Giter Club home page Giter Club logo

psautomator's Introduction

PSAutomator - PowerShell Module

Overview of this module is available at: https://evotec.xyz/hub/scripts/psautomator-powershell-module/

Description

This PowerShell Module is new approach to onboarding, offboarding and business as usual processes running in companies infrastructure. Usually each company has different rules, different approaches on how processes should look like and this module takes an easy approach that's similar to what you can find in services like IFTTT or Microsoft Flow. Those services work in known schema such as Services, Triggers, Ingredients and Applets. For this PowerShell Module I've taken similar approach which is described below.

While it's encouraged to keep correct order Service, Trigger, Ignore, Condition, Action it actually only requires Service, Trigger to be in correct order.

  • Service – is kind of a wrapper for other blocks above. It has also ability to load configuration from file. Currently loading file doesn't do anything.
  • Trigger – is first block in Service. Before an Action can be executed it needs a Trigger. Trigger can be membership in Group, Organizational Unit etc
    • User Based Triggers
      • Always,
      • OrganizationalUnit,
      • GroupMembership,
      • Filter
  • Ignore – But Trigger can also have things that need to be ignored. For example lack of email address field.
    • User Based Ignore
      • MatchingEmptyOrNull,
      • MatchingObjects,
      • MatchingFields
  • Condition – It can also be conditioned for example Last User Modification Date should be more then 30 days.
    • User Based Conditions
      • RequireGroupMembership,
      • RequireLastModified
  • Action – are essentially Tasks that are about to be executed. This can be adding a user to a group, disabling user etc. This is also final step to close Service.
    • User Based Actions
      • AccountAddGroupsSpecific
      • AccountDisable
      • AccountEnable
      • AccountHideInGAL
      • AccountShowInGAL
      • AccountRemoveGroupsAll
      • AccountRemoveGroupsSecurity
      • AccountRemoveGroupsDistribution
      • AccountRemoveGroupsSpecific
      • AccountRemoveGroupsDomainLocal
      • AccountRemoveGroupsGlobal
      • AccountRemoveGroupsUniversal
      • AccountRename,
      • AccountSnapshot

Keep in mind that following is true for Service:

  • Can hold only 1 trigger
  • Can have multiple Ignore blocks
  • Can have multiple Condition blocks
  • Can have multiple Action blocks

This is proof-of-concept. Heavy work in progres... Please take your time and leave feedback!

DO NOT USE IN PRODUCTION YET - UNLESS YOU LIKE FIRES!

Sample offboarding

image

Clear-Host
Import-Module PSAutomator -Force #-Verbose
Import-Module PSSharedGoods -Force
Service -Name 'Active Directory Offboarding' -ConfigurationPath 'C:\Support\GitHub\PSAutomator\Examples\MyConfiguration.xml' {
    Trigger -Name 'OU Offboarded Users' -User OrganizationalUnit -Value 'OU=Users-Offboarded,OU=Production,DC=ad,DC=evotec,DC=xyz' |
        Condition -Name 'No conditions' |
        Ignore -Name 'Ignore Windows Email Address if Empty or null' -Ignore MatchingEmptyOrNull -Value EmailAddress |
        Action -Name 'Make User Snapshot' -ActiveDirectory AccountSnapshot -Value 'C:\Users\pklys\Desktop\MyExport' |
        Action -Name 'Disable AD Account' -ActiveDirectory AccountDisable |
        Action -Name 'Hide account in GAL' -ActiveDirectory AccountHideInGAL |
        Action -Name 'Remove all security groups' -ActiveDirectory AccountRemoveGroupsSecurity |
        Action -Name 'Rename Account' -ActiveDirectory AccountRename -Value @{ Action = 'AddText'; Where = 'After'; Text = ' (offboarded)'; }
}

Sample onboarding

image

Clear-Host
Import-Module PSAutomator -Force #-Verbose
Import-Module PSSharedGoods -Force
Service -Name 'Active Directory Enable Users in OU' {
    Trigger -Name 'Find Offboarded Users' -User OrganizationalUnit -Value 'OU=Users-Offboarded,OU=Production,DC=ad,DC=evotec,DC=xyz' |
        Ignore |
        Action -Name 'Enable Offboarded Users' -ActiveDirectory AccountEnable |
        Action -Name 'Add to group GDS-TestGroup5' -ActiveDirectory AccountAddGroupsSpecific -Value 'GDS-TestGroup5' |
        Action -Name 'Add to group GDS-TestGroup4' -ActiveDirectory AccountAddGroupsSpecific -Value 'GDS-TestGroup4' |
        Action -Name 'Remove Offboarded Tag' -ActiveDirectory AccountRename -Value @{ Action = 'RemoveText'; Fields = 'DisplayName', 'Name' ; Text = ' (offboarded)'; }
}

DO NOT USE IN PRODUCTION YET - UNLESS YOU LIKE FIRES!

psautomator's People

Contributors

przemyslawklys avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.