Script Repository


Assign UPN suffix based on property of user account

April 25, 2017
1854

The script assigns a UPN suffix to a user based on the value of a certain property of the user account. For example, you can set a UPN suffix based on the department of the user specified in AD.

To add such functionality to your environment, create a Business Rule that runs the script after creating a user.

Parameters:

  • $propertyName - specifies the LDAP display name of the property on which UPN suffixes depend;
  • $upnSuffixMap - specifies a map of the property value and the corresponding UPN suffix. One suffix can be mapped to multiple values.
Edit Remove
PowerShell
$propertyName = "department" # TODO: modify me
$upnSuffixMap = @{
    "sales.domain.com" = @("Sales")
    "helpdesk.domain.com" = @("Help Desk 1", "Help Desk 2")
} # TODO: modify. Example: $upnSuffixMap = @{"<UPN Suffix>" = @("<Property Value 1>", "<Property Value 2>")}

# Get property value
try
{
    $value = $Context.TargetObject.Get($propertyName)
}
catch
{
    return # Property is empty
}

# Get UPN Suffix
$upnSuffix = $NULL
foreach ($item in $upnSuffixMap.GetEnumerator())
{
    if ($item.Value -notcontains $value)
    {
        continue
    }
    
    $upnSuffix = $item.Key
    break
}

if ([System.String]::IsNullOrEmpty($upnSuffix))
{
    $Context.LogMessage("UPN suffix is not specified for '$value'. Default UPN suffix will be used.", "Warning")
    return
}

# Get UPN
$userPrincipalName = "%userPrincipalName%"
if ([System.String]::IsNullOrEmpty($userPrincipalName))
{
    $Context.LogMessage("Cannot assign a UPN suffix because the user logon name is empty", "Warning")
    return
}

# Build new UPN
$userPrincipalName = $userPrincipalName.SubString(0, $userPrincipalName.IndexOf("@")) + "@$upnSuffix"

# Save changes
$Context.TargetObject.Put("userPrincipalName", $userPrincipalName)
$Context.TargetObject.SetInfo()


Comments ( 0 )
No results found.
Leave a comment