Teamviewer AD integration: user creation does not work

Protime

Hi,

I tried to use the Powershell script for user creation.

I succeed in connecting to AD and teamviewer using the API access token. My users assigned to the teamviewer security group are found, but I don't get them created in the teamviewer account portal.

Here is my script output:

Starting AD OU Sync...

Ping API...
Request [GET] /api/v1/ping
200 OK
Ping: Token is valid

Reading AD OU members

Get all users...
Request [GET] /api/v1/users?full_list=true
200 OK
Request ok!

Get single user by mail (name1@domain.com)...
Request [GET] /api/v1/users?email=name1@domain.com&full_list=true
200 OK
Request ok!

No user with email= name1@domain.com  found.
CreateUser:  name1@domain.com  with this values:
 =


Get single user by mail (name2@domain.com)...
Request [GET] /api/v1/users?email=name2@domain.com&full_list=true
200 OK
Request ok!

No user with email= name2@domain.com  found.
CreateUser:  name2@domain.com  with this values:
 =

AD OU Sync finished.

I use this script:

###############
# Configuration
###############

# API access token 
$accessToken = "xxxxxxx-xxxxxxxxxxxxxxxxxxxxx" #<-- your access token, can be left empty when OAuth (below) is configured.

# OAuth: API client id & authorizationCode
# if all variables are set here, OAuth will be used to request an access token
$clientId = ""            				#<-- Create an app in your TeamViewer Management Console and insert the client ID here.
$clientSecret = ""						#<-- Insert your client secret here.
$authorizationCode = ""      #<-- Visit https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=YOURCLIENTIDHERE
                             #    Login, grant the permissions (popup) and put the code shown in the authorizationCode variable here


# domain settings
$dn = "dc=domain,dc=com"

# ldap settings
$dcIP = "10.1.1.1"
$dcLdapPort = "389"

# user group to sync with management console
$syncGroupCN = "SG-Teamviewer-Users"
$syncGroupOU = "General Groups,ou=Security Groups"
#$syncGroupSearchFilter = "(&(objectCategory=user)(memberOf=cn=$syncGroupCN,ou=$syncGroupOU,$dn))"

# new user defaults (if not available in csv import file)
$defaultUserLanguage = "en"   
$defaultUserPassword = "myInitalPassword!"
$defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"

# deactivate company users not found in the configured AD group 
$deactivateUnknownUsers = $false
# testRun needs to be set to false for the script to perform actual changes
$testRun = $true

##########
# includes
##########

$currentPath = Split-Path ((Get-Variable MyInvocation -Scope 0).Value).MyCommand.Path

. (Join-Path $currentPath "Common.ps1")

###########
# Functions
###########

# Returns the AD members of the configured usergroup from above
function GetADMembersOfOU()
{
	Write-Host 
	Write-Host "Reading AD OU members"

	$result2 = $NULL

	try
	{
		$domain = "LDAP://" + $dcip + ":" + $dcLdapPort + "/$dn"
	    $root = New-Object System.DirectoryServices.DirectoryEntry $domain

	    $query = new-Object System.DirectoryServices.DirectorySearcher
	    $query.searchroot = $root        
	    $query.Filter = $syncGroupSearchFilter

	    #needed user properties
	    $colProplist = "name", "mail", "givenName", "sn", "department", "description", "userAccountControl"

	    foreach ($i in $colPropList)
	    {
	        [void]$query.PropertiesToLoad.Add($i)
	    }    

	    $result2 = $query.findall()

		$userDict = @{}

	    foreach ($objResult in $result2)
	    {
			$user = @{}

			$user["email"] = [string]$objResult.Properties.mail
			$user["name"] = [string]($objResult.Properties.givenname + $objResult.Properties.sn)

			#check user account status (00000000000000000000000000000010 binary, 2 decimal, UF_ACCOUNT_DISABLE)
			$uacVal = $objResult.Properties.useraccountcontrol.Item(0)
			$userEnabled = (($uacVal -BAND 2) -eq 0)

			#skip user when required fields are missing, or account is disabled
			if($user.email.length -gt 0 -and $user.name.length -gt 0 -and $userEnabled -eq $true)
			{
				$userDict.Add([PSCustomObject]$user.email, [PSCustomObject]$user)
			}
			else
			{
			 	Write-Host "AD user is missing name and/or email. Skipped."
			}
	    }


		$result2 = $userDict
	}
	catch [Exception]
	{
		Write-Host ("AD read failed! The error was '{0}'." -f $_)
		$result2 = $NULL
	}

		return $result2

}

#######################################
# Sync AD Usergroup with TeamViewer API
#######################################

if($testRun -eq $true)
{
	Write-Host "testRun is set to true. Information in your TeamViewer account will not be modified. Instead, all changes that would be made are displayed on the console. Press any key to continue..."
	$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
Write-Host ("Starting AD OU Sync...")

# check OAuth requirements
if ($clientId -and $authorizationCode) 
{
	#get token
		$token = RequestOAuthAccessToken $clientId $clientSecret $authorizationCode
	if ($token){
		$accessToken = $token
	}
}

#ping API to check connection and token
if (PingAPI($accessToken) -eq $true)
{
    #read users from the AD OU	
	$dictUsersAD = GetADMembersOfOU

    #get all current users of our company from the API
	$arrUsersAPI = GetAllUsersAPI $accessToken

	#put all current API users in a dictionary, id field as key
	$dictUsersAPI = @{}
	foreach ($u in $arrUsersAPI)
	{
		#Write-Host $u.id
		$dictUsersAPI.Add($u.id, $u)	
	}

	#sync
	#for each user in AD group: check against API if user exists (by mail)	
	foreach($usrKey in $($dictUsersAD.keys))
	{
		#Write-Host $usrKey

		$userApi = $null
		$userAD = $null

		$userAD = $dictUsersAD[$usrKey]
		$userApi = GetUserByMail $accessToken $usrKey #lookup API user by mail	

		if($userApi) #user found -> update user
		{ 
			Write-Host
			Write-Host "User with email=" $usrKey " found."

			if ($testRun -eq $true)
			{
				Write-Host "UpdateUser: " $usrKey " with this values:"
				$userAD | Foreach-Object {
					Write-Host $_.Key " = " $_.Value
				}
				Write-Host
				$dictUsersAPI.Remove($userApi.id)
			}
			else
			{
			#Update the user
			UpdateUser $accessToken $userApi.id $userAD
			#remove this user from our dictionary
			$dictUsersAPI.Remove($userApi.id)
			}
		}
		else #no user found -> create user
		{
			Write-Host
			Write-Host "No user with email=" $usrKey " found."

			if ($testRun -eq $true)
			{
				Write-Host "CreateUser: " $usrKey " with this values:"
				$userAD | Foreach-Object {
					Write-Host $_.Key " = " $_.Value
				}
				Write-Host
			}
			else
			{
            #Create User
            CreateUser $accessToken $userAD $defaultUserPermissions $defaultUserLanguage $defaultUserPassword
			}
		}		
	}

	# if configured, delete all users not in AD group
    if ($deactivateUnknownUsers -eq $true)
	{
		if ($testRun -eq $true)
		{
			Write-Host "Deactivate Unknown Users:"
			#$dictUsersAPI.GetEnumerator() | Foreach-Object {
			#	Write-Host "DeactivateUser: id = " $_.Key " name = " $_.Value["name"]
			#}
			foreach( $id in $($dictUsersAPI.Values))
			{
				Write-Host "DeactivateUser: id = " $id.id " name: " $id.name
			}
			Write-Host
		}
		else
		{
			#all users remaining in dictUsersAPI dictionary are not present in the AD group an can be deactivated
			foreach( $id in $($dictUsersAPI.Keys))
			{
				DeactivateUser $accessToken $id		
			}
		}
	}
}
else
{
	Write-Host ("No data imported. Token or connection problem.")
}

Write-Host ("AD OU Sync finished.")

christian-j

Hello Stephan72,

this is now fixed and we are currently planning a release for the Active Directory Connector.