-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathBiostar2-SyncUsersFromAD.ps1
203 lines (191 loc) · 12.5 KB
/
Biostar2-SyncUsersFromAD.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# Run this script with administrator privileges
# This script uses Suprema Biostar2 cloud API
# This script matches email address filed from Active Directory user and from Biostar2 account, and than makes some profile changes or provisioning
# If you like this script: star it
# If you want to chage it: fork it
# If you want me to adopt this script for you: contact me via github (voxmaster) or https://www.upwork.com/fl/oleksiimarchenko9
# Set basic variables
$adBiostarGroup1 = Get-ADGroup "Biostar2-Office1-employees" # Users from this Active Directory group will be proceed in script
$adBiostarGroup2 = Get-ADGroup "Biostar2-Office2-employees" # Users from this Active Directory group will be proceed in script
$adSearchBase = "OU=Accounts,OU=YOUR_COMPANY,DC=domain,DC=local" # LDAP search base
$lastUsedID = 201 # First ID that will be checked
$biostarInitialUserGroup1ID = 1118 # Biostar2 User group that will be matched to $adBiostarGroup1. It will only be used when creating
$biostarInitialUserGroup2ID = 1119 # Biostar2 User group that will be matched to $adBiostarGroup2. It will only be used when creating (Because of a user can be in single user group only, the last id will be used)
$biostarInitialAccessGroup1ID = 1 # Biostar2 Access group that will be matched to $adBiostarGroup1. It will only be used when creating
$biostarInitialAccessGroup2ID = 2 # Biostar2 Access group that will be matched to $adBiostarGroup2. It will only be used when creating
$isBiostarFullAccountUpdateCycle = $false # this parameter toggle full profile update from AD. WARNING: It takes a very long time!
$biostarLoginCreds = @{
"name" = "YOUR_CLOUD_SUBDOMAIN"
"password" = "YOUR_PASSWORD"
"user_id" = "YOUR_LOGIN"
} # This credentials will be used to connect to biostar2 API
# Get users from AD
$adBiostarUsers = Get-ADUser -Filter {memberOf -RecursiveMatch $adBiostarGroup1.DistinguishedName -or memberOf -RecursiveMatch $adBiostarGroup2.DistinguishedName} -SearchBase $adSearchBase -Properties EmailAddress, Mobile, memberOf
$biostarPresentUsersList = @(); $biostarFastUpdatedUsersList = @(); $biostarFullyUpdatedUsersList = @(); $biostarCreatedUsersList = @(); $biostarSetAccountsActive = @(); $biostarSetAccountsInactive = @()
# Log in Biostar2 API and get current users
Write-Host -NoNewline "`nLogging in Biotar2 API... "
try { Write-Host -ForegroundColor Green (Invoke-WebRequest -Uri "https://api.biostar2.com:443/v2/login" -SessionVariable biostarAPIwebSession -Method "POST" -Body $biostarLoginCreds).StatusDescription "!" }
catch { Write-Host -ForegroundColor Red "Can not login to biostar2 API"; pause; Exit }
Write-Host -NoNewline "`nGetting current Biostar2 accounts... "
$biostarAPIcurrentAccounts = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users?limit=9999&offset=0" -Method 'GET' -WebSession $biostarAPIwebSession
Write-Host -ForegroundColor Green "OK !"
# Write-Host -ForegroundColor DarkYellow "`nDEBUG: Found users in AD:`n" $adBiostarUsers.Name
# Write-Host -ForegroundColor DarkYellow "DEBUG: Occupied IDs:" $biostarAPIcurrentAccounts.records.user_id
# Biostar2 does not generate new free id automatically, so this function searches free ids starting from $lastUsedID
Function getFreeIds ($amountToAllocate, $lastFreeID) {
# Write-Host -ForegroundColor DarkYellow "DEBUG: last free ID:" $lastFreeID
# Write-Host -ForegroundColor DarkYellow "DEBUG: amount:" $amountToAllocate
$freeFound = 0
$freeIDs = @()
Foreach ($item in $biostarAPIcurrentAccounts.records.user_id) {
# Write-Host -ForegroundColor DarkYellow "DEBUG: Skipping item:" $item
if ($lastFreeID -le $item) {
While($freeFound -lt $amountToAllocate -and $lastFreeID -ne $item) {
$freeFound = $freeFound + 1
$freeIDs += $lastFreeID
# Write-Host -ForegroundColor DarkYellow "DEBUG: last free ID" $lastFreeID
$lastFreeID = $lastFreeID + 1
}
if ($lastFreeID -eq $item) {
$lastFreeID = $lastFreeID + 1
}
if ($freeFound -ge $amountToAllocate) {
break
}
}
}
# Write-Host -ForegroundColor DarkYellow "DEBUG: Free IDs:" $freeIDs
return $freeIDs
}
# Check if user account is present in Biostar2 by email field
Function isPresentInBiostar ($email) {
Foreach ($biostarAccount in $biostarAPIcurrentAccounts.records) {
if ($biostarAccount.email -ieq $email) {
[hashtable]$return = @{}
$return.present = $true
$return.id = $biostarAccount.user_id
return $return
}
}
[hashtable]$return = @{}
$return.present = $false
}
# Check if user email field is present
Foreach ($adUser in $adBiostarUsers) {
if ($adUser.EmailAddress) {} else {
Write-Host "WARNING: $($adUser.Name)'s `t- e-mail is blank. Won't be created in Biostar2 " -ForegroundColor Red
Write-Host "NOTE: To create $($adUser.Name)'s account in Biostar2 do it manually or fill email field " -ForegroundColor DarkYellow
$confirmation = Read-Host -ForegroundColor Cyan "Are you wish to continue? [y/n]"
while($confirmation -ne "y") {
if ($confirmation -eq 'n') { exit }
$confirmation = Read-Host -ForegroundColor Cyan "Are you wish to continue? [y/n]"
}
}
}
# Main part of user update and creation via api
Write-Host -ForegroundColor Cyan "`nProcessing Biostar2 accounts..."
Foreach ($adUser in $adBiostarUsers) {
if ($adUser.EmailAddress) {
# Write-Host -ForegroundColor DarkYellow "DEBUG: " "$($adUser.Name) `t- Proceeding..."
$biostarUserPresence = $(isPresentInBiostar ($adUser.EmailAddress))
if ($biostarUserPresence.id) {
if ($adUser.Enabled) {$biostarAPIuserStatus = "AC"; $biostarSetAccountsActive += @{"user_id" = $biostarUserPresence.id }; $biostarFastUpdatedUsersList +=$adUser.Name } else {$biostarAPIuserStatus = "IN"; $biostarSetAccountsInactive += @{"user_id" = $biostarUserPresence.id }; $biostarFastUpdatedUsersList +=$adUser.Name }
} else {}
if ($biostarUserPresence.present) {
$biostarPresentUsersList += $adUser.Name
# Write-Host -ForegroundColor DarkYellow "DEBUG: " "$($adUser.Name)'s account already present in Biostar2"
# In this case we can update already present user in this case we GET profile, change some fields and PUT it back to profile:
if ($isBiostarFullAccountUpdateCycle) {
$biostarAPIupdateUserProfileRequest = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users/$($biostarUserPresence.id)" -Method 'GET' -WebSession $biostarAPIwebSession
$biostarAPIupdateUserProfileRequest.name = $adUser.Name
$biostarAPIupdateUserProfileRequest.status = $biostarAPIuserStatus
try {$biostarAPIupdateUserProfileRequest.phone_number = "$($adUser.Mobile -replace '\D','' )" } catch {}
$biostarAPIupdateUserProfileRequest = $biostarAPIupdateUserProfileRequest | ConvertTo-Json
# Write-Host -ForegroundColor DarkYellow "`nDEBUG: " $biostarAPIupdateUserProfileRequest "`n"
try {
$biostar2apiFullyUpdateUserRequest = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users/$($biostarUserPresence.id)" -Method 'PUT' -WebSession $biostarAPIwebSession -Body $biostarAPIupdateUserProfileRequest -ContentType "application/json"
Write-Host -ForegroundColor Green "$($adUser.Name) full profile update $($biostar2apiFullyUpdateUserRequest.status_code)"
$biostarFullyUpdatedUsersList += $adUser.Name
}
catch {
$errorMessage = $_.ErrorDetails.Message | ConvertFrom-Json
Write-Host -ForegroundColor Red "$($adUser.Name) Updating error! Reason:" $errorMessage.message
}
} else {}
} else {
# If user account does not exists - It is created
# Write-Host -ForegroundColor DarkYellow "DEBUG: " "$($adUser.Name) `t- Will be created"
# Write-Host -ForegroundColor DarkYellow "DEBUG: " "Forming params for new user"
# Write-Host -ForegroundColor DarkYellow "DEBUG: " "sending id:" $lastUsedID
# Set user group:
$biostarAPIinitialAccessGroups = @()
switch -Wildcard ($adUser.memberOf) {
"*$($adBiostarGroup1.DistinguishedName)*" {
$biostarAPIuserGroupID = $biostarInitialUserGroup1ID
$biostarAPIinitialAccessGroups += @{"id" = $biostarInitialAccessGroup1ID}
}
"*$($adBiostarGroup2.DistinguishedName)*" {
$biostarAPIuserGroupID = $biostarInitialUserGroup2ID
$biostarAPIinitialAccessGroups += @{"id" = $biostarInitialAccessGroup2ID}
}
}
# Get free id:
$freeId = (getFreeIds 1 $lastUsedID)[0]
$lastUsedID = $freeId + 1
# Create user account profile data:
$biostarAPIcreateUserProfile = @{
"user_id" = "$freeId"
"access_groups" = $biostarAPIinitialAccessGroups
"email" = "$($adUser.EmailAddress)"
"name" = "$($adUser.Name)"
"phone_number" = "$($adUser.Mobile -replace '\D','')"
"status" = "$biostarAPIuserStatus"
"start_datetime" = "2019-01-01T00:00:00.00Z"
"expiry_datetime" = "2030-01-01T00:00:00.00Z"
"security_level" = "DEFAULT"
"user_group" = @{"id" = $biostarAPIuserGroupID}
} | ConvertTo-Json
# Write-Host -ForegroundColor DarkYellow "DEBUG: biostarUserJSON:`n" $biostarAPIcreateUserProfile
try {
$biostarAPIcreateUserRequest = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users" -Method 'Post' -WebSession $biostarAPIwebSession -Body $biostarAPIcreateUserProfile -ContentType "application/json"
Write-Host -ForegroundColor Green "$($adUser.Name) - $($biostarAPIcreateUserRequest.status_code) with access groups IDs:" $biostarAPIinitialAccessGroups.id
$biostarCreatedUsersList += $adUser.Name
}
catch {
$errorMessage = $_.ErrorDetails.Message | ConvertFrom-Json
Write-Host -ForegroundColor Red "$($adUser.Name) Creating error! Reason:" $errorMessage.message
}
}
} else {
Write-Host "WARNING: $($adUser.Name)'s e-mail is blank. Biostar2 user account not created!" -ForegroundColor Red
}
}
# Batch Deactivating users:
$biostarAPIBatchDeactivateUsersHT = @{
"status" = "IN"
"users" = $biostarSetAccountsInactive
} | ConvertTo-Json
try {
$biostarAPIsetInactiveUsersRequest = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users/update" -Method 'POST' -WebSession $biostarAPIwebSession -Body $biostarAPIBatchDeactivateUsersHT -ContentType "application/json"
Write-Host -ForegroundColor Green "Batch user deactivation action is $($biostarAPIsetInactiveUsersRequest.status_code) !"
} catch {
$errorMessage = $_.ErrorDetails.Message | ConvertFrom-Json
Write-Host -ForegroundColor Red "Batch user deactivation error! Reason:" $errorMessage.message
}
# Batch Activating users:
$biostarAPIbatchActivateUsersHT = @{
"status" = "AC"
"users" = $biostarSetAccountsActive
} | ConvertTo-Json
try {
$biostarAPIsetActiveUsersRequest = Invoke-RestMethod -Uri "https://api.biostar2.com:443/v2/users/update" -Method 'POST' -WebSession $biostarAPIwebSession -Body $biostarAPIbatchActivateUsersHT -ContentType "application/json"
Write-Host -ForegroundColor Green "Batch user activation action is $($biostarAPIsetActiveUsersRequest.status_code) !"
} catch {
$errorMessage = $_.ErrorDetails.Message | ConvertFrom-Json
Write-Host -ForegroundColor Red "Batch user activation error! Reason:" $errorMessage.message
}
# Write-Host -Separator "`n" -ForegroundColor DarkYellow "`nDEBUG: Users that created in Biostar2: " $biostarCreatedUsersList
# Write-Host -Separator "`n" -ForegroundColor DarkYellow "`nDEBUG: Users that already present in Biostar2: " $biostarPresentUsersList
# Write-Host -Separator "`n" -ForegroundColor DarkYellow "`nDEBUG: Users that was fast updated in Biostar2: " $biostarFastUpdatedUsersList
# Write-Host -Separator "`n" -ForegroundColor DarkYellow "`nDEBUG: Users that was fully updated in Biostar2: " $biostarFullyUpdatedUsersList
Write-Host "`n`n`n"