PersonUser.ps1

<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>


function New-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on: 9/29/2020
    Created by: Dimitar Milov
    Twitter: @dimitar_milov
    Github: https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function creates new person user account.
 
    .PARAMETER UserName
    Specifies the UserName of the requested person user account.
 
    .PARAMETER Password
    Specifies the Password of the requested person user account.
 
    .PARAMETER Description
    Specifies the Description of the requested person user account.
 
    .PARAMETER EmailAddress
    Specifies the EmailAddress of the requested person user account.
 
    .PARAMETER FirstName
    Specifies the FirstName of the requested person user account.
 
    .PARAMETER LastName
    Specifies the FirstName of the requested person user account.
 
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
 
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
 
    Creates person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
 
    .EXAMPLE
    New-SsoPersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
 
    Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
#>

    [CmdletBinding(ConfirmImpact = 'Low')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'User name of the new person user account')]
        [string]
        $UserName,

        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Password of the new person user account')]
        [string]
        $Password,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Description of the new person user account')]
        [string]
        $Description,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'EmailAddress of the new person user account')]
        [string]
        $EmailAddress,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'FirstName of the new person user account')]
        [string]
        $FirstName,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'LastName of the new person user account')]
        [string]
        $LastName,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)

    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }

        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }

            # Output is the result of 'CreateLocalUser'
            try {
                $connection.Client.CreateLocalUser(
                    $UserName,
                    $Password,
                    $Description,
                    $EmailAddress,
                    $FirstName,
                    $LastName
                )
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
}

function Get-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on: 9/29/2020
    Created by: Dimitar Milov
    Twitter: @dimitar_milov
    Github: https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function gets person user account.
 
    .PARAMETER Name
    Specifies Name to filter on when searching for person user accounts.
 
    .PARAMETER Domain
    Specifies the Domain in which search will be applied, default is 'localos'.
 
    .PARAMETER Group
    Specifies the group in which search for person user members will be applied.
 
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
 
    .EXAMPLE
    Get-SsoPersonUser -Name admin -Domain vsphere.local
 
    Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
 
    .EXAMPLE
    Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
 
    Gets person user accounts members of 'Administrators' group
#>

    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Name filter to be applied when searching for person user accounts')]
        [string]
        $Name,

        [Parameter(
            ParameterSetName = 'ByNameAndDomain',
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain name to search in, default is "localos"')]
        [string]
        $Domain = 'localos',

        [Parameter(
            ParameterSetName = 'ByGroup',
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Searches members of the specified group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)

    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }

        if ($Name -eq $null) {
            $Name = [string]::Empty
        }

        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }

                $personUsers = $null

                if ($Group -ne $null) {
                    $personUsers = $connection.Client.GetPersonUsersInGroup(
                        (RemoveWildcardSymbols $Name),
                        $Group)
                }
                else {
                    $personUsers = $connection.Client.GetLocalUsers(
                        (RemoveWildcardSymbols $Name),
                        $Domain)
                }

                if ($personUsers -ne $null) {
                    foreach ($personUser in $personUsers) {
                        if ([string]::IsNullOrEmpty($Name) ) {
                            Write-Output $personUser
                        }
                        else {
                            # Apply Name filtering
                            if ((HasWildcardSymbols $Name) -and `
                                    $personUser.Name -like $Name) {
                                Write-Output $personUser
                            }
                            elseif ($personUser.Name -eq $Name) {
                                # Exactly equal
                                Write-Output $personUser
                            }
                        }
                    }
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
}

function Set-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on: 9/29/2020
    Created by: Dimitar Milov
    Twitter: @dimitar_milov
    Github: https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    Updates person user account.
 
    .PARAMETER User
    Specifies the PersonUser instance to update.
 
    .PARAMETER Group
    Specifies the Group you want to add or remove PwersonUser from.
 
    .PARAMETER Add
    Specifies user will be added to the spcified group.
 
    .PARAMETER Remove
    Specifies user will be removed from the spcified group.
 
    .PARAMETER Unlock
    Specifies user will be unlocked.
 
    .PARAMETER NewPassword
    Specifies new password for the specified user.
 
    .PARAMETER Enable
    Specifies user to be enabled or disabled.
 
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
 
    Adds $myPersonUser to $myExampleGroup
 
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
 
    Removes $myPersonUser from $myExampleGroup
 
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
 
    Unlocks $myPersonUser
 
     .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Enable $false -Server $ssoAdminConnection
 
    Disable user account
 
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
 
    Resets $myPersonUser password
#>

    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Person User instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User,

        [Parameter(
            ParameterSetName = 'AddToGroup',
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want user to be added to or removed from')]
        [Parameter(
            ParameterSetName = 'RemoveFromGroup',
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want user to be added to or removed from')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,

        [Parameter(
            ParameterSetName = 'AddToGroup',
            Mandatory = $true)]
        [switch]
        $Add,

        [Parameter(
            ParameterSetName = 'RemoveFromGroup',
            Mandatory = $true)]
        [switch]
        $Remove,

        [Parameter(
            ParameterSetName = 'ResetPassword',
            Mandatory = $true,
            HelpMessage = 'New password for the specified user.')]
        [ValidateNotNull()]
        [string]
        $NewPassword,

        [Parameter(
            ParameterSetName = 'UnlockUser',
            Mandatory = $true,
            HelpMessage = 'Specifies to unlock user account.')]
        [switch]
        $Unlock,

        [Parameter(
            ParameterSetName = 'EnableDisableUserAccount',
            Mandatory = $true,
            HelpMessage = 'Specifies to enable or disable user account.')]
        [bool]
        $Enable)

    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }

                if ($Add) {
                    $result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
                    if ($result) {
                        Write-Output $u
                    }
                }

                if ($Remove) {
                    $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
                    if ($result) {
                        Write-Output $u
                    }
                }

                if ($Unlock) {
                    $result = $ssoAdminClient.UnlockPersonUser($u)
                    if ($result) {
                        Write-Output $u
                    }
                }

                if ($NewPassword) {
                    $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
                    Write-Output $u
                }

                if ($PSBoundParameters.ContainsKey('Enable')) {
                    $result = $false
                    if ($Enable) {
                        $result = $ssoAdminClient.EnablePersonUser($u)
                    } else {
                        $result = $ssoAdminClient.DisablePersonUser($u)
                    }
                    if ($result) {
                        # Return update person user
                        Write-Output ($ssoAdminClient.GetLocalUsers($u.Name, $u.Domain))
                    }
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
}

function Set-SsoSelfPersonUserPassword {
    <#
    .NOTES
    ===========================================================================
    Created on: 2/19/2021
    Created by: Dimitar Milov
    Twitter: @dimitar_milov
    Github: https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    Resets connected person user password.
 
 
    .PARAMETER NewPassword
    Specifies new password for the connected person user.
 
 
    .EXAMPLE
    Set-SsoSelfPersonUserPassword -Password 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
 
    Resets password
#>

    [CmdletBinding(ConfirmImpact = 'High')]
    param(
        [Parameter(
            Mandatory = $true,
            HelpMessage = 'New password for the connected user.')]
        [ValidateNotNull()]
        [SecureString]
        $Password,

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)

    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }

        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }

            try {
                $connection.Client.ResetSelfPersonUserPassword($Password)
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
}

function Remove-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on: 9/29/2020
    Created by: Dimitar Milov
    Twitter: @dimitar_milov
    Github: https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function removes existing person user account.
 
    .PARAMETER User
    Specifies the PersonUser instance to remove.
 
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    $myNewPersonUser = New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
    Remove-SsoPersonUser -User $myNewPersonUser
 
    Remove person user account with user name 'myAdmin'
#>

    [CmdletBinding(ConfirmImpact = 'High')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Person User instance you want to remove')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User)

    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }

                $ssoAdminClient.DeleteLocalUser($u)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
}