Okta-Scripts/SendEmailUpdatesToOkta.ps1 at master · mbegan/Okta-Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
Param
(
    [Parameter(Mandatory=$true)][alias('org','OktaOrg')][string]$oOrg
)

#This group is the 'All - xxx' Group, cleanest way to grab just active xxx user accounts.
$Group = '00gzbdjvecVNYVGYHJJM'

#Get all the Okta users that are in the Group
$VarianOktaUsers = oktaGetGroupMembersbyId -oOrg $oOrg -gid $Group

#Get all the AD users profiles
$VarianADUsers = oktaGetUsersbyAppID -oOrg $oOrg -aid $oktaOrgs.$org.ProfileMaster

#make a hashtable with the OktaUsers
$vous = New-Object System.Collections.Hashtable
foreach ($vou in $VarianOktaUsers)
{
    $vous.Add($vou.id,$vou)
}
Remove-Variable -Name VarianOktaUsers

#Make a hashtable with the ADProfiles
$vaps = New-Object System.Collections.Hashtable
foreach ($vap in $VarianADUsers)
{
    $vaps.Add($vap.id,$vap)
}

Remove-Variable -Name VarianADUsers


#Combine the two bits into one thingy
$UserProfiles = New-Object System.Collections.Hashtable
foreach ($id in $vous.Keys)
{
    if ($vaps[$id])
    {
        $userProfile = @{Okta = $vous[$id];AD = $vaps[$id]}
        $UserProfiles.Add(($vaps[$id].profile.samAccountName.ToLower()),$userProfile)
    } else {
        Write-Warning (("No AD Profile exists for " + $vous[$id].profile.login + " : " + $id))
    }
}

Remove-Variable -Name vous
Remove-Variable -Name vaps

$textinfo = (Get-Culture).TextInfo
$needupdates = 0
#Flip through the list and find users needin updates
Write-Host ("samAccountName`tOkta Email Value`tAD Email Value")
foreach ($user in $UserProfiles.Keys)
{
    #If the AD profile email isn't the same as the okta user email call it out
    if ($UserProfiles[$user].AD.profile.email)
    {
        if ( ($UserProfiles[$user].AD.profile.email.ToLower()) -ne ($UserProfiles[$user].Okta.profile.email.ToLower()) )
        {
            $needupdates++
            try
            {
                $parts = $UserProfiles[$user].AD.profile.email.Split("@")
                $left = $textinfo.ToTitleCase( $parts[0].ToLower() )
                $right = $parts[1].ToLower()
                $email = $left + "@" + $right
                Write-Host ($user + "`t") -NoNewline
                Write-Host ($UserProfiles[$user].Okta.profile.email.ToLower() + "`t" + $email )
                $update = @{email = $email}
                $UserProfiles[$user].NewOkta = oktaUpdateUserProfilebyID -oOrg $oOrg -uid $UserProfiles[$user].Okta.id -Profile $update -partial
            }
            catch
            {
                Write-Warning (($_.Exception.Message + " occured when updating email for " + $user))
            }
        }
    } else {
        Write-Warning ($user + " Doesn't have an email in Okta's presentation of AD")
    }
}

Write-Host $needupdates