public/Add-VPASEPVUser.ps1

<#
.Synopsis
   ADD EPV USERS TO CYBERARK
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD EPV USERS INTO CYBERARK
.PARAMETER NoSSL
   If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!)
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER username
   Username that will be assigned to the new EPVUser
.PARAMETER Description
   An explanation/details of the target resource
   Best practice states to leave informative descriptions to help identify the resource purpose
.PARAMETER AddSafes
   VaultAuthorization permission that gives rights for an EPVUser to create safes
.PARAMETER AuditUsers
   VaultAuthorization permission that gives rights for an EPVUser to view other EPVUser details
.PARAMETER AddUpdateUsers
   VaultAuthorization permission that gives rights for an EPVUser to add new EPVUsers or update existing EPVUsers
.PARAMETER ResetUsersPasswords
   VaultAuthorization permission that gives rights for an EPVUser to reset credentials for other EPVUsers
.PARAMETER ActivateUsers
   VaultAuthorization permission that gives rights for an EPVUser to Activate other EPVUsers (if the EPVUser becomes inactive)
.PARAMETER AddNetworkAreas
   VaultAuthorization permission that gives rights for an EPVUser to create Networking Areas
   Networking Areas limit where an account can be used from
.PARAMETER ManageDirectoryMapping
   VaultAuthorization permission that gives rights for an EPVUser to create/edit/delete directory mappings created during LDAP integration
.PARAMETER ManageServerFileCategories
   VaultAuthorization permission that gives rights for an EPVUser to create/modify/delete ServerFileCategories
.PARAMETER BackupAllSafes
   VaultAuthorization permission that gives rights for an EPVUser to be able to backup an existing safe
.PARAMETER RestoreAllSafes
   VaultAuthorization permission that gives rights for an EPVUser to be able to restore safes
.PARAMETER UserType
   The user type of the EPVUser being created
   UserTypes are determined by the current license in the environment, as well as how many seats are available per UserType
   Possible values: EPVUser, AIMAccount, CPM, PVWA, PSMHTML5Gateway, PSM, AppProvider, OPMProvider, CCPEndpoints, PSMUser, IBVUser, AutoIBVUser, CIFS, FTP, SFE, DCAUser, DCAInstance, SecureEpClientUser, ClientlessUser, AdHocRecipient, SecureEmailUser, SEG, PSMPADBridge, PSMPServer, AllUsers, DR_USER, BizUser, PTA, DiscoveryApp, xRayAdminApp, PSMWeb, EPMUser, DAPService
.PARAMETER Location
   Where the EPVUser will reside in terms of the directory structure within CyberArk
.PARAMETER InitialPassword
   Temporary initial password of the EPVUser
.PARAMETER PasswordNeverExpires
   If the password will ever expire or follow a scheduled expiry schedule
.PARAMETER ChangePasswordOnTheNextLogon
   Change the password of the new EPVUser upon first time login
.PARAMETER DisableUser
   Disable the the new EPVUser account
   Disabled accounts are NOT able to log into CyberArk
.PARAMETER Street
   EPVUser Street value
.PARAMETER City
   EPVUser City value
.PARAMETER State
   EPVUser State value
.PARAMETER Zip
   EPVUser Zip value
.PARAMETER Country
   EPVUser Country value
.PARAMETER Title
   EPVUser Title value
.PARAMETER Organization
   EPVUser Organization value
.PARAMETER Department
   EPVUser Department value
.PARAMETER Profession
   EPVUser Profession value
.PARAMETER FirstName
   EPVUser FirstName value
.PARAMETER MiddleName
   EPVUser MiddleName value
.PARAMETER LastName
   EPVUser LastName value
.PARAMETER HomeNumber
   EPVUser HomeNumber value
.PARAMETER BusinessNumber
   EPVUser BusinessNumber value
.PARAMETER CellularNumber
   EPVUser CellularNumber value
.PARAMETER FaxNumber
   EPVUser FaxNumber value
.PARAMETER PagerNumber
   EPVUser PagerNumber value
.PARAMETER HomePage
   EPVUser HomePage value
.PARAMETER HomeEmail
   EPVUser HomeEmail value
.PARAMETER BusinessEmail
   EPVUser BusinessEmail value
.PARAMETER OtherEmail
   EPVUser OtherEmail value
.PARAMETER WorkStreet
   EPVUser WorkStreet value
.PARAMETER WorkCity
   EPVUser WorkCity value
.PARAMETER WorkState
   EPVUser WorkState value
.PARAMETER WorkZip
   EPVUser WorkZip value
.PARAMETER WorkCountry
   EPVUser WorkCountry value
.EXAMPLE
   $EPVUserJSON = Add-VPASEPVUser -Username {USERNAME VALUE}
.OUTPUTS
   JSON Object (EPVUserDetails) if successful
   $false if failed
#>

function Add-VPASEPVUser{
    [OutputType('System.Object',[bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter username of new target EPVUser (for example: NewUser1)",Position=0)]
        [String]$Username,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [ValidateSet('EPVUser','AIMAccount','CPM','PVWA','PSMHTML5Gateway','PSM','AppProvider','OPMProvider','CCPEndpoints','PSMUser','IBVUser','AutoIBVUser','CIFS','FTP','SFE','DCAUser','DCAInstance','SecureEpClientUser','ClientlessUser','AdHocRecipient','SecureEmailUser','SEG','PSMPADBridge','PSMPServer','AllUsers','DR_USER','BizUser','PTA','DiscoveryApp','xRayAdminApp','PSMWeb','EPMUser','DAPService')]
        [String]$UserType,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [String]$Location,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter an initial temporary password (for example: Sup3rS3cr3t!)",Position=3)]
        [String]$InitialPassword,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)]
        [Switch]$PasswordNeverExpires,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]
        [Switch]$ChangePasswordOnTheNextLogon,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]
        [Switch]$DisableUser,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)]
        [String]$Description,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)]
        [hashtable]$token,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)]
        [Switch]$NoSSL,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)]
        [String]$Street,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)]
        [String]$City,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=12)]
        [String]$State,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=13)]
        [String]$Zip,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=14)]
        [String]$Country,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=15)]
        [String]$Title,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=16)]
        [String]$Organization,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=17)]
        [String]$Department,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=18)]
        [String]$Profession,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=19)]
        [String]$FirstName,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=20)]
        [String]$MiddleName,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=21)]
        [String]$LastName,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=22)]
        [String]$HomeNumber,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=23)]
        [String]$BusinessNumber,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=24)]
        [String]$CellularNumber,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=25)]
        [String]$FaxNumber,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=26)]
        [String]$PagerNumber,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=27)]
        [String]$HomePage,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=28)]
        [String]$HomeEmail,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=29)]
        [String]$BusinessEmail,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=30)]
        [String]$OtherEmail,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=31)]
        [String]$WorkStreet,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=32)]
        [String]$WorkCity,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=33)]
        [String]$WorkState,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=34)]
        [String]$WorkZip,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=35)]
        [String]$WorkCountry,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=36)]
        [Switch]$AddSafes,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=37)]
        [Switch]$AuditUsers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=38)]
        [Switch]$AddUpdateUsers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=39)]
        [Switch]$ResetUsersPasswords,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=40)]
        [Switch]$ActivateUsers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=41)]
        [Switch]$AddNetworkAreas,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=42)]
        [Switch]$ManageDirectoryMapping,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=43)]
        [Switch]$ManageServerFileCategories,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=44)]
        [Switch]$BackupAllSafes,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=45)]
        [Switch]$RestoreAllSafes
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL = Get-VPASSession -token $token
    }
    Process{

        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        Write-Verbose "SUCCESSFULLY PARSED USERNAME VALUE: $Username"

        $Params = @{}


        $Params += @{username = $Username}

        if([String]::IsNullOrEmpty($UserType)){
            Write-Verbose "NO USERTYPE SPECIFIED, DEFAULT VALUE: EPVUser"
            $Params += @{userType = "EPVUser"}
        }
        else{
            Write-Verbose "PARSING USERTYPE VALUE: $UserType"
            $Params += @{userType = $UserType}
        }

        $locationstr = "\"
        if([String]::IsNullOrEmpty($Location)){
            Write-Verbose "NO LOCATION SPECIFIED, DEFAULT LOCATION: \"
            $Params += @{location = $locationstr}
        }
        else{
            $locationstr += $Location
            Write-Verbose "PARSING LOCATION VALUE: $locationstr"
            $Params += @{location = $locationstr}
        }

        if($DisableUser){
            Write-Verbose "PARSING ENABLE USER VALUE: false"
            $Params += @{enableUser = "false"}
        }
        else{
            Write-Verbose "PARSING ENABLE USER DEFAULT: true"
            $Params += @{enableUser = "true"}
        }


        if(![String]::IsNullOrEmpty($InitialPassword)){
            write-verbose "SETTING PASSWORD TO: $InitialPassword"
            $Params += @{initialPassword = $InitialPassword}
        }
        else{
            write-verbose "NO PASSWORD SET"
        }

        if($ChangePasswordOnTheNextLogon){
            write-verbose "CHANGE PASSWORD ON THE NEXT LOGIN: true"
            $Params += @{changePassOnNextLogon = "true"}
        }
        else{
            write-verbose "CHANGE PASSWORD ON THE NEXT LOGON: false"
            $Params += @{changePassOnNextLogon = "false"}
        }

        if($PasswordNeverExpires){
            write-verbose "PASSWORD NEVER EXPIRE: true"
            $Params += @{passwordNeverExpires = "true"}
        }
        else{
            write-verbose "PASSWORD NEVER EXPIRE: false"
            $Params += @{passwordNeverExpires = "false"}
        }


        $vaultauthstr = @()
        if($AddSafes){
            write-verbose "ADDING VAULT PERMISSION: AddSafes"
            $vaultauthstr += "AddSafes"

        }
        if($AuditUsers){
            write-verbose "ADDING VAULT PERMISSION: AuditUsers"
            $vaultauthstr += "AuditUsers"

        }
        if($AddUpdateUsers){
            write-verbose "ADDING VAULT PERMISSION: AddUpdateUsers"
            $vaultauthstr += "AddUpdateUsers"

        }
        if($ResetUsersPasswords){
            write-verbose "ADDING VAULT PERMISSION: ResetUsersPasswords"
            $vaultauthstr += "ResetUsersPasswords"

        }
        if($ActivateUsers){
            write-verbose "ADDING VAULT PERMISSION: ActivateUsers"
            $vaultauthstr += "ActivateUsers"

        }
        if($AddNetworkAreas){
            write-verbose "ADDING VAULT PERMISSION: AddNetworkAreas"
            $vaultauthstr += "AddNetworkAreas"

        }
        if($ManageDirectoryMapping){
            write-verbose "ADDING VAULT PERMISSION: ManageDirectoryMapping"
            $vaultauthstr += "ManageDirectoryMapping"

        }
        if($ManageServerFileCategories){
            write-verbose "ADDING VAULT PERMISSION: ManageServerFileCategories"
            $vaultauthstr += "ManageServerFileCategories"

        }
        if($BackupAllSafes){
            write-verbose "ADDING VAULT PERMISSION: BackupAllSafes"
            $vaultauthstr += "BackupAllSafes"

        }
        if($RestoreAllSafes){
            write-verbose "ADDING VAULT PERMISSION: RestoreAllSafes"
            $vaultauthstr += "RestoreAllSafes"

        }
        if($vaultauthstr.Count -gt 0){
            write-verbose "ADDING VAULT AUTHORIZATIONS TO PARAMS: $vaultauthstr"
            $Params += @{vaultAuthorization = $vaultauthstr}
        }

        if(![String]::IsNullOrEmpty($Description)){
            Write-Verbose "PARSING DESCRIPTION VALUE: $Description"
            $Params+=@{
                description = $Description
            }
        }

        $personalDetails = @{}
        if(![String]::IsNullOrEmpty($Street)){
            write-verbose "PARSING STREET VALUE: $Street"
            $personalDetails += @{street = $Street}
        }

        if(![String]::IsNullOrEmpty($City)){
            write-verbose "PARSING CITY VALUE: $City"
            $personalDetails += @{city = $City}
        }

        if(![String]::IsNullOrEmpty($State)){
            write-verbose "PARSING STATE VALUE: $State"
            $personalDetails += @{state = $State}
        }

        if(![String]::IsNullOrEmpty($Zip)){
            write-verbose "PARSING ZIP VALUE: $Zip"
            $personalDetails += @{zip = $Zip}
        }

        if(![String]::IsNullOrEmpty($Country)){
            write-verbose "PARSING COUNTRY VALUE: $Country"
            $personalDetails += @{country = $Country}
        }

        if(![String]::IsNullOrEmpty($Title)){
            write-verbose "PARSING TITLE VALUE: $Title"
            $personalDetails += @{title = $Title}
        }

        if(![String]::IsNullOrEmpty($Organization)){
            write-verbose "PARSING ORGANIZATION VALUE: $Organization"
            $personalDetails += @{organization = $Organization}
        }

        if(![String]::IsNullOrEmpty($Department)){
            write-verbose "PARSING DEPARTMENT VALUE: $Department"
            $personalDetails += @{department = $Department}
        }

        if(![String]::IsNullOrEmpty($Profession)){
            write-verbose "PARSING PROFESSION VALUE: $Profession"
            $personalDetails += @{profession = $Profession}
        }

        if(![String]::IsNullOrEmpty($FirstName)){
            write-verbose "PARSING FIRSTNAME VALUE: $FirstName"
            $personalDetails += @{firstName = $FirstName}
        }

        if(![String]::IsNullOrEmpty($MiddleName)){
            write-verbose "PARSING MIDDLENAME VALUE: $MiddleName"
            $personalDetails += @{middleName = $MiddleName}
        }

        if(![String]::IsNullOrEmpty($LastName)){
            write-verbose "PARSING LASTNAME VALUE: $LastName"
            $personalDetails += @{lastName = $LastName}
        }

        if($personalDetails.Count -gt 0){
            Write-Verbose "ADDING PERSONAL DETAILS TO PARAMS"
            $Params+= @{personalDetails = $personalDetails}
        }


        $phones = @{}
        if(![String]::IsNullOrEmpty($HomeNumber)){
            write-verbose "PARSING HOME NUMBER VALUE: $HomeNumber"
            $phones += @{homeNumber = $HomeNumber}
        }

        if(![String]::IsNullOrEmpty($BusinessNumber)){
            write-verbose "PARSING BUSINESS NUMBER VALUE: $BusinessNumber"
            $phones += @{businessNumber = $BusinessNumber}
        }

        if(![String]::IsNullOrEmpty($CellularNumber)){
            write-verbose "PARSING CELLULAR NUMBER VALUE: $CellularNumber"
            $phones += @{cellularNumber = $CellularNumber}
        }

        if(![String]::IsNullOrEmpty($FaxNumber)){
            write-verbose "PARSING FAX NUMBER VALUE: $FaxNumber"
            $phones += @{faxNumber = $FaxNumber}
        }

        if(![String]::IsNullOrEmpty($PagerNumber)){
            write-verbose "PARSING PAGER NUMBER VALUE: $PagerNumber"
            $phones += @{pagerNumber = $PagerNumber}
        }

        if($phones.Count -gt 0){
            Write-Verbose "ADDING PHONES TO PARAMS"
            $Params+= @{phones = $phones}
        }



        $internet = @{}
        if(![String]::IsNullOrEmpty($HomePage)){
            write-verbose "PARSING HOME PAGE VALUE: $HomePage"
            $internet += @{homePage = $HomePage}
        }

        if(![String]::IsNullOrEmpty($HomeEmail)){
            write-verbose "PARSING HOME EMAIL VALUE: $HomeEmail"
            $internet += @{homeEmail = $HomeEmail}
        }

        if(![String]::IsNullOrEmpty($BusinessEmail)){
            write-verbose "PARSING BUSINESS EMAIL VALUE: $BusinessEmail"
            $internet += @{businessEmail = $BusinessEmail}
        }

        if(![String]::IsNullOrEmpty($OtherEmail)){
            write-verbose "PARSING OTHER EMAIL VALUE: $OtherEmail"
            $internet += @{otherEmail = $OtherEmail}
        }

        if($internet.Count -gt 0){
            Write-Verbose "ADDING INTERNET TO PARAMS"
            $Params+= @{internet = $internet}
        }


        $businessaddr = @{}
        if(![String]::IsNullOrEmpty($WorkStreet)){
            write-verbose "PARSING WORK STREET VALUE: $WorkStreet"
            $businessaddr += @{workStreet = $WorkStreet}
        }

        if(![String]::IsNullOrEmpty($WorkCity)){
            write-verbose "PARSING WORK CITY VALUE: $WorkCity"
            $businessaddr += @{workCity = $WorkCity}
        }

        if(![String]::IsNullOrEmpty($WorkState)){
            write-verbose "PARSING WORK STATE VALUE: $WorkState"
            $businessaddr += @{workState = $WorkState}
        }

        if(![String]::IsNullOrEmpty($WorkZip)){
            write-verbose "PARSING WORK ZIP VALUE: $WorkZip"
            $businessaddr += @{workZip = $WorkZip}
        }

        if(![String]::IsNullOrEmpty($WorkCountry)){
            write-verbose "PARSING WORK COUNTRY VALUE: $WorkCountry"
            $businessaddr += @{workCountry = $WorkCountry}
        }

        if($businessaddr.Count -gt 0){
            Write-Verbose "ADDING BUSINESS ADDRESS TO PARAMS"
            $Params+= @{businessAddress = $businessaddr}
        }


        write-verbose "SETTING PARAMETERS FOR API CALL"
        $Params = $Params | ConvertTo-Json

        try{

            Write-Verbose "MAKING API CALL TO CYBERARK"
            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/api/Users"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/api/Users"
            }


            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $Params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $Params -ContentType "application/json"
            }
            Write-Verbose "PARSING DATA FROM CYBERARK"
            Write-Verbose "OPERATION COMPLETED SUCCESSFULLY, RETURNING JSON OBJECT"
            return $response
        }catch{
            Write-Verbose "UNABLE TO ADD EPVUSER"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{

    }
}