function Get-UserAD ($ADUser) {
$PasswordExpireSoonDays = 14
$AccountExpireSoonDays = 14
$AccountExpireNeverFileTime0 = "0"
$AccountExpireNeverFileTime2999 = "9223372036854775807"
# Usertype
switch ($ADUser.extensionattribute3) {
1 { $UsertypeValue = "Normal User Account" }
default { $UsertypeValue = "User type not set" }
}
# Last logon
if ($ADUser.LastLogonDate) {
$LastLogonDateValue = $ADUser.LastLogonDate.ToUniversalTime().ToString("yyyy-MM-dd hh:mm:ss UTC")
}
# Password last set
if (($ADUser.PasswordLastSet -eq 0 -or [string]::IsNullOrWhiteSpace($ADUser.PasswordLastSet)) -and $ADUser.PasswordNeverExpires) {
$PasswordLastSetValue = "Password never expires"
$PasswordLastSetIcon = New-UDIcon -Icon check -Color Green -size lg
}
elseif ($ADUser.PasswordLastSet -eq 0 -or [string]::IsNullOrWhiteSpace($ADUser.PasswordLastSet)) {
$PasswordLastSetValue = "User must change password on next login"
$PasswordLastSetIcon = New-UDIcon -Icon exclamation -Color Orange -size lg
}
else {
$PasswordLastSetValue = $ADUser.PasswordLastSet.ToUniversalTime().ToString("yyyy-MM-dd hh:mm:ss UTC")
}
if ($WriterRole) {
$PasswordResetButton = New-UDButton -Text "Reset Password" -Id "User-Info_PasswordReset_Button" -OnClick {
Show-UDModal -Content {
New-UDStyle -Style '
text-align: center;' -Content {
if ($Session:SSPRStatus.isSsprCapable) {
New-UDIcon -Icon exclamation -Color Orange -size "3x"
New-UDTypography -Text "This user is enabled to use "
New-UDTypography -Text "Self-service Password reset (" -Style @{"font-weight" = "bold" }
New-UDLink -Text "SSPR" -Url "https://aka.ms/SSPR" -OpenInNewWindow -Style @{"font-weight" = "bold" }
New-UDTypography -Text ")." -Style @{"font-weight" = "bold" }
New-UDIcon -Icon exclamation -Color Orange -size "3x"
New-UDHTML -Markup "<br>"
}
New-UDTypography -Text "Are you sure you want to reset the password?"
}
} -Footer {
else {
New-UDButton -Text "Yes" -OnClick {
Hide-UDModal
try {
$PasswordsCsv = Import-Csv -Path (Join-Path $Cache:Rootfolder "src\Passwords.csv") -Delimiter ";"
$ADUser | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force) -PassThru | Set-ADUser -PasswordNeverExpires $false -ChangePasswordAtLogon $true -CannotChangePassword $false
$LogMessage = "SUCCESS: Password reset to $Password"
if ($SSPRStatus.isSsprCapable) {
$LogMessage = "SUCCESS: Password reset to $Password`nUser was SSPR Enabled"
}
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message $LogMessage
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: Password reset.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName): Password reset. Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
Show-UDModal -Content {
New-UDTypography -Text "Password for user: ""$($ADUser.sAMAccountName)"" set to:"
New-UDHTML -Markup "<br>"
New-UDTypography -Text "$Password" -Style @{'font-family' = 'Consolas, monaco, monospace'; 'padding-right' = '15px' }
New-UDChip -Icon (New-UDIcon -Icon copy) -Id "User-Info_PasswordReset_Button_Chip" -OnClick {
Set-UDClipboard -Data $Password
}
} -Footer {
New-UDButton -Text "Close" -OnClick { Hide-UDModal }
} -Persistent
}
}
New-UDButton -Text "No" -OnClick {
Hide-UDModal
}
} -Persistent
}
}
# Password expires
if ($ADUser.PasswordNeverExpires) {
$PasswordExpireValue = "Password never expires"
$PasswordExpireIcon = New-UDIcon -Icon check -Color Green -size lg
}
else {
if (-not $ADUser."msDS-UserPasswordExpiryTimeComputed") {
$PasswordExpireValue = "User must change password on next login"
$PasswordExpireIcon = New-UDIcon -Icon exclamation -Color Orange -size lg
}
else {
$PasswordExpireValue = [datetime]::FromFileTime($ADUser."msDS-UserPasswordExpiryTimeComputed").ToUniversalTime().ToString("yyyy-MM-dd hh:mm:ss UTC")
if ($ADUser.PasswordExpired) {
$PasswordExpireIcon = New-UDIcon -Icon exclamation -Color Red -size lg
}
elseif ([datetime]::FromFileTime($ADUser."msDS-UserPasswordExpiryTimeComputed").ToUniversalTime().AddDays(-$PasswordExpireSoonDays) -lt (Get-Date)) {
$PasswordExpireIcon = New-UDIcon -Icon exclamation -Color Orange -size lg
}
else {
$PasswordExpireIcon = New-UDIcon -Icon check -Color Green -size lg
}
}
}
# Enabled
if ($ADUser.Enabled) {
$EnabledValue = "Enabled"
$EnabledIcon = New-UDIcon -Icon check -Color Green -size lg
if ($WriterRole) {
$EnabledButton = New-UDButton -Text "Disable" -Id "User-Info_Enabled_Button" -OnClick {
Try {
$ADUser | Disable-ADAccount -ErrorAction Stop
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account disabled"
Show-UDToast -Message "$($ADUser.sAMAccountName) disabled" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account disabled.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) disabled. Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
}
}
else {
$EnabledValue = "Disabled"
$EnabledIcon = New-UDIcon -Icon exclamation -Color Red -size lg
if ($WriterRole) {
$EnabledButton = New-UDButton -Text "Enable" -Id "User-Info_Disabled_Button" -OnClick {
Try {
$ADUser | Enable-ADAccount -ErrorAction Stop
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account enabled"
Show-UDToast -Message "$($ADUser.sAMAccountName) enabled" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account enabled.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) enabled. Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
}
}
# Lockout
if ($ADUser.LockOutTime) {
$LockedOutValue = "Locked out"
$LockedOutIcon = New-UDIcon -Icon exclamation -Color Red -size lg
if ($WriterRole) {
$LockedOutButton = New-UDButton -Text "Unlock" -Id "User-Info_LockedOut_Button" -OnClick {
Try {
$ADUser | Unlock-ADAccount
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account Unlocked"
Show-UDToast -Message "$($ADUser.sAMAccountName) unlocked" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account Unlocked.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) unlocked. Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
}
}
else {
$LockedOutValue = "Not locked out"
$LockedOutIcon = New-UDIcon -Icon check -Color Green -size lg
}
# Delete process
if ($ADUser.extensionAttribute7) {
$DeleteProcessValue = "Account in delete process: IDM"
$DeleteProcessIcon = New-UDIcon -Icon exclamation -Color Red -size lg
}
else {
$DeleteProcessValue = "Not in delete process"
$DeleteProcessIcon = New-UDIcon -Icon check -Color Green -size lg
}
# Account expiration
$AccountExpireNeverFileTimeAll = @($AccountExpireNeverFileTime0, $AccountExpireNeverFileTime2999)
if ($ADUser.accountExpires -in $AccountExpireNeverFileTimeAll) {
$AccountExpireValue = "Never"
$AccountExpireIcon = New-UDIcon -Icon check -Color Green -size lg
<#if ($WriterRole) {
$AccountExpireButton = New-UDButton -Text "Set to Expired" -Id "User-Info_AccountExpire_Button" -OnClick {
Try {
$ADUser | Set-ADUser -Replace @{accountExpires = $AccountExpireExpiredFileTime }
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account set to expired"
Show-UDToast -Message "$($ADUser.sAMAccountName) set to ""Expired""" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account set to expired.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) set to ""Expired"". Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
}#>
}
else {
$AccountExpireValue = [datetime]::FromFileTime($ADUser.accountExpires).ToUniversalTime().ToString("yyyy-MM-dd hh:mm:ss UTC")
if ([datetime]::FromFileTime($ADUser.accountExpires).ToUniversalTime() -lt (Get-Date).ToUniversalTime()) {
$AccountExpireIcon = New-UDIcon -Icon exclamation -Color Red -size lg
}
elseif ([datetime]::FromFileTime($ADUser.accountExpires).ToUniversalTime().AddDays(-$AccountExpireSoonDays) -lt (Get-Date).ToUniversalTime()) {
$AccountExpireIcon = New-UDIcon -Icon exclamation -Color Orange -size lg
}
else {
$AccountExpireIcon = New-UDIcon -Icon check -Color Green -size lg
}
if ($WriterRole) {
$AccountExpireNeverButton = New-UDButton -Text "Set to Never" -Id "User-Info_AccountExpireNever_Button" -OnClick {
Try {
$ADUser | Set-ADUser -Replace @{accountExpires = $null }
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account expiration set to Never"
Show-UDToast -Message "$($ADUser.sAMAccountName) expiration set to ""Never""" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account expiration set to Never.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) expiration set to ""Never"". Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
$AccountExpireClearButton = New-UDButton -Text "Clear" -Id "User-Info_AccountExpireClear_Button" -OnClick {
Try {
$ADUser | Set-ADUser -Replace @{accountExpires = $AccountExpireNeverFileTime0 }
Write-Log -SourceName $Session:LogSourceName -SeverityLevel informational -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "SUCCESS: User account expiration cleared"
Show-UDToast -Message "$($ADUser.sAMAccountName) expiration cleared" -CloseOnClick -Duration 15000 -Icon check -IconColor Green
}
Catch {
Write-Log -SourceName $Session:LogSourceName -SeverityLevel error -SourceUser $Session:Username -TargetUser $ADUser.sAMAccountName -Message "FAILED: User account expiration cleared.`nError: $($_.Exception.Message)"
Show-UDToast -Message "FAILED: $($ADUser.sAMAccountName) expiration set to cleared. Error: $($_.Exception.Message)" -CloseOnClick -Duration 15000 -Icon exclamation -IconColor Red
}
}
$AccountExpireButton = @($AccountExpireNeverButton, $AccountExpireClearButton)
}
}
# Group membership
$GroupMembershipButton = New-UDButton -Text "Group Membership" -Id "User-Info_GroupMembership_Button" -OnClick {
Show-UDModal -Content {
$GroupMembership = @()
$GroupMembershipIndirect = Get-ADObjectGroupMembershipRecursively -DistinguishedName $ADUser.DistinguishedName | Where-Object { $_ -notin $ADUser.MemberOf }
$GroupMembership += $ADUser.MemberOf | ForEach-Object {
@{
"Name" = $($_.Split(",")[0].Replace("CN=", ""))
"Membership" = "Direct"
}
}
$GroupMembership += $GroupMembershipIndirect | ForEach-Object {
@{
"Name" = $($_.Split(",")[0].Replace("CN=", ""))
"Membership" = "Indirect"
}
}
$GroupMembership += (Get-ADGroup "Domain Users" -Properties MemberOf).MemberOf | ForEach-Object {
@{
"Name" = $($_.Split(",")[0].Replace("CN=", ""))
"Membership" = "Domain Users"
}
}
$GroupMembership = $GroupMembership | Sort-Object { $_.Membership }, { $_.Name }
$GroupMembershipColumns = @(
New-UDTableColumn -Property Name -Title Name -ShowSort -ShowFilter -IncludeInExport -IncludeInSearch
New-UDTableColumn -Property Membership -Title Membership -ShowSort -ShowFilter -IncludeInExport -IncludeInSearch -DefaultSortColumn
)
New-UDTable -Id "User-Info_GroupMembership_Table" -Data $GroupMembership -Columns $GroupMembershipColumns -Dense -ShowSort -ShowFilter -ShowExport -ShowSearch -PageSize 15 -ShowPagination
}
} -ShowLoading
# Main computer
if ($ADUser.extensionattribute12) {
$MainComputerValue = New-UDElement -Tag 'a' -Attributes @{ href = "/Computer/Computer-Info?ComputerName=$($ADUser.extensionattribute12)" } -Content { $($ADUser.extensionattribute12) }
}
# Allowed Computers
if ($ADUser.userworkstations) {
$AllowedComputersValue = $ADUser.userworkstations.Split(",") | Where-Object { $UserWorkstations -notcontains $_ }
if ($AllowedComputersValue) {
$AllowedComputersButton = New-UDButton -Text "Allowed Computers" -Id "User-Info_AllowedComputers_Button" -OnClick {
Show-UDModal -Content {
$AllowedComputersValue = $AllowedComputersValue | Sort-Object | ForEach-Object { @{ "Name" = $_ } }
$AllowedComputersColumns = @(
New-UDTableColumn -Property Name -Title Name -ShowSort -ShowFilter -IncludeInExport -IncludeInSearch
)
New-UDTable -Id "User-Info_AllowedComputers_Table" -Data $AllowedComputersValue -Columns $AllowedComputersColumns -Dense -ShowSort -ShowFilter -ShowExport -ShowSearch -PageSize 15 -ShowPagination
}
} -ShowLoading
}
else {
$AllowedComputersButton = "Windows logon blocked, Fiori only"
}
}
else {
$AllowedComputersButton = "All computers"
}
# Site & Branch
$ADUserDistinguishednameReverseValue = $ADUser.Distinguishedname.Split(",")
[array]::Reverse($ADUserDistinguishednameReverseValue)
# AD Location
if ($ADUser.CanonicalName) {
$ADLocationSplit = $ADUser.CanonicalName.Split("/")
$ADLocationValue = $ADLocationSplit[0..($ADLocationSplit.Length - 2)] -Join "/"
}
$ReturnTable = @(
@{"Name" = "UserType"; "Status" = ""; "Value" = $UsertypeValue }
@{"Name" = "Last logon"; "Status" = ""; "Value" = $LastLogonDateValue }
@{"Name" = "Password last set"; "Status" = $PasswordLastSetIcon; "Value" = $PasswordLastSetValue }
@{"Name" = "Password expires"; "Status" = $PasswordExpireIcon; "Value" = $PasswordExpireValue }
@{"Name" = "Account enabled"; "Status" = $EnabledIcon; "Value" = $EnabledValue }
@{"Name" = "User locked out"; "Status" = $LockedOutIcon; "Value" = $LockedOutValue }
@{"Name" = "In delete process"; "Status" = $DeleteProcessIcon; "Value" = $DeleteProcessValue }
@{"Name" = "Account Expiration"; "Status" = $AccountExpireIcon; "Value" = $AccountExpireValue }
@{"Name" = "Cloud enabled"; "Status" = $CloudEnabledIcon; "Value" = $CloudEnabledValue }
@{"Name" = "Main computer"; "Status" = ""; "Value" = $MainComputerValue }
@{"Name" = "AD Location"; "Status" = ""; "Value" = $ADLocationValue }
)
$ReturnTable = $ReturnTable | Where-Object { -not [string]::IsNullOrWhitespace($_.Value ) }
$ReturnTable | Where-Object { $null -eq $_.Value } | ForEach-Object { $_.Value = "" }
$ReturnTable | Where-Object { $null -eq $_.Status } | ForEach-Object { $_.Status = "" }
return $ReturnTable
}