none
RabbittMQ Daten mit Powershell ins AD übergeben RRS feed

  • Frage

  • Hallo zusammen,

    wir würden eigentlich gerne Daten vom RabbitMQ mit Powershell ins AD übertragen. Das funktioniert im Prinzip, jedoch nicht mit allen Attributen auf einmal. Falls jemand eine Idee hat, wäre ich dankbar....

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    $OU_Path = "OU=ABC_USERS,OU=XX_ABC,DC=domain,DC=meine,DC=de"
    $profilePath = "\\meine.domain.de\Profil\Profildaten\$SamAccountName"
    $homeDrive = "H"
    $homeDirectory = "\\meine.domain.de\Daten\Userdaten\$SamAccountName"
    
    
    $Params = @{
        BaseUri = "https://rabbitmq.meine.domain.de:47111"
        Credential = $credRabbit
    }
    
    $QueueName = 'pstestqueue'
    
    $Incoming = Get-RabbitMQMessage @params -VirtualHost / -Name $QueueName -count 1
    $IncomingData = $Incoming.payload | ConvertFrom-Json
    #AD User:
    #AD User anlegen wenn noch nicht vorhanden:
    if (@(Get-ADUser -Filter { SamAccountName -eq $SamAccountName }).Count -eq 0) {
        $newUser = @{
           Path = $OU_Path
           UserPrincipalName = "$SamAccountName@ads.katsh.de"
           SamAccountName = $SamAccountName
           profilePath = $profilePath
           homeDrive = $homeDrive
           homeDirectory = $homeDirectory
           name = $DisplayName
        }
    New-ADUser @newUser
    }
    $changeUser = $IncomingData.changeUser
    #AD User Änderungen:
    Get-ADUser -Identity $IncomingData.SamAccountName | Rename-ADObject -NewName $IncomingData.changeUser.DisplayName
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    #AD User: Change PW:
    if ($IncomingData.Password -ne "") {
        Set-ADAccountPassword -Identity $IncomingData.SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $IncomingData.Password -Force)
    }
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    So geht es (aber eben nur mit GivenName)
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName


    FG

    Helmut



    Montag, 8. Juli 2019 13:45

Antworten

  • Moin auch,

    ich würde gerne

    $changeUser


    komplett an das AD weitergeben, nicht nur

    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser
    #AD User: Change PW:

    Die Lösung hat sich gefunden:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    
    #PW anlegen mit
    #read-host -assecurestring | convertfrom-securestring | out-file C:\tmp\cred.txt
    
    $OU_Path = "OU=myou_USERS,OU=abc_myou,DC=mein,DC=domain,DC=de"
    $profilePath = "\\mein.domain.de\Profil\Profildaten\$SamAccountName"
    $homeDrive = "H"
    $homeDirectory = "\\mein.domain.de\Daten\Userdaten\$SamAccountName"
    
    
    $password = get-content C:\tmp\cred.txt | convertto-securestring
    $credRabbit = new-object -typename System.Management.Automation.PSCredential -argumentlist "username",$password
    
    #$credRabbit = Get-Credential
    
    $Params = @{
        BaseUri = "https://rabbitmq.mein.domain.de:15671"
        Credential = $credRabbit
    }
    
    $QueueName = 'testpowershell'
    
    $Incoming = Get-RabbitMQMessage @params -VirtualHost / -Name $QueueName -count 1
    $IncomingData = $Incoming.payload | ConvertFrom-Json
    
    
    #AD User:
    
    #AD User anlegen wenn noch nicht vorhanden:
    if (@(Get-ADUser -Filter { SamAccountName -eq $IncomingData.SamAccountName }).Count -eq 0) {
        $newUser = @{
           Path = $OU_Path
           UserPrincipalName = "$IncomingData.SamAccountName@mein.domain.de"
           SamAccountName = $IncomingData.SamAccountName
           profilePath = $profilePath
           homeDrive = $homeDrive
           homeDirectory = $homeDirectory
           name = $IncomingData.changeUser.DisplayName
        }
    New-ADUser @newUser
    }
    
    $changeUser = $IncomingData.changeUser
    
    #AD User Änderungen:
    if ($IncomingData.changeUser.DisplayName -ne "") {
    Get-ADUser -Identity $IncomingData.SamAccountName | Rename-ADObject -NewName $IncomingData.changeUser.DisplayName
    }
    
    if ($IncomingData.changeUser.GivenName) {
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    }
    if ($IncomingData.changeUser.Surname) {
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -SurName $IncomingData.changeUser.Surname
    }
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -Office $IncomingData.changeUser.Office
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    
    #AD User: Change PW:
    if ($IncomingData.Password) {
        Set-ADAccountPassword -Identity $IncomingData.SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $IncomingData.Password -Force)
        Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -CannotChangePassword  $true


    Dienstag, 9. Juli 2019 12:25

Alle Antworten

  • Moin,

    1. bitte Code als Code formatieren!
    2. was funktioniert denn wo *nicht*?



    Evgenij Smirnov

    http://evgenij.smirnov.de

    Montag, 8. Juli 2019 21:58
  • Moin auch,

    ich würde gerne

    $changeUser


    komplett an das AD weitergeben, nicht nur

    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser
    #AD User: Change PW:

    Die Lösung hat sich gefunden:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    
    #PW anlegen mit
    #read-host -assecurestring | convertfrom-securestring | out-file C:\tmp\cred.txt
    
    $OU_Path = "OU=myou_USERS,OU=abc_myou,DC=mein,DC=domain,DC=de"
    $profilePath = "\\mein.domain.de\Profil\Profildaten\$SamAccountName"
    $homeDrive = "H"
    $homeDirectory = "\\mein.domain.de\Daten\Userdaten\$SamAccountName"
    
    
    $password = get-content C:\tmp\cred.txt | convertto-securestring
    $credRabbit = new-object -typename System.Management.Automation.PSCredential -argumentlist "username",$password
    
    #$credRabbit = Get-Credential
    
    $Params = @{
        BaseUri = "https://rabbitmq.mein.domain.de:15671"
        Credential = $credRabbit
    }
    
    $QueueName = 'testpowershell'
    
    $Incoming = Get-RabbitMQMessage @params -VirtualHost / -Name $QueueName -count 1
    $IncomingData = $Incoming.payload | ConvertFrom-Json
    
    
    #AD User:
    
    #AD User anlegen wenn noch nicht vorhanden:
    if (@(Get-ADUser -Filter { SamAccountName -eq $IncomingData.SamAccountName }).Count -eq 0) {
        $newUser = @{
           Path = $OU_Path
           UserPrincipalName = "$IncomingData.SamAccountName@mein.domain.de"
           SamAccountName = $IncomingData.SamAccountName
           profilePath = $profilePath
           homeDrive = $homeDrive
           homeDirectory = $homeDirectory
           name = $IncomingData.changeUser.DisplayName
        }
    New-ADUser @newUser
    }
    
    $changeUser = $IncomingData.changeUser
    
    #AD User Änderungen:
    if ($IncomingData.changeUser.DisplayName -ne "") {
    Get-ADUser -Identity $IncomingData.SamAccountName | Rename-ADObject -NewName $IncomingData.changeUser.DisplayName
    }
    
    if ($IncomingData.changeUser.GivenName) {
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    }
    if ($IncomingData.changeUser.Surname) {
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -SurName $IncomingData.changeUser.Surname
    }
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -Office $IncomingData.changeUser.Office
    Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -GivenName $IncomingData.changeUser.GivenName
    
    #AD User: Change PW:
    if ($IncomingData.Password) {
        Set-ADAccountPassword -Identity $IncomingData.SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $IncomingData.Password -Force)
        Get-ADUser -Identity $IncomingData.SamAccountName | Set-ADUser -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -CannotChangePassword  $true


    Dienstag, 9. Juli 2019 12:25