What does this script applies to?

This script prepares CSV files for BIT from AAD. Download script
Users.csv: all active, not ‘Guest’ users with non-empty Mail, First name, and Last Name from AAD.
Structure.csv: in order to retain the data integrity the script creates one organizational unit under ‘Entire Company’ by default.
Links.csv: all users with non-empty Title are added with their titles in this organizational unit. All users without titles will be added with default Title.

Relations.PNG

AAD Fields

We use the following AAD fields:
UserPrincipalName as Employee ID
Mail as Email
UserPrincipalName as Username
Surname as Last Name
GivenName as First Name
TelephoneNumber as Work Phone
Title as Title
Manager as Manager

Prerequisites

  1. You need an AAD account with ‘Read properties on users in AAD’ permissions to run the script.

  2. Run the following command in Windows PowerShell. This command prepares secure file with password. This file will be used by the integration script, that’s why the integration script must be running on the same machine and with the same windows account. Here password is the password for AAD account, “C:\pwd.txt” is a path to the secure file with password.

    "password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\AADAccount.txt"

  3. Powershell module requirements: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

Parameters

OutputFolder The folder with input files for BIT tool. This parameter is mandatory.
GetManagers It regulates if the script gets the managers or not. This parameter is not mandatory, the default value is ‘False’. To change the default behavior set this parameter to ‘True’ as shown in example below. Note that assigning managers slows down the work of the script significantly.

EXAMPLES

 .\AADIntegration.ps1 -OutputFolder "C:\BIT\CSV"
 .\AADIntegration.ps1 -OutputFolder "C:\BIT\CSV" -GetManagers:$true 

Variables

You must enter the following variables in the script before running.

$O365Account = ""
$O365PwdPath = ""
$Spclaim = "i:0e.t|company|"
$DepartmentID = "O365"
$DepartmentName = "O365 Users"
$DefaultJobTitile = "Administrator"

O365Account AAD account with Read permissions
O365PwdPath Path to secure file with password
Spclaim Sharepoint claims for users’ accounts
DepartmentID This script creates one department under Entire Company. You can specify the Department ID.
DepartmentName This script creates one department under Entire Company. You can specify the Department Name.
DefaultJobTitile The default job title. If the user does not have title in AAD, this title will be given to this user.