case you do not want to use the default property
    .PARAMETER ADUserMobilePropertyName
        Optional User Property which contains the mobile phone number
    .PARAMETER ADUserNFCIdPropertyName
        Optional User Property which contains the NFC Identifier, note that this must be in hex format, example: XX:XX:XX
    .PARAMETER ADUserDefaultCostCenterIdOrNamePropertyName
        Optional User Property which contains the Default Cost Center for the user, which can be the Name or the Id, both the name or id can be found in the GoBright portal
    .PARAMETER ADSpecificUsername
        Optional way to get a specific username from ActiveDirectory which should be used to authenticate the users when he logs in into GoBright BrightBooking (app/portal). You can choose which username should be used, DOMAIN\UserName or the UserPrincipalName (UPN)
    .PARAMETER UserDefaultRoleName
        Optional default name of role the role the user should get (will be assigned to every user, except for the matches find in 'GroupUserRoleMapping')
    .PARAMETER GroupUserRoleMapping
        Optional map of ADGroupNames (by their distinguishedName) and the corresponding role name that should be assigned. First match will be taken, and will override a potential given 'UserDefaultRoleName'
        Examplestructure to supply in this parameter:
        $groupToRoleMapping = @()
        $groupToRoleMapping += @{ADDistinguishedName = "OU=GoBrightBookingManagers,OU=Groups,DC=company,DC=com"; RoleName = "Bookingmanagers"}
        $groupToRoleMapping += @{ADDistinguishedName = ""; RoleName = "Standard user role"; MatchType = "AddForEveryUser"} # NOTE: Here a special case, by setting MatchType = "AddForEveryUser", every user will be assigned to this "Standard user role"
    .EXAMPLE
        Get-ADUsersForBB -Filter * | Convert-ADUsersToBBUserExport
        # Get all users in the Active Directory and convert the information to the needed format
    .EXAMPLE
        Get-ADUsersForBB -SearchBase "OU=Office,DC=Company,DC=com" -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName | Convert-ADUsersToBBUserExport -ADUserPincodePropertyName PersonnelNumber -ADUserNamePropertyName FullUserName
        # Get the users in the Active Directory, which in the specified SearchBase path, and use the custom property 'PersonnelNumber' as pincode, and the custom property 'FullUserName' as username
    .LINK
        https://support.gobright.com/
    .LINK
        https://technet.microsoft.com/library/hh852208.aspx
    .LINK
        Get-ADUsersForBB
    .LINK
        Export-ADUsersToBB
    #>


    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $True, ValueFromPipeline = $True)]
        [System.Object[]]$pipelineADUsers,

        [Parameter(Mandatory = $False, Position = 1)]
        [string]$ADUserPincodePropertyName,

        [Parameter(Mandatory = $False, Position = 2)]
        [string]$ADUserNamePropertyName,

        [Parameter(Mandatory = $False)]
        [string]$ADUserMobilePropertyName = "Mobile",

        [Parameter(Mandatory = $False)]
        [string]$ADUserNFCIdPropertyName,

        [Parameter(Mandatory = $False)]
        [string]$ADUserDefaultCostCenterIdOrNamePropertyName,

        [Parameter(Mandatory = $False, Position = 3)]
        [ValidateSet("None", "UserPrincipalName", "DomainPlusUsername")]
        [string]$ADSpecificUsername = "None",

        [Parameter(Mandatory = $False)]
        [string]$UserDefaultRoleName,

        [Parameter(Mandatory = $False)]
        [System.Object[]]$GroupUserRoleMapping
    )

    Begin {
        # Process the incoming ADUsers
        $outputUsers = @()
    }

    Process {
        $lastDCParts = ""
        $lastDomainNetbiosName = ""

        Foreach ($ADUser in $pipelineADUsers) {
            $userName = ""
            If ($ADUserNamePropertyName) {
                $userName = $ADUser.$ADUserNamePropertyName
            }
            Else {
                $userName = $ADUser.DisplayName
            }

            $userMobile = ""
            If ($ADUserMobilePropertyName) {
                $userMobile = $ADUser.$ADUserMobilePropertyName
            }

            $userNFCId = ""
            If ($ADUserNFCIdPropertyName) {
                $userNFCId = $ADUser.$ADUserNFCIdPropertyName
            }

            $userDefaultCostCenterIdOrName = ""
            If ($ADUserDefaultCostCenterIdOrNamePropertyName) {
                $userDefaultCostCenterIdOrName = $ADUser.$ADUserDefaultCostCenterIdOrNamePropertyName
            }

            $userEmailAddress = $ADUser.Mail

            $userEnabled = $false
            If ($ADUser.Enabled -And $userEmailAddress) {
                $userEnabled = $true
            }

            $userAuthenticationUsername = "";
            If ($ADSpecificUsername -eq "UserPrincipalName") {
                $userAuthenticationUsername = $ADUser.UserPrincipalName;
            }
            ElseIf ($ADSpecificUsername -eq "DomainPlusUsername") {
                $dcParts = (($ADUser.DistinguishedName.Split(",") | Where-Object { $_ -like "DC=*" }) -join ",")
                If ($dcParts -ne $lastDCParts) {
                    $lastDomainNetbiosName = (Get-ADDomain $dcParts).NetBIOSName
                    $lastDCParts = $dcParts
                }
                $userAuthenticationUsername = "$($lastDomainNetbiosName)\$($ADUser.SamAccountName)"
            }

            $userPincode = ""
            If ($ADUserPincodePropertyName) {
                $userPincode = $ADUser.$ADUserPincodePropertyName
            }

            $userMappedRoles = @()
            If ($GroupUserRoleMapping) {
                # lookup a groupname, we do this in the order of the supplied key/values
                Foreach ($mappingItem in $GroupUserRoleMapping)    {
                    $userMatches = $false

                    If (-not ((-not $mappingItem.RoleType) -or ($mappingItem.RoleType -eq "MWV") -or ($mappingItem.RoleType -eq "View"))) {
                        Write-Error "RoleType is not correct for role '$($mappingItem.RoleName)', valid RoleType values are: MWV or View, but found: '$($mappingItem.RoleType)', this rolemapping will be skipped"
                        continue
                    }

                    # check if there is a 'special' matchtype, and otherwise match the default way
                    If ($mappingItem.MatchType -eq "AddForEveryUser") {
                        $userMatches = $true
                    }
                    Else {
                        If ($ADUser.MemberOf -contains $mappingItem.ADDistinguishedName) {
                            # checking the key, this is case-insensitive
                            $userMatches = $true
                        }
                    }

                    If ($userMatches) {
                        $propertiesHash = [ordered]@{
                            RoleName = $mappingItem.RoleName
                            RoleType = $mappingItem.RoleType
                        }
                        $userMappedRoles += New-Object PSObject -Property $propertiesHash
                    }
                }
            }
            # if nothing matched, then add the default rolename
            If ($UserDefaultRoleName) {
                If ($userMappedRoles.Count -eq 0) {
                    $propertiesHash = [ordered]@{
                        RoleName = $UserDefaultRoleName
                    }
                    $userMappedRoles += New-Object PSObject -Property $propertiesHash
                }
            }


            $outputUserPropertiesHash = [ordered]@{
                EmailAddress           = $userEmailAddress
                Name                   = $userName
                TelephoneMobile        = $userMobile
                AuthenticationUsername = $userAuthenticationUsername
                Pincode                = $userPincode
                Active                 = $userEnabled
                UniqueImportID         = $ADUser.ObjectGUID
                UserMappedRoles        = $userMappedRoles
                NFCId                  = $userNFCId
                DefaultCostCenterIdOrName = $userDefaultCostCenterIdOrName
            }

            $outputUser = New-Object PSObject -Property $outputUserPropertiesHash
            $outputUsers += $outputUser
        }
    }

    End {
        # Return the converted users
        Return $outputUsers
    }
}