Link to home
Start Free TrialLog in
Avatar of Vango
Vango

asked on

Powershell O365 If and Equal Help

Hello All,

I need help with the If and Equal statements in powershell.
What I'm trying to do is create a powershell script to automate user creation in O365 and on prem.
Once the user is created and their job title matches a certain title then I want all group memebership to be copied from another user

For creating a user in O365 I have the code below

Import-Csv -Path "C:\O365NewAccounts.csv" | foreach {New-MsolUser 
-DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName 
-UserPrincipalName $_.UserPrincipalName -JobTitle $_.Title 
-LicenseAssignment test:ENTERPRISEPACK}

Open in new window


Now I have this script to copy from one user to the other
Get-ADUser -Identity <CopyUser> -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members <New User>

Open in new window


How can I join those two powershell together with the IF and Equal?
Would something like below work?

$JobTitle = 'Job'

  If ($JobTitle -eq 'Sales')  {

  'Get-ADUser -Identity SalesUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser'

  }  ElseIf ($JobTitle  -eq 'IT')  {

  'Get-ADUser -Identity ITUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser''

  }  ElseIf ($JobTitle  -eq 'HR')  {

  'Get-ADUser -Identity SalesUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser'

  } 

}

Open in new window


For example If job title equals Sales then get user DisabledSalesAccount and copy all of it's group membership.
I would like to list out certain job titles such as Sales, IT, HR, etc. If job title does not equal any title in the script, then ignore.

Right now I'm running two script to create the user and copy group membership.
If anyone can help point me to the right direction, that'll be great.

Thanks in advance!
Avatar of Michelangelo
Michelangelo
Flag of Italy image
I am not gettingthe question right probably- however, what about putting in 1st line:

$jobtitle = Get-ADUser -Identity SalesUser -Properties Title

Open in new window


And using select -expandproperty in case It is needed to properly show Title
Avatar of Sunil Chauhan
Sunil Chauhan
Flag of India image
So you are setting up users directly in office 365, and then adding group membership to on-premise object, that means you probably have the AD sync setup.

so now my question is why you are setting up users directory in office 365 if you have AD sync setup?
Avatar of Michelangelo
Michelangelo
Flag of Italy image
Sunil,
I think its the other way around. He needs a local user and a matching o365 user.
Avatar of aikimark
aikimark
Flag of United States of America image
There are a few possible ways to solve this:
If the If...elseif tree is a problem,
1. add a final else at the bottom of the if...elseif tree.
2. use a switch statement instead of an if...elseif tree.  This gives you a default clause.
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_switch

You might simplify your code if you populate a dictionary variable with the different job titles (keys) and their corresponding -Identity parameter.  You only need one if statement to determine if the job title exists.
Avatar of Vango
Vango

ASKER

Thanks for the information aikimark.

So I just want to make sure I'm understanding it correctly.
The code will be

switch ($jobtitle)
 {
    Sales {"Get-ADUser -Identity SalesUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser"}
    IT {"Get-ADUser -Identity ITUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser"}
   HR {"Get-ADUser -Identity HRUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser"}
    Student {"Get-ADUser -Identity StudentUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser"}
    Teacher {"Get-ADUser -Identity TeacherUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser"}
 }

Open in new window


Is that correct?

Sunil, when I create a O365 user, it also creates a matching AD user. What I need is the group membership to be copied at the time of the user being created. I hope that makes sense. Each job title has different security groups and I want the new user to have the security groups as the user is created.

Thanks!
Avatar of aikimark
aikimark
Flag of United States of America image
This woud be the correct syntax:
switch ($jobtitle)
 {
    "Sales" {Get-ADUser -Identity SalesUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser; Break}
    "IT" {Get-ADUser -Identity ITUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser; Break}
   "HR" {Get-ADUser -Identity HRUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser; Break}
    "Student" {Get-ADUser -Identity StudentUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser; Break}
    "Teacher" {Get-ADUser -Identity TeacherUser -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser; Break}
 }

Open in new window

However, if these are your values, you would be better off with something like this:
$jobtitleID = $jobtitle + "User"
Get-ADUser -Identity $jobtitleID -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser

Open in new window


If there are job titles that aren't going to be processed, you could create a list of eligible job titles and do a check before invoking the Get_AdUser command.
Example:
$jobtitleID = $jobtitle + "User"
if $jobtitle -in @("Sales", "IT", "HR", "Student", "Teacher") {
Get-ADUser -Identity $jobtitleID -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser
}

Open in new window

Avatar of Vango
Vango

ASKER

Thank you for the help. I now have a better understanding of those commands.
How can I link the JobTitle in the CSV to the $jobtitle? After I link the jobtitle how can I join them together?

Will the entire code now be

$jobtitleID = $jobtitle + "User"
if $jobtitle -in @("Sales", "IT", "HR", "Student", "Teacher") {
Get-ADUser -Identity $jobtitleID -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members NewUser
}

Import-Csv -Path "C:\O365NewAccounts.csv" | foreach {New-MsolUser 
-DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName 
-UserPrincipalName $_.UserPrincipalName -$JobTitle $_.Title 
-LicenseAssignment test:ENTERPRISEPACK}

Open in new window



Thanks again for your great help and guidance.
ASKER CERTIFIED SOLUTION
Avatar of aikimark
aikimark
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Vango
Vango

ASKER

Thank you! This is what I needed.
Avatar of Vango
Vango

ASKER

I forgot but can you double check my code just to make sure it's good.

# Import active directory module for running AD cmdlets
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session


# If Job Title matches then copy group memebership from Sample User
if $jobtitle -in @("Sales", "IT", "HR", "Student", "Teacher") {
    Get-ADUser -Identity ($jobtitle + "User") -Properties memberof | Select-Object -ExpandProperty memberof |  Add-ADGroupMember -Members $User
}
  
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\newaccounts.csv

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
	#Read user data from each field in each row and assign the data to a variable as below
		
	$Username 	= $User.username
	$Firstname 	= $User.firstname
	$Lastname 	= $User.lastname
    $email      = $User.email
    $jobtitle   = $User.jobtitle
    $LicenseAssignment  = $User.jobtitle



	#Check to see if the user already exists in AD
	if (Get-MsolUser -F {SamAccountName -eq $Username})
	{
		 #If user does exist, give a warning
		 Write-Warning "A user account with username $Username already exist in Active Directory."
	}
	else
	{
		#User does not exist then proceed to create the new user account
		
		New-MsolUser `
            -SamAccountName $Username `
            -UserPrincipalName "$Username@test.group" `
            -FirstName $Firstname `
            -LastName $Lastname `
            -Enabled $True `
            -DisplayName "$Lastname, $Firstname" `
            -Title $jobtitle `
            -LicenseAssignment "Test:ENTERPRISEPACK" `
            
	}
}

Open in new window


Thanks!
SOLUTION
Avatar of aikimark
aikimark
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Vango
Vango

ASKER

Thank you for all your help!