voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
PowerCLI-Example-Scripts/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1
dmilov 0cbd85190c Implement Enable/Disable Person Uer account in the Set-SsoPersonUser cmdlet (#471) 
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
2021-07-23 15:11:42 +03:00

552 lines
17 KiB
PowerShell
Raw Permalink Blame History

<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function New-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function creates new person user account.
.PARAMETER UserName
Specifies the UserName of the requested person user account.
.PARAMETER Password
Specifies the Password of the requested person user account.
.PARAMETER Description
Specifies the Description of the requested person user account.
.PARAMETER EmailAddress
Specifies the EmailAddress of the requested person user account.
.PARAMETER FirstName
Specifies the FirstName of the requested person user account.
.PARAMETER LastName
Specifies the FirstName of the requested person user account.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Creates person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
.EXAMPLE
New-SsoPersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
#>
[CmdletBinding(ConfirmImpact = 'Low')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'User name of the new person user account')]
[string]
$UserName,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Password of the new person user account')]
[string]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Description of the new person user account')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'EmailAddress of the new person user account')]
[string]
$EmailAddress,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'FirstName of the new person user account')]
[string]
$FirstName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'LastName of the new person user account')]
[string]
$LastName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'CreateLocalUser'
try {
$connection.Client.CreateLocalUser(
$UserName,
$Password,
$Description,
$EmailAddress,
$FirstName,
$LastName
)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Get-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets person user account.
.PARAMETER Name
Specifies Name to filter on when searching for person user accounts.
.PARAMETER Domain
Specifies the Domain in which search will be applied, default is 'localos'.
.PARAMETER Group
Specifies the group in which search for person user members will be applied.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoPersonUser -Name admin -Domain vsphere.local
Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
.EXAMPLE
Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
Gets person user accounts members of 'Administrators' group
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Name filter to be applied when searching for person user accounts')]
[string]
$Name,
[Parameter(
ParameterSetName = 'ByNameAndDomain',
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain name to search in, default is "localos"')]
[string]
$Domain = 'localos',
[Parameter(
ParameterSetName = 'ByGroup',
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Searches members of the specified group')]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
if ($Name -eq $null) {
$Name = [string]::Empty
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$personUsers = $null
if ($Group -ne $null) {
$personUsers = $connection.Client.GetPersonUsersInGroup(
(RemoveWildcardSymbols $Name),
$Group)
}
else {
$personUsers = $connection.Client.GetLocalUsers(
(RemoveWildcardSymbols $Name),
$Domain)
}
if ($personUsers -ne $null) {
foreach ($personUser in $personUsers) {
if ([string]::IsNullOrEmpty($Name) ) {
Write-Output $personUser
}
else {
# Apply Name filtering
if ((HasWildcardSymbols $Name) -and `
$personUser.Name -like $Name) {
Write-Output $personUser
}
elseif ($personUser.Name -eq $Name) {
# Exactly equal
Write-Output $personUser
}
}
}
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Updates person user account.
.PARAMETER User
Specifies the PersonUser instance to update.
.PARAMETER Group
Specifies the Group you want to add or remove PwersonUser from.
.PARAMETER Add
Specifies user will be added to the spcified group.
.PARAMETER Remove
Specifies user will be removed from the spcified group.
.PARAMETER Unlock
Specifies user will be unlocked.
.PARAMETER NewPassword
Specifies new password for the specified user.
.PARAMETER Enable
Specifies user to be enabled or disabled.
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
Adds $myPersonUser to $myExampleGroup
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
Removes $myPersonUser from $myExampleGroup
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
Unlocks $myPersonUser
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Enable $false -Server $ssoAdminConnection
Disable user account
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
Resets $myPersonUser password
#>
[CmdletBinding(ConfirmImpact = 'Medium')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Person User instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want user to be added to or removed from')]
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want user to be added to or removed from')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory = $true)]
[switch]
$Add,
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory = $true)]
[switch]
$Remove,
[Parameter(
ParameterSetName = 'ResetPassword',
Mandatory = $true,
HelpMessage = 'New password for the specified user.')]
[ValidateNotNull()]
[string]
$NewPassword,
[Parameter(
ParameterSetName = 'UnlockUser',
Mandatory = $true,
HelpMessage = 'Specifies to unlock user account.')]
[switch]
$Unlock,
[Parameter(
ParameterSetName = 'EnableDisableUserAccount',
Mandatory = $true,
HelpMessage = 'Specifies to enable or disable user account.')]
[bool]
$Enable)
Process {
try {
foreach ($u in $User) {
$ssoAdminClient = $u.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$u' is from disconnected server"
continue
}
if ($Add) {
$result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
if ($result) {
Write-Output $u
}
}
if ($Remove) {
$result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
if ($result) {
Write-Output $u
}
}
if ($Unlock) {
$result = $ssoAdminClient.UnlockPersonUser($u)
if ($result) {
Write-Output $u
}
}
if ($NewPassword) {
$ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
Write-Output $u
}
if ($PSBoundParameters.ContainsKey('Enable')) {
$result = $false
if ($Enable) {
$result = $ssoAdminClient.EnablePersonUser($u)
} else {
$result = $ssoAdminClient.DisablePersonUser($u)
}
if ($result) {
# Return update person user
Write-Output ($ssoAdminClient.GetLocalUsers($u.Name, $u.Domain))
}
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoSelfPersonUserPassword {
<#
.NOTES
===========================================================================
Created on: 2/19/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Resets connected person user password.
.PARAMETER NewPassword
Specifies new password for the connected person user.
.EXAMPLE
Set-SsoSelfPersonUserPassword -Password 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
Resets password
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
HelpMessage = 'New password for the connected user.')]
[ValidateNotNull()]
[SecureString]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
try {
$connection.Client.ResetSelfPersonUserPassword($Password)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Remove-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes existing person user account.
.PARAMETER User
Specifies the PersonUser instance to remove.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
$myNewPersonUser = New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Remove-SsoPersonUser -User $myNewPersonUser
Remove person user account with user name 'myAdmin'
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Person User instance you want to remove')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User)
Process {
try {
foreach ($u in $User) {
$ssoAdminClient = $u.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$u' is from disconnected server"
continue
}
$ssoAdminClient.DeleteLocalUser($u)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
Reference in New Issue View Git Blame Copy Permalink