irwins/ADUser.Operations.tests.ps1 Secret

## ADUser.Operations.tests.ps1
<#

      Author: I.C.A. Strachan
      Version: 1.0
      Version History:

      Purpose: Pester script to validate ADUser properties.

#>

[CmdletBinding()]
Param(
   [string]
   $csvFile = 'Users.csv',

   [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]
   $Encoding = 'UTF8'
)

$csvParam = @{
   Path = ".\source\csv\$csvFile"
   Delimiter = "`t"
   Encoding = $Encoding
}

$csvADUsers = Import-Csv @csvParam

$ADPropertiesToVerify =  ($csvADUsers | Get-Member | Where-Object {$_.membertype -eq 'noteproperty'}).name

Foreach ($user in $csvADUsers){

   #Get AD User attirbutes
   try{
      $verify = Get-ADUser -Identity $user.SamAccountName -Properties *
      if ($verify) {
         Describe "AD User operational readiness for $($user.DisplayName)" {
            Context 'Verifying ADUser Attributes'{
               ForEach($attribute in $ADPropertiesToVerify){

                  if (([string]::isNullOrEmpty($user.$attribute))) {
                     $user.$attribute = $null
                  }

                  if($attribute -eq 'Path'){
                     it "User is located in $($user.$attribute)" {
                        $verify.DistinguishedName.Contains($user.$attribute)
                     }
                  }
                  else{
                     it "User property $($attribute) value is $($verify.$attribute)" {
                        $user.$attribute | Should be $verify.$attribute
                     }
                  }
               }
            }

            Context 'Verifying ADUser HomeDirectory Security'{
               it 'User HomeDirectory attribute is not empty'{
                  $user.HomeDirectory | Should not be $null
               }

               It "Homedirectory $($user.HomeDirectory) exists"{
                  Test-Path $user.HomeDirectory | Should be $true
               }

               It "User is owner of $($user.HomeDirectory)"{
                  (Get-Acl $user.HomeDirectory).Owner| Should be "$($env:USERDOMAIN)\$($user.sAMAccountName)"
               }
            }
         }
      }
   }
   catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
      Write-Error -Message "User $($user.SamAccountName) account NOT present"
   }
   catch {
      Write-Error -Message "Unhandled exception looking up $($user.SamAccountName)) account."
      throw $_
   }
}
	<#

	Author: I.C.A. Strachan
	Version: 1.0
	Version History:

	Purpose: Pester script to validate ADUser properties.

	#>

	[CmdletBinding()]
	Param(
	[string]
	$csvFile = 'Users.csv',

	[Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]
	$Encoding = 'UTF8'
	)

	$csvParam = @{
	Path = ".\source\csv\$csvFile"
	Delimiter = "`t"
	Encoding = $Encoding
	}

	$csvADUsers = Import-Csv @csvParam

	$ADPropertiesToVerify = ($csvADUsers \| Get-Member \| Where-Object {$_.membertype -eq 'noteproperty'}).name

	Foreach ($user in $csvADUsers){

	#Get AD User attirbutes
	try{
	$verify = Get-ADUser -Identity $user.SamAccountName -Properties *
	if ($verify) {
	Describe "AD User operational readiness for $($user.DisplayName)" {
	Context 'Verifying ADUser Attributes'{
	ForEach($attribute in $ADPropertiesToVerify){

	if (([string]::isNullOrEmpty($user.$attribute))) {
	$user.$attribute = $null
	}

	if($attribute -eq 'Path'){
	it "User is located in $($user.$attribute)" {
	$verify.DistinguishedName.Contains($user.$attribute)
	}
	}
	else{
	it "User property $($attribute) value is $($verify.$attribute)" {
	$user.$attribute \| Should be $verify.$attribute
	}
	}
	}
	}

	Context 'Verifying ADUser HomeDirectory Security'{
	it 'User HomeDirectory attribute is not empty'{
	$user.HomeDirectory \| Should not be $null
	}

	It "Homedirectory $($user.HomeDirectory) exists"{
	Test-Path $user.HomeDirectory \| Should be $true
	}

	It "User is owner of $($user.HomeDirectory)"{
	(Get-Acl $user.HomeDirectory).Owner\| Should be "$($env:USERDOMAIN)\$($user.sAMAccountName)"
	}
	}
	}
	}
	}
	catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
	Write-Error -Message "User $($user.SamAccountName) account NOT present"
	}
	catch {
	Write-Error -Message "Unhandled exception looking up $($user.SamAccountName)) account."
	throw $_
	}
	}