##############################################################
#   SlashAdmin \ Life In IT                                  # 
#   www.slashadmin.co.uk                                     #
#   Author: Ian Waters                                       #
#   V1.0 Use at your own risk and test in a lab first!       #
##############################################################

#Install Module
Install-Module -Name AzureAD

#Connect to Office 365 Azure AD
Connect-AzureAD

#Add UPN suffixes to local ad
$azureDomains = Get-AzureADDomain
$localForest = (get-addomain).Forest

ForEach($domain in $azureDomains)
{
    if($domain.Name -notlike "*onmicrosoft.com")
	{
        Set-ADForest -Identity $localForest -UPNSuffixes @{Add=($domain).Name}		
    }
}

#Get default user container in AD
$usersContainer = (get-addomain).UsersContainer
#You can uncomment the below and specify an OU to create all objects in
#$usersContainer = "OU=Office365Lab,DC=office365lab,DC=local"

function Add-LocalADObject
{
    ForEach($object in $input)
    {
        write-host $object.ObjectType $object.DisplayName

        if($object.UserPrincipalName -like "*onmicrosoft.com")
        {
            write-host "Skipping object " $object.DisplayName "because it does not have a custom logon domain"
            continue
        }

        if($object.ObjectType -eq "User")
        {
            $userName, $upn = $object.UserPrincipalName.split('@')
            $upn = "@"+$upn
            New-ADUser -SamAccountName $userName -UserPrincipalName $object.UserPrincipalName -Name $object.DisplayName -DisplayName $object.DisplayName -Path $usersContainer -AccountPassword (ConvertTo-SecureString "Password123.." -AsPlainText -Force) -Enabled $True -PasswordNeverExpires $True -PassThru 
            $filter = "CN=" + $object.DisplayName
        }
        elseif($object.ObjectType -eq "Contact")
        {
            #Create new object in local AD
            New-ADObject -Type $object.ObjectType -Name $object.DisplayName -DisplayName $object.DisplayName -Path $usersContainer
            $filter = "CN=" + $object.DisplayName
        }
        elseif($object.ObjectType -eq "Group")
        {
            #Create new group in local AD
            New-ADGroup -Name $object.DisplayName -GroupScope DomainLocal  -GroupCategory Distribution -Path $usersContainer
            $filter = "CN=" + $object.DisplayName
        }

        $localADObject = Get-ADObject -LDAPFilter $filter
        
        #Update attributes based on Azure contact
        if($object.GivenName -ne $null){ Set-ADObject $localADObject -Add @{givenName=$object.GivenName}  }
        if($object.Surname -ne $null){ Set-ADObject $localADObject -Add @{sn=$object.Surname}  }
        if($object.Mail -ne $null){ Set-ADObject $localADObject -Add @{mail=$object.Mail}  }
        if($object.StreetAddress -ne $null){ Set-ADObject $localADObject -Add @{streetAddress=$object.StreetAddress} }
        if($object.PostalCode -ne $null){ Set-ADObject $localADObject -Add @{postalCode=$object.PostalCode} }
        if($object.City -ne $null){ Set-ADObject $localADObject -Add @{l=$object.City} }
        if($object.State -ne $null){ Set-ADObject $localADObject -Add @{st=$object.State} }        
        if($object.PhysicalDeliveryOfficeName -ne $null){ Set-ADObject $localADObject -Add @{physicalDeliveryOfficeName=$object.PhysicalDeliveryOfficeName} }
        if($object.TelephoneNumber -ne $null){ Set-ADObject $localADObject -Add @{telephoneNumber=$object.TelephoneNumber} }
        if($object.FacsimilieTelephoneNumber -ne $null){ Set-ADObject $localADObject -Add @{facsimileTelephoneNumber=$object.FacsimilieTelephoneNumber} }
        if($object.Mobile -ne $null){ Set-ADObject $localADObject -Add @{mobile=$object.Mobile} }
        if($object.JobTitle -ne $null){ Set-ADObject $localADObject -Add @{title=$object.JobTitle} }
        if($object.Department -ne $null){ Set-ADObject $localADObject -Add @{department=$object.Department} }
        if($object.CompanyName -ne $null){ Set-ADObject $localADObject -Add @{company=$object.CompanyName} }
 
        #get proxy addresses
	    if($object.ProxyAddresses -ne $null)
        {
            ForEach($proxyAddress in $object.ProxyAddresses)
	        {
                if($proxyAddress -notlike "*onmicrosoft*")
	            {
		            Set-ADObject $localADObject -Add @{ProxyAddresses=$proxyAddress}
                }
	        }
        }
        
        if($object.ObjectType -eq "Group")
        {
            #Get members of the group and add to local object
            $members = get-azureadgroupmember -ObjectId $object.ObjectId

            ForEach($member in $members)
	        {
                $memberFilter = "CN=" + $member.DisplayName
                $tmpLocalObject = Get-ADObject -LDAPFilter $memberFilter
                Add-ADGroupMember $localADObject -Members $tmpLocalObject
            }
        }    
    }
}

#Add users to local AD
Get-AzureADUser | Add-LocalADObject

#Add contacts to local AD
Get-AzureADContact | Add-LocalADObject

#Add groups to local AD
Get-AzureADGroup | Add-LocalADObject