Yamautomate.IAM.ps1
|
Function Log-Event { param ( [Parameter(Mandatory=$false)] [string]$logName = "Application", [Parameter(Mandatory=$false)] [string]$source = "IdGov-New-AdUser-Workflow", [Parameter(Mandatory=$false)] [string]$entryType = "Information", [Parameter(Mandatory=$false)] [int]$eventId = 1001, [Parameter(Mandatory=$true)] [string]$message ) Write-EventLog -LogName $logName -Source $source -EntryType $entryType -EventId $eventId -Message $message } function New-LogMessage { param ( [string]$CustomText, [string]$FunctionName ) if (!($FunctionName)) { # Get the name of the calling function $FunctionName = (Get-PSCallStack)[1].FunctionName } $CurrentDate = Get-Date $LogMessage = ($FunctionName+" @ "+$CurrentDate+": "+$CustomText) return $LogMessage } Function New-YcAdUser { param ( [Parameter(Mandatory=$true)] [string]$firstname, [Parameter(Mandatory=$true)] [string]$lastname, [Parameter(Mandatory=$true)] [ValidateSet("CH", "DE", "AMER")] [string]$location, [Parameter(Mandatory=$true)] [string]$department, [Parameter(Mandatory=$true)] [string]$team, [Parameter(Mandatory=$true)] [string]$phoneNumber, [Parameter(Mandatory=$true)] [string]$jobTitle, [Parameter(Mandatory=$true)] [string]$manager, [Parameter(Mandatory=$false)] [string]$PathToConfig = "C:\Temp\IdGov-NewAdUser-Config.json" ) try { Import-Module Yamautomate.Core $requiredModules = @("ActiveDirectory") Get-YcRequiredModules -moduleNames $requiredModules -ErrorAction Stop } catch { Write-Output (New-LogMessage -CustomText ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message) } Initialize-YcEventLogging -source "IdGov-New-AdUser-Workflow" Log-Event -message (New-LogMessage -CustomText ("Loading config from path: "+$PathToConfig+". Abort if not successful. ")) Write-Output (New-LogMessage -CustomText ("Loading config from path: "+$PathToConfig+". Abort if not successful. ")) try { $config = Get-Content -raw -Path $PathToConfig | ConvertFrom-Json -ErrorAction Stop $locationForLookup = "Location-"+$location $Street = $config.$locationForLookup.Street $City = $config.$locationForLookup.City $ZIPCode = $config.$locationForLookup.ZIPCode $Country = $config.$locationForLookup.Country $CountryPhone = $config.$locationForLookup.Phone $TopLevelDomain = $config.$locationForLookup.TopLevelDomain $OU = $config.ADSetup.OU $rawDomainName = $config.ADSetup.rawDomainName Write-Output (New-LogMessage -CustomText ("Successfuly loaded config from path: "+$PathToConfig)) Log-Event -message (New-LogMessage -CustomText ("Successfuly loaded config from path: "+$PathToConfig)) } catch { throw ("Could not grab contents of ConfigFile. Aborting. Error Details: "+$_.Exception.Message) } # Construct the user’s full name and username with the location TLD $displayName = "$firstname $lastname" $samAccountName = "$firstname.$lastname" Write-Output (New-LogMessage -CustomText ("SamAccountName for new User is: "+$samAccountName)) Log-Event -message (New-LogMessage -CustomText ("SamAccountName for new User is: "+$samAccountName)) # Primary and secondary email $primaryEmail = "$firstname.$lastname@$rawDomainname$TopLevelDomain" if ($location -eq "AMER") { $secondaryEmail = "$firstname.$lastname@$rawDomainname.ch" } else { $secondaryEmail = "$firstname.$lastname@$rawDomainname.com" } # Set proxy addresses (Aliases) $proxyAddresses = @("SMTP:$primaryEmail", "smtp:$secondaryEmail") Write-Output (New-LogMessage -CustomText ("SMTP Addresses for new user are: "+$proxyAddresses)) Log-Event -message (New-LogMessage -CustomText ("SMTP Addresses for new user are: "+$proxyAddresses)) #Create Random Password $InitialPw = New-YcRandomPassword -length 14 # Create the Active Directory user try { New-ADUser ` -GivenName $firstname ` -Surname $lastname ` -Name $displayName ` -SamAccountName $samAccountName ` -UserPrincipalName $primaryEmail ` -Path $OU ` -Division $team ` -OfficePhone $phoneNumber ` -Title $jobTitle ` -Department $department ` -DisplayName $displayName ` -StreetAddress $Street ` -City $City ` -PostalCode $ZIPCode ` -Country $Country ` -Enabled $true ` -AccountPassword (ConvertTo-SecureString "SomeRandomPassword" -AsPlainText -Force) ` -ChangePasswordAtLogon $true ` -EmailAddress $primaryEmail Write-Output (New-LogMessage -CustomText ("Successfully created new AD User: "+$samAccountName)) Log-Event -message (New-LogMessage -CustomText ("Successfully created new AD User: "+$samAccountName)) } catch { Write-Output (New-LogMessage -CustomText ("Could not create AD User. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not create AD User. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not create AD User. Aborting. Error Details: "+$_.Exception.Message) } # Add proxy addresses to the user try { Set-ADUser -Identity $samAccountName -Add @{proxyAddresses=$proxyAddresses} Write-Output (New-LogMessage -CustomText ("Successfully set proxy addresses on new AD User: "+$samAccountName)) Log-Event -message (New-LogMessage -CustomText ("Successfully set proxy addresses on new AD User: "+$samAccountName)) } catch { Write-Output (New-LogMessage -CustomText ("Could not set proxy address on AD User. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not set proxy address on AD User. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not set proxy address on AD User. Aborting. Error Details: "+$_.Exception.Message) } # Add organization tab information try { Set-ADUser -Identity $samAccountName -Title $jobTitle -Department $department -Manager $manager Write-Output (New-LogMessage -CustomText ("Successfully set organizational info on new AD User: "+$samAccountName)) Log-Event -message (New-LogMessage -CustomText ("Successfully set organizational info on new AD User: "+$samAccountName)) } catch { Write-Output (New-LogMessage -CustomText ("Could not set organization tab info on AD User. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not set organization tab info on AD User. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not set organization tab info on AD User. Aborting. Error Details: "+$_.Exception.Message) } #Set country-specific main phone number try { Set-ADUser -Identity $samAccountName -Replace @{ipPhone=$CountryPhone} Write-Output (New-LogMessage -CustomText ("Successfully set Ip Phone on: "+$samAccountName)) Log-Event -message (New-LogMessage -CustomText ("Successfully set Ip Phone on new AD User: "+$samAccountName)) } catch { Write-Output (New-LogMessage -CustomText ("Could not set country-specific main phone number on AD User. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not set country-specific main phone number on AD User. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not set country-specific main phone number on AD User. Aborting. Error Details: "+$_.Exception.Message) } return $InitialPw } Function New-YcTeamsPhoneNumberAssignment { param ( [Parameter(Mandatory=$true)] [string]$phoneNumber, [Parameter(Mandatory=$true)] [string]$firstname, [Parameter(Mandatory=$true)] [string]$lastname, [Parameter(Mandatory=$false)] [string]$PathToConfig = "C:\Temp\IdGov-NewAdUser-Config.json" ) try { Import-Module Yamautomate.Core $requiredModules = @("MicrosoftTeams") Get-YcRequiredModules -moduleNames $requiredModules -ErrorAction Stop } catch { Write-Output (New-LogMessage -CustomText ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not import needed modules. Aborting. Error Details: "+$_.Exception.Message) } Initialize-YcEventLogging -source "IdGov-New-AdUser-Workflow" try { $config = Get-Content -raw -Path $PathToConfig | ConvertFrom-Json -ErrorAction Stop $locationForLookup = "Location-"+$location $TopLevelDomain = $config.$locationForLookup.TopLevelDomain $CertificateThumbprint = $config.Teams.CertificateThumbprint $tenantId = $config.Teams.tenantId $appId = $config.Teams.AzureAppRegistrationClientId $rawDomainName = $config.ADSetup.rawDomainName $policyname = $config.Teams.PolicyName Write-Output (New-LogMessage -CustomText ("Successfuly loaded config from path: "+$PathToConfig)) Log-Event -message (New-LogMessage -CustomText ("Successfuly loaded config from path: "+$PathToConfig)) } catch { Write-Output (New-LogMessage -CustomText ("Could not grab contents of ConfigFile. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not grab contents of ConfigFile. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not grab contents of ConfigFile. Aborting. Error Details: "+$_.Exception.Message) } try { Connect-MicrosoftTeams -TenantId $tenantId -Certificate $CertificateThumbprint -ApplicationId $appId } catch { Write-Output (New-LogMessage -CustomText ("Could not connect to Teams. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not connect to Teams.. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not connect to Teams. Aborting. Error Details: "+$_.Exception.Message) } $identity = $firstname+"."+$lastname+"@"+$rawDomainName+$TopLevelDomain Write-Output ("Add the phone number " + $phoneNumber + " to the user " + $identity + " and assign to the policy " + $policyname) try { Set-CsPhoneNumberAssignment -Identity $identity -PhoneNumber $phoneNumber -PhoneNumberType DirectRouting Grant-CsOnlineVoiceRoutingPolicy -Identity $identity -PolicyName $policyname Grant-CsTeamsUpgradePolicy -Identity $identity -PolicyName UpgradeToTeams } catch { Write-Output (New-LogMessage -CustomText ("Could not connect to assign phoneNumber. Aborting. Error Details: "+$_.Exception.Message)) Log-Event -message (New-LogMessage -CustomText ("Could not connect to assign phoneNumber.. Aborting. Error Details: "+$_.Exception.Message)) throw ("Could not connect to assign phoneNumber. Aborting. Error Details: "+$_.Exception.Message) } finally { Disconnect-MicrosoftTeams } } |