This PowerShell Module is new approach to onboarding, offboarding and business as usual processes running in companies infrastructure.
Overview of this module is available at: https://evotec.xyz/hub/scripts/psautomator-powershell-module/
This PowerShell Module is new approach to onboarding, offboarding and business as usual processes running in companies infrastructure. Usually each company has different rules, different approaches on how processes should look like and this module takes an easy approach that's similar to what you can find in services like IFTTT or Microsoft Flow. Those services work in known schema such as Services, Triggers, Ingredients and Applets. For this PowerShell Module I've taken similar approach which is described below.
While it's encouraged to keep correct order Service, Trigger, Ignore, Condition, Action it actually only requires Service, Trigger to be in correct order.
Keep in mind that following is true for Service:
This is proof-of-concept. Heavy work in progres... Please take your time and leave feedback!
Clear-Host
Import-Module PSAutomator -Force #-Verbose
Import-Module PSSharedGoods -Force
Service -Name 'Active Directory Offboarding' -ConfigurationPath 'C:\Support\GitHub\PSAutomator\Examples\MyConfiguration.xml' {
Trigger -Name 'OU Offboarded Users' -User OrganizationalUnit -Value 'OU=Users-Offboarded,OU=Production,DC=ad,DC=evotec,DC=xyz' |
Condition -Name 'No conditions' |
Ignore -Name 'Ignore Windows Email Address if Empty or null' -Ignore MatchingEmptyOrNull -Value EmailAddress |
Action -Name 'Make User Snapshot' -ActiveDirectory AccountSnapshot -Value 'C:\Users\pklys\Desktop\MyExport' |
Action -Name 'Disable AD Account' -ActiveDirectory AccountDisable |
Action -Name 'Hide account in GAL' -ActiveDirectory AccountHideInGAL |
Action -Name 'Remove all security groups' -ActiveDirectory AccountRemoveGroupsSecurity |
Action -Name 'Rename Account' -ActiveDirectory AccountRename -Value @{ Action = 'AddText'; Where = 'After'; Text = ' (offboarded)'; }
}
Clear-Host
Import-Module PSAutomator -Force #-Verbose
Import-Module PSSharedGoods -Force
Service -Name 'Active Directory Enable Users in OU' {
Trigger -Name 'Find Offboarded Users' -User OrganizationalUnit -Value 'OU=Users-Offboarded,OU=Production,DC=ad,DC=evotec,DC=xyz' |
Ignore |
Action -Name 'Enable Offboarded Users' -ActiveDirectory AccountEnable |
Action -Name 'Add to group GDS-TestGroup5' -ActiveDirectory AccountAddGroupsSpecific -Value 'GDS-TestGroup5' |
Action -Name 'Add to group GDS-TestGroup4' -ActiveDirectory AccountAddGroupsSpecific -Value 'GDS-TestGroup4' |
Action -Name 'Remove Offboarded Tag' -ActiveDirectory AccountRename -Value @{ Action = 'RemoveText'; Fields = 'DisplayName', 'Name' ; Text = ' (offboarded)'; }
}