Automatically Update Active Directory From BambooHR
28 June 2019
In a previous post, I introduced a PowerShell module for automating All The Things(tm) from BambooHR. In this post, I want to show you an example of how to use the module.
1. Install Bamboozled
First things first. Download and install the Bamboozled dependency from Microsoft’s official PowerShell repository, PowerShell Gallery. The command for this is below.
Install-Module -Name Bamboozled
Pretty easy, right?
2. Download the script
Next, download the PowerShell script from the Github link below.
AD Automation Script on Github
Extract the update-ad-details.ps1 file to the location of your choice.
3. Make your modifications
Beginning on line 9 (at the time of this article’s publication) of the extracted file, there’s a commented script block that begins with ‘
EDITABLE VARIABLES’. Uncomment the block, and follow along to make the required modifications.
Your company’s BambooHR API key
Get your company’s API key from your BambooHR instance. This key should belong to a user with enough access to read your company’s staff directory. Replace the variable below with this key.
$apiKey = "12345678abcdefg"
Your company’s BambooHR subdomain
Enter the subdomain you use to login to BambooHR. For example, if your subdomain is company.bamboohr.com, the variable should look like the below.
# Your company's BambooHR subdomain $subdomain = "company"
This is the hostname of the server you’ll be performing the operation against. This can be any Windows server with the AD DS role installed. Enter the hostname like below.
# The hostname of the server to perform the operation on $server = "DC1.company.local"
With the above modifications made, the script is now ready to use. Run it whenever you want to update your company’s address book in Outlook for example. For bonus points though, and for greater automation, consider reading ahead.
4. Bonus points
Rather than manually running this script whenever you want to update your directory, consider creating a recurring task in Windows Task Scheduler. Without writing a full guide, as that’s outside of the scope of this article (maybe later!), you’ll need to do the following:
- Create a service account to run the task. This account should have permission to logon as a batch job.
- Create a task in Task Scheduler.
- Set your desired triggers, e.g. once a day at 6am.
- Set the action as below:
- Action: Start a program
- Program/script: powershell.exe
- Arguments: -file “C:\path_to_your_script.ps1”
Encrypt the API key
For added security, modify the script to encrypt the API key. I wrote about one method to do this in my article here.
This post was last updated on 8 October 2019