Last active
February 2, 2016 06:13
-
-
Save darrenjrobinson/8d198c341015abde8b4f to your computer and use it in GitHub Desktop.
MIMUsrPlacementPSMA-Export
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param | |
| ( | |
| $username, | |
| $password, | |
| $Credentials, | |
| $ExportType | |
| ) | |
| begin | |
| { | |
| $DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\Placement\Placement\DebugOUExportMA.txt" | |
| if(!(Test-Path $DebugFilePath)) | |
| {$DebugFile = New-Item -Path $DebugFilePath -ItemType File} | |
| else | |
| {$DebugFile = Get-Item -Path $DebugFilePath} | |
| "Starting Export : " + (Get-Date) | Out-File $DebugFile -Append | |
| $securestring = New-Object -TypeName System.Security.SecureString | |
| # The OU where we land the new users. The ones that then need to be moved | |
| $landingOU = "OU=MIM,OU=customer,DC=domain,DC=com,DC=au" | |
| } | |
| process | |
| { | |
| $error.clear() | |
| write-debug " Obj: $_ " | out-file $DebugFile -Append | |
| $errorstatus = "success" | |
| $errordetails = $null | |
| $Identifier = $_.Identifier | |
| $objectGuid = $_.DN | |
| #Loop through changes and update parameters | |
| foreach ($can in $_.ChangedAttributeNames) | |
| { | |
| $can | out-file $DebugFile -append | |
| foreach ($ValueChange in $_.AttributeChanges[$can].ValueChanges) | |
| { | |
| if ( $can -eq 'distinguishedName'){$newOU = $ValueChange.value} | |
| if ( $can -eq 'targetOU') | |
| { | |
| if ($ValueChange.value -ne $null ) | |
| { | |
| $newOU = $ValueChange.value | |
| } | |
| else | |
| { | |
| $newOU = $null | |
| } | |
| } | |
| } | |
| } | |
| if ($_.ObjectModificationType -eq 'Add') | |
| { | |
| # adds are caught by importing new objects from Active Directory (see import script) | |
| # and joining these to existing user objects on the metaverse | |
| throw "Add modification are not supported" | |
| } | |
| if ($_.ObjectModificationType -eq 'Delete') | |
| { | |
| # deletes are caught by importing deleted objects (isDeleted) from Active | |
| # Directory (see import script). This way we clear up the CS | |
| throw "Delete modification are not supported" | |
| } | |
| #Supported ChangeType is Replace | |
| if ($_.ObjectModificationType -match 'Replace') | |
| { | |
| $errorstatus = "success" | out-file $DebugFile -append | |
| # Lookup the object so we know it exists before we enable the user | |
| $curUser = New-Object System.DirectoryServices.DirectoryEntry "LDAP://<GUID=$objectGuid>", $username, $password | |
| if ( $curUser -and $newOU) | |
| { | |
| # Lets make sure the user is still in the LandingOU | |
| if ($curUser.Properties["distinguishedName"][0].Contains($landingOU)) | |
| { | |
| $userOU = $newOU | ForEach-Object { | |
| $_ -replace '^.+?(?<!\\),','' | |
| } | |
| Move-ADObject -Credential $Credentials -Identity $objectGuid -TargetPath $userOU | |
| } | |
| } | |
| } | |
| #Return the result to the MA | |
| $obj = @{} | |
| $obj.Add("[Identifier]",$Identifier) | |
| $obj.Add("[ErrorName]","success") | |
| if($errordetails){$obj.Add("[ErrorDetail]",$errordetails) | out-file $DebugFile -append } | |
| $obj | |
| } | |
| end | |
| { | |
| Write-out "Done" | out-file $DebugFile -append | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment