-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcreate.ps1
152 lines (124 loc) · 5.75 KB
/
create.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#####################################################
# HelloID-Conn-Prov-Target-ActiveDirectory-Create
# PowerShell V2
#################################################
# Enable TLS1.2
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12
# Set to false at start, at the end, only when no error occurs it is set to true
$outputContext.Success = $false
# AccountReference must have a value for dryRun
$outputContext.AccountReference = "Unknown"
# Set debug logging
switch ($($actionContext.Configuration.isDebug)) {
$true { $VerbosePreference = 'Continue' }
$false { $VerbosePreference = 'SilentlyContinue' }
}
$account = $actionContext.Data
try {
#region Verify correlation configuration and properties
$actionMessage = "verifying correlation configuration and properties"
if ($actionContext.CorrelationConfiguration.Enabled) {
$correlationField = $actionContext.CorrelationConfiguration.accountField
$correlationValue = $actionContext.CorrelationConfiguration.accountFieldValue
if ([string]::IsNullOrEmpty($correlationField)) {
Write-Warning "Correlation is enabled but not configured correctly."
throw "Correlation is enabled but not configured correctly."
}
if ([string]::IsNullOrEmpty($correlationValue)) {
Write-Warning "The correlation value for [$correlationField] is empty. This is likely a scripting issue."
throw "The correlation value for [$correlationField] is empty. This is likely a scripting issue."
}
}
else {
Write-Warning "Correlation is enabled but not configured correctly."
throw "Configuration of correlation is madatory."
}
#endregion Verify correlation configuration and properties
#region Get Primary Domain Controller
$actionMessage = "getting primary domain controller"
if ([string]::IsNullOrEmpty($actionContext.Configuration.fixedDomainController)) {
try {
$pdc = (Get-ADForest | Select-Object -ExpandProperty RootDomain | Get-ADDomain | Select-Object -Property PDCEmulator).PDCEmulator
}
catch {
Write-Warning ("PDC Lookup Error: {0}" -f $_.Exception.InnerException.Message)
Write-Warning "Retrying PDC Lookup"
$pdc = (Get-ADForest | Select-Object -ExpandProperty RootDomain | Get-ADDomain | Select-Object -Property PDCEmulator).PDCEmulator
}
}
else {
Write-Verbose "A fixed domain controller is configured [$($actionContext.Configuration.fixedDomainController)]"
$pdc = $($actionContext.Configuration.fixedDomainController)
}
#endregion Get Primary Domain Controller
#region Get Microsoft Active Directory account
$actionMessage = "querying Microsoft Active Directory account"
$user = Get-ADUser -Filter "$correlationField -eq '$correlationValue'" -Server $pdc -ErrorAction Stop
Write-Verbose "Queried Microsoft Active Directory account where [$($correlationField)] = [$($correlationValue)]. Result: $($user | ConvertTo-Json)"
#endregion Get Microsoft Active Directory account
#region Calulate action
$actionMessage = "calculating action"
if (($user | Measure-Object).count -eq 0) {
$actionAccount = "NotFound"
}
elseif (($user | Measure-Object).count -eq 1) {
$actionAccount = "Correlate"
}
elseif (($user | Measure-Object).count -gt 1) {
$actionAccount = "MultipleFound"
}
#endregion Calulate action
#region Process
switch ($actionAccount) {
"Correlate" {
#region Correlate account
$actionMessage = "correlating to account"
$outputContext.AccountReference = $user.SID.Value
if ($account.PSObject.Properties.Name -contains 'SID') {
$account.SID = $user.SID.Value
}
$outputContext.AuditLogs.Add([PSCustomObject]@{
Action = "CorrelateAccount" # Optionally specify a different action for this audit log
Message = "Correlated to account with AccountReference: $($outputContext.AccountReference | ConvertTo-Json) on [$($correlationField)] = [$($correlationValue)]."
IsError = $false
})
$outputContext.AccountCorrelated = $true
#endregion Correlate account
break
}
"MultipleFound" {
#region Multiple accounts found
$actionMessage = "correlating to account"
# Throw terminal error
throw "Multiple accounts found where [$($correlationField)] = [$($correlationValue)]. Please correct this so the persons are unique."
#endregion Multiple accounts found
break
}
"NotFound" {
#region No account found
$actionMessage = "correlating to account"
# Throw terminal error
throw "No account found where [$($correlationField)] = [$($correlationValue)]."
#endregion No account found
break
}
}
#endregion Process
}
catch {
$ex = $PSItem
$auditMessage = "Error $($actionMessage). Error: $($ex.Exception.Message)"
Write-Warning "Error at Line [$($ex.InvocationInfo.ScriptLineNumber)]: $($ex.InvocationInfo.Line). Error: $($ex.Exception.Message)"
$outputContext.AuditLogs.Add([PSCustomObject]@{
Action = "CorrelateAccount"
Message = $auditMessage
IsError = $true
})
}
finally {
# Check if auditLogs contains errors, if no errors are found, set success to true
if (-NOT($outputContext.AuditLogs.IsError -contains $true)) {
$outputContext.Success = $true
}
$outputContext.Data = $account
}