Skip to content

Commit

Permalink
Fix resource script multiple groups found (#46)
Browse files Browse the repository at this point in the history 
* Fix: Multiple groups found

Also fixed issue #42

* Fix: Alt + Shift + F

* Fix: changes after review

* Fix: department default used for select unique
  • Loading branch information
@rhouthuijzen
rhouthuijzen authored Dec 2, 2024
1 parent e6e8ebc commit 6c40cee
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 20 deletions.
5 changes: 3 additions & 2 deletions permissions/groups/subPermission.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,10 +108,11 @@ try {
Write-Verbose ("Contract in condition: {0}" -f $contract.Context.InConditions)
if ($contract.Context.InConditions -OR ($actionContext.DryRun -eq $true)) {
# Correlation values
$correlationProperty = "DisplayName" # The AD group property that contains the unique identifier (DisplayName | sAMAccountname | Description)
$correlationProperty = "ExtensionAttribute1" # The AD group property that contains the unique identifier (DisplayName | sAMAccountname | Description)
$correlationValue = $contract.Department.ExternalId # The HelloID resource property that contains the unique identifier

$correlationValue = Get-ADSanitizedGroupName -Name $correlationValue
# Use the Get-ADSanitizedGroupName function if data manipulation is needed. For example, when using a name instead of a code or when you also use this function in the resource script
# $correlationValue = Get-ADSanitizedGroupName -Name $correlationValue

# Get group to use objectGuid to support name change and even correlationProperty change
$group = $null
Expand Down
41 changes: 23 additions & 18 deletions resources/groups/resources.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ $correlationProperty = "ExtensionAttribute1" # The AD group property that contai
$correlationValue = "ExternalId" # The HelloID resource property that contains the unique identifier

# Additionally set resource properties as required
$requiredFields = @("ExternalId", "Name", "Code") # If title is used
# $requiredFields = @("ExternalId", "DisplayName") # If department is used
$requiredFields = @("ExternalId", "DisplayName") # If department is used
# $requiredFields = @("ExternalId", "Name", "Code") # If title is used

$resourceData = $resourceContext.SourceData
# Example below for when the externalID is a combination of values
Expand All @@ -33,7 +33,8 @@ $resourceData = $resourceContext.SourceData
# $_.ExternalId = $_.Code + "_" + $_.DepartmentCode
# }

$resourceData = $resourceData | Select-Object -Unique ExternalId, Name, Code #, DepartmentCode
$resourceData = $resourceData | Select-Object -Unique ExternalId, DisplayName # If department is used
# $resourceData = $resourceData | Select-Object -Unique ExternalId, Name, Code # If title is used

#region Supporting Functions
function Remove-StringLatinCharacters {
Expand Down Expand Up @@ -245,8 +246,7 @@ try {
# https://www.ietf.org/rfc/rfc2253.txt

# Best practice to use the id of the resource to avoid max char limitations and issues in case of name change
$samaccountname = ("title_" + "$($resource.ExternalId)")
$groupName = $resource.Name
$groupName = $resource.DisplayName
# # Other example to use name of resource:
# $groupName = ("department_" + "$($resource.ExternalId)")
# $groupName = ("title_" + "$($resource.Name)")
Expand All @@ -260,7 +260,7 @@ try {

# Example when correlationValue is extensionAttribute1
$ADGroupParams = @{
SamAccountName = $samaccountname
SamAccountName = $groupName
Name = $groupName
DisplayName = $groupName
OtherAttributes = @{'extensionAttribute1' = "$correlationValueOutput" }
Expand Down Expand Up @@ -315,29 +315,35 @@ try {
if ($actionContext.Configuration.isDebug -eq $true) { Write-Information "Debug: Group parameters: $($ADGroupParams | ConvertTo-Json)" }
}
}
elseif (($currentADGroup | Measure-Object).count -gt 1) {
$outputContext.AuditLogs.Add([PSCustomObject]@{
Message = "Multiple groups found where [$($correlationProperty)] = [$($correlationValueOutput)] for resource [$($resource | ConvertTo-Json)]."
Action = "CreateResource"
IsError = $true
})
}
else {
if($actionContext.Configuration.renameResources -and ($currentADGroup.Name -ne $groupName -or $currentADGroup.DisplayName -ne $groupName))
{
if ($actionContext.Configuration.renameResources -and ($currentADGroup.Name -ne $groupName -or $currentADGroup.DisplayName -ne $groupName)) {
if (-Not($actionContext.DryRun -eq $True)) {

Write-Information "Debug: Group where [$($correlationProperty)] = [$($correlationValue)] already exists, but will be renamed"
if ($actionContext.Configuration.isDebug -eq $true) { Write-Information "Debug: Group where [$($correlationProperty)] = [$($correlationValueOutput)] already exists, but will be renamed" }

$SetADGroupParams = @{
Identity = $currentADGroup.objectguid
DisplayName = $groupName
Server = $pdc
Identity = $currentADGroup.objectguid
DisplayName = $groupName
Server = $pdc
}
$null = Set-AdGroup @SetADGroupParams

$RenameADGroupParams = @{
Identity = $currentADGroup.objectguid
NewName = $groupName
Server = $pdc
Identity = $currentADGroup.objectguid
NewName = $groupName
Server = $pdc
}
$null = Rename-ADObject @RenameADGroupParams

$outputContext.AuditLogs.Add([PSCustomObject]@{
Message = "Renaming group [$($correlationProperty)] = [$($correlationValue)] for resource [$($resource | ConvertTo-Json)]."
Message = "Renaming group [$($correlationProperty)] = [$($correlationValueOutput)] for resource [$($resource | ConvertTo-Json)]."
Action = "CreateResource"
IsError = $false
})
Expand All @@ -347,8 +353,7 @@ try {
if ($actionContext.Configuration.isDebug -eq $true) { Write-Information "Debug: Group parameters: $($ADGroupParams | ConvertTo-Json)" }
}
}
else
{
else {
# Create new group if group does not exist yet
if (-Not($actionContext.DryRun -eq $True)) {
if ($actionContext.Configuration.isDebug -eq $true) {
Expand Down

0 comments on commit 6c40cee

Please sign in to comment.