Skip to main content

HelloID

OU scripts

For more information, see Organizational units (OUs) and AD target system variable reference.

In the OU scripts, you get $person, $manager, $accountReference, and $managerAccountReference objects. Use them to build up the $organizationalUnit object, which is then returned to HelloID inside $result.

Caution

Do not attempt to directly move accounts between OUs in these scripts. The purpose of the scripts is only to build up the $organizationalUnit object and return it to HelloID. HelloID then places and moves the user accounts for you.

Optionally, put any debug code (e.g., logging) inside the if($dryRun -eq $True) statement. See $dryRun.

For reference, here is the default Initial Container script. All OU scripts follow the same template.

#Initialize default properties
$p = $person | ConvertFrom-Json;
$m = $manager | ConvertFrom-Json;
$a = $accountReference | ConvertFrom-Json;
$ma = $managerAccountReference | ConvertFrom-Json;

$organizationalUnit = [PSCustomObject]@{
    canonicalName = "Domain.Local/Users";
    name = "Users";
    #objectGuid = "E78D44FF-0537-4B4C-A189-F4060AB6DFDD";
}

if($dryRun -eq $True) {
    Write-Verbose -Verbose "Dry run for determining OU"
}

$success = $True;

#build up result
$result = [PSCustomObject]@{
    Success = $success;
    OrganizationalUnit = $organizationalUnit;
};

#send result back
Write-Output $result | ConvertTo-Json -Depth 2

Below is a specific example. This code demonstrates how to dynamically assign an OU. Here, we fetch the Location.ExternalId from the person object (onto which the unique ID of users' building or campus has been mapped). We then use it to select a target OU.

# Initialize default properties
$p = $person | ConvertFrom-Json;
$success = $True;

try {
    # Determine the person's target OU based on their location ID
    if ($p.Location.ExternalId -eq "01") {
        $organizationalUnit = Get-ADOrganizationalUnit -Identity 'OU=Location One,DC=enyoi,DC=local' -Properties canonicalName
    } elseif ($p.Location.ExternalId -eq "02") {
        $organizationalUnit = Get-ADOrganizationalUnit -Identity 'OU=Location Two,DC=enyoi,DC=local' -Properties canonicalName
    } else {
        # Use a default OU if no other results are found
        $organizationalUnit = Get-ADOrganizationalUnit -Identity 'OU=Default OU,DC=enyoi,DC=local' -Properties canonicalName
    }

    # Report OU if we are in a dry run
    if($dryRun -eq $True) {
        $cn = $organizationalUnit.canonicalName
        Write-Verbose -Verbose "Dry run for determining OU. Calculated $cn."
    }
} catch {
    # Catch a failure and log it
    $success = $False
    Write-Verbose -Verbose $_
} finally {
    # Create a result object for HelloID
    $result = [PSCustomObject]@{
        Success = $success;
        OrganizationalUnit = $organizationalUnit;
    }

    # Send the result object to HelloID as JSON
    Write-Output $result | ConvertTo-Json -Depth 2
}
In this section: