-
Notifications
You must be signed in to change notification settings - Fork 2
/
postAdAction.enable.UpdateADAccountDescription.ps1
73 lines (63 loc) · 3.05 KB
/
postAdAction.enable.UpdateADAccountDescription.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#Initialize default properties
$p = $person | ConvertFrom-Json
$m = $manager | ConvertFrom-Json
$aRef = $accountReference | ConvertFrom-Json
$mRef = $managerAccountReference | ConvertFrom-Json
$location = $p.primaryContract.Location.Code
# The entitlementContext contains the domainController, adUser, configuration, exchangeConfiguration and exportData
# - domainController: The IpAddress and name of the domain controller used to perform the action on the account
# - adUser: Information about the adAccount: objectGuid, samAccountName and distinguishedName
# - configuration: The configuration that is set in the Custom PowerShell configuration
# - exchangeConfiguration: The configuration that was used for exchange if exchange is turned on
# - exportData: All mapping fields where 'Store this field in person account data' is turned on
$eRef = $entitlementContext | ConvertFrom-Json
$auditLogs = [Collections.Generic.List[PSCustomObject]]::new()
# logging preferences
$verbosePreference = "SilentlyContinue"
$InformationPreference = "Continue"
$WarningPreference = "Continue"
#region Change mapping here
$currentDate = (Get-Date).ToString("dd/MM/yyyy hh:mm:ss")
$account = @{
Identity = $aRef.ObjectGuid
Description = "Enabled by HelloID at $currentDate"
}
#endregion Change mapping here
if (-Not($dryRun -eq $true)) {
try {
# Get Current Account
$properties = @('SID', 'ObjectGuid', 'UserPrincipalName', 'SamAccountName', 'Description')
$previousAccount = Get-ADUser -Identity $account.Identity -Properties $properties -Server $eRef.domainController.Name | Select-Object $properties
Write-Verbose "Updating AD account $($account.Identity). Previous Description: $($previousAccount.Description). New Description: '$($account.Description)'"
$updateUser = Set-ADUser @account -ErrorAction Stop
Write-Information "Succesfully updated AD account $($account.Identity). Previous Description: '$($previousAccount.Description)'. New Description: '$($account.Description)'"
$success = $true
$auditLogs.Add([PSCustomObject]@{
Action = "EnableAccount"
Message = "Succesfully updated AD account $($account.Identity). Previous Description: '$($previousAccount.Description)'. New Description: '$($account.Description)'"
IsError = $False
})
}
catch {
$success = $False
$auditLogs.Add([PSCustomObject]@{
Action = "EnableAccount"
Message = "Failed to update AD account $($account.Identity). Previous Description: '$($previousAccount.Description)'. New Description: '$($account.Description)'. Error: $($_)"
IsError = $True
})
throw $_
}
}
else {
# Write dry run logic here
}
#build up result
$result = [PSCustomObject]@{
Success = $success
AuditLogs = $auditLogs
# Return data for use in other systems.
# If not present or empty the default export data will be used
# ExportData = [PSCustomObject]@{}
}
#send result back
Write-Output $result | ConvertTo-Json -Depth 10