EguibarIT.DelegationPS

1.126.59

Public/Miscellaneous/Set-CreateDeleteInetOrgPerson.ps1

                                function Set-CreateDeleteInetOrgPerson {

    <#

        .Synopsis

            The function will delegate the permission for a group to create/Delete

            inetOrgPerson objects in an OU

        .DESCRIPTION

             The function will delegate the permission for a group to create/Delete

            inetOrgPerson objects in an OU

        .EXAMPLE

            Set-CreateDeleteInetOrgPerson -Group "SG_SiteAdmins_XXXX" -LDAPPath "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local"

        .EXAMPLE

            Set-CreateDeleteInetOrgPerson -Group "SG_SiteAdmins_XXXX" -LDAPPath "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local" -RemoveRule

        .PARAMETER Group

            [STRING] for the Delegated Group Name

        .PARAMETER LDAPpath

            [STRING] Distinguished Name of the OU where the computer DnsInfo will be set.

        .PARAMETER RemoveRule

            Param3 RemoveRule:...[SWITCH] If present, the access rule will be removed

        .NOTES

            Used Functions:

                Name                                   | Module

                ---------------------------------------|--------------------------

                Set-AclConstructor5                    | EguibarIT.DelegationPS

                Get-AttributeSchemaHashTable           | EguibarIT.DelegationPS

        .NOTES

            Version:         1.1

            DateModified:    14/Oct/2016

            LasModifiedBy:   Vicente Rodriguez Eguibar

                vicente@eguibar.com

                Eguibar Information Technology S.L.

                http://www.eguibarit.com

    #>

    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]

    [OutputType([void])]

    Param (

        # PARAM1 STRING for the Delegated Group Name

        [Parameter(Mandatory = $true,

            ValueFromPipeline = $true,

            ValueFromPipelineByPropertyName = $true,

            HelpMessage = 'Identity of the group getting the delegation, usually a DomainLocal group.',

            Position = 0)]

        [ValidateNotNullOrEmpty()]

        [Alias('IdentityReference', 'Identity', 'Trustee', 'GroupID')]

        $Group,

        # PARAM2 Distinguished Name of the OU where the computer DnsInfo will be set

        [Parameter(Mandatory = $true,

            ValueFromPipeline = $true,

            ValueFromPipelineByPropertyName = $true,

            HelpMessage = 'Distinguished Name of the OU where the computer DnsInfo will be set',

            Position = 1)]

        [ValidateNotNullOrEmpty()]

        [ValidateScript({ Test-IsValidDN -ObjectDN $_ }, ErrorMessage = 'DistinguishedName provided is not valid! Please Check.')]

        [Alias('DN', 'DistinguishedName')]

        [String]

        $LDAPpath,

        # PARAM3 SWITCH If present, the access rule will be removed.

        [Parameter(Mandatory = $false,

            ValueFromPipeline = $true,

            ValueFromPipelineByPropertyName = $true,

            HelpMessage = 'If present, the access rule will be removed.',

            Position = 2)]

        [ValidateNotNullOrEmpty()]

        [Switch]

        $RemoveRule

    )

    Begin {

        $txt = ($Variables.HeaderDelegation -f

            (Get-Date).ToShortDateString(),

            $MyInvocation.Mycommand,

            (Get-FunctionDisplay -HashTable $PsBoundParameters -Verbose:$False)

        )

        Write-Verbose -Message $txt

        ##############################

        # Module imports

        ##############################

        # Variables Definition

        [Hashtable]$Splat = [hashtable]::New([StringComparer]::OrdinalIgnoreCase)

        Write-Verbose -Message 'Checking variable $Variables.GuidMap. In case is empty a function is called to fill it up.'

        Get-AttributeSchemaHashTable

        # Verify Group exist and return it as Microsoft.ActiveDirectory.Management.AdGroup

        $CurrentGroup = Get-AdObjectType -Identity $PSBoundParameters['Group']

    } #end Begin

    Process {

        $Splat = @{

            Id                    = $CurrentGroup

            LDAPPath              = $PSBoundParameters['LDAPpath']

            AdRight               = 'CreateChild', 'DeleteChild'

            AccessControlType     = 'Allow'

            ObjectType            = $Variables.GuidMap['inetOrgPerson']

            AdSecurityInheritance = 'All'

        }

        # Check if RemoveRule switch is present.

        If ($PSBoundParameters['RemoveRule']) {

            if ($Force -or $PSCmdlet.ShouldProcess($PSBoundParameters['Group'], 'Remove permissions for inetOrgPerson?')) {

                # Add the parameter to remove the rule

                $Splat.Add('RemoveRule', $true)

            } #end If

        } #end If

        If ($Force -or $PSCmdlet.ShouldProcess($PSBoundParameters['Group'], 'Delegate the permissions for inetOrgPerson?')) {

            Set-AclConstructor5 @Splat

        } #end If

    } #end Process

    End {

        if ($RemoveRule) {

            Write-Verbose ('Permissions removal process completed for group: {0} on {1}' -f $PSBoundParameters['Group'], $PSBoundParameters['LDAPpath'])

        } else {

            Write-Verbose ('Permissions delegation process completed for group: {0} on {1}' -f $PSBoundParameters['Group'], $PSBoundParameters['LDAPpath'])

        } #end If-Else

        $txt = ($Variables.FooterDelegation -f $MyInvocation.InvocationName,

            'delegating create/delete InetOrg person.'

        )

        Write-Verbose -Message $txt

    } #end END

}