ad-rbac

1.1.3

public/Add-RBACOrg.ps1

                                Function Add-RBACOrg {

    <#

        .SYNOPSIS

        Adds an "Org" OU structure from a predefined template

        .DESCRIPTION

        This creates a regular OU structure in Active Directory representing a distinct and self-managing business unit or tenant.

        .PARAMETER Org

        The name of the 'org'

        .PARAMETER Description

        The description for the org OU

        .PARAMETER Path

        The distinguishedName for the parent OU of this org

        .EXAMPLE

        add-rbacOrg -Org "Developers" -description "Software engineering team"

        This creates an OU tree at "OU=Developers,OU=Orgs,DC=Contoso,DC=Local"

        It should contain the following children OUs:

          * Components

          * Rights

          * Roles

          * PrivilegedAccounts

        .EXAMPLE

        add-rbacOrg -Org "Developers" -description "Software engineering team" -path "OU=Orgs,DC=Contoso,DC=Local"

        Creates the OU tree at the specified path

        .INPUTS

        System.String

        .OUTPUTS

        $null

#>

    [CmdletBinding(SupportsShouldProcess=$true)]

    Param

    (

        [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)]

        [ValidateLength(1,15)]

        [Alias("Name")]

        [String]$Org,

        [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=1)]

        [String]$Description,

        [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=2)]

        [String]$Path = "OU=$($OrgsOUStruct.Name),$($OrgsOUStruct.path)",

        [switch]$ResetRoleMembership

    )

    BEGIN {

        $shouldProcess = @{

            Confirm = [bool]($ConfirmPreference -eq "low")

            Whatif = [bool]($WhatIfPreference.IsPresent)

            verbose = [bool]($VerbosePreference -ne "SilentlyContinue")

        }

    }

    PROCESS {

        $ResetRoleMembershipParam = @{

            ResetRoleMembership = [bool]($ResetRoleMembership)

        }

        if ($PsItem.org) { $Org = $_.Org}

        if ($PsItem.Description) {$Description = $_.Description}

        if ($PsItem.Path) {$Path = $_.Path}

        if ($PSCmdlet.ShouldProcess($path,"Creating Org structure for $org")) {

            Add-OUStructureFromTemplate -name $Org -Description $Description -path $path -Template $OrgTemplate @shouldProcess @ResetRoleMembershipParam

        }

        start-sleep -seconds 5

        $GPOSpecList = foreach ($GPO in $OrgTemplate.GPOs) {

            [pscustomObject]@{

                Org = $Org

                GPOTemplate = $GPO

            }

        }

        if ($GPOSpecList) {

            if($PSCmdlet.ShouldProcess("Creating GPOs")) {

                $GPOSpecList | CreateOrSetGPO

            }

        }

    }

}