cls
# Anmelden bei Azure AD
Connect-AzureAD
Import-Module ActiveDirectory

$AzureADUsers = ""
# Benutzer aus Azure AD abrufen

$Container = "CN=Users,DC=khan,DC=at"
$localDomain = "khan.at"

#Alle User
#$AzureADUsers = Get-AzureADUser -All $true -Filter "UserType eq 'Member'"

#Single User
#$AzureADUsers = get-azureaduser -all $true -filter "startswith(userprincipalname,'username')"



foreach ($user in $AzureADUsers) {

$SamAccountName = $user.UserPrincipalName.Split('@')[0]
#Write-Host $SamAccountName
$existingUser = Get-ADUser -Filter "SamAccountName -eq '$SamAccountName'" -ErrorAction SilentlyContinue
#Write-host $SamAccountName
Write-host $user

    if (-not $existingUser) {

        $ADUserParameters = @{
        Name                  = $user.DisplayName
        DisplayName           = $user.DisplayName
        GivenName             = $user.GivenName
        Surname               = $user.Surname
        EmailAddress          = $user.Mail
        Path                  = $Container
        SamAccountName        = $SamAccountName
        UserPrincipalName     = $user.UserPrincipalName
        AccountPassword       = ConvertTo-SecureString "Fona627439" -AsPlainText -Force
        Enabled               = $true
        ChangePasswordAtLogon = $false
        PasswordNeverExpires  = $false
        }

        # Remove lines with empty value
        @($ADUserParameters.keys) | ForEach-Object {
        if (-not $ADUserParameters[$_]) { $ADUserParameters.Remove($_) }
        }

        #USER ANLEGEN
        # New-ADUser @ADUserParameters
         
       
        Write-Host "Benutzer $($user.DisplayName) erfolgreich hinzugefügt."

    } else {
        Write-Host "Benutzer $($user.DisplayName) existiert bereits in der lokalen AD."
    }

}