none
create new group with multiple owners via powershell RRS feed

  • Question

  • Hello everyone,

    I'm quite new to the FIM powershell module and right now I'm in the middle of testing bulk creations and modification via powershell.

    Which is working fine so far but for me its not possible to create a group with multiple owners during the creation process.

    After I created the new group I can update the owner , but I want to do this directly during the creation process.

    Is this possible?

    Thx for your help

    Chris

    Wednesday, January 11, 2017 10:41 AM

All replies

  • Chris-

    Which PowerShell module are you using?


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Wednesday, January 11, 2017 2:09 PM
    Moderator
  • Hey Brian, I use the FIMautomation snapin

    I use the following script which I found in the FIM scripting corner and adapted for my needs.

    I tried to specify the owner in different ways separated via ; or , As an array but nothing seems to work.

    I guess I have to submit object changes for each multivalve entry. But as I mentioned I would be cool to do it during the creation directly

    PARAM($CSVFile= 'C:\users\bla\Desktop\bla.csv' , $Domain='domain', $Scope = "Universal", $Type = "Security")
    #----------------------------------------------------------------------------------------------------------
     set-variable -name URI -value "http://server01:5725/resourcemanagementservice"
    # set-variable -name PREFILTER -value "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">"
     #set-variable -name POSTFILTER -value "</Filter>"
    #----------------------------------------------------------------------------------------------------------
     function SetAttribute
     {
        PARAM($object, $attributeName, $attributeValue)
        END
        {
            write-host $attributeName $attributeValue
            $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
            $importChange.Operation = 1
            $importChange.AttributeName = $attributeName
            $importChange.AttributeValue = $attributeValue
            $importChange.FullyResolved = 1
            $importChange.Locale = "Invariant"
            if ($object.Changes -eq $null) {$object.Changes = (,$importChange)}
            else {$object.Changes += $importChange}
        }
    } 
    #----------------------------------------------------------------------------------------------------------
     function CreateObject
     {
        PARAM($objectType)
        END
        {
           $newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
           $newObject.ObjectType = $objectType
           $newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString()
           $newObject
         } 
     }
    #----------------------------------------------------------------------------------------------------------
    
    if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
    
    # Get Owner
    
    
    # Import CSV and process each line
    import-csv($CSVFile) | foreach {
    
     # Check if a group with the same name already exists
     $objectName = $_.DisplayName
     $exportObject = export-fimconfig -uri $URI `
                                      –onlyBaseResources `
                                      -customconfig "/Group[DisplayName='$objectName']"
     if($exportObject) {write-host "`nGroup $objectName already exists"}
     else
      {
       #$filter = $PREFILTER + $_.Filter + $POSTFILTER
    
       # Create group and add attributes
    
       $DispOwnerObject = export-fimconfig -uri $URI `
                                    –onlyBaseResources `
                                    -customconfig "/Person[AccountName='$($_.dispOwner)']"
       if($DispOwnerObject -eq $null) {throw "Owner not found!"} 
       $DispOwnerID = $DispOwnerObject.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
    
    
       <###
       $OwnerObject1 = export-fimconfig -uri $URI `
                                    –onlyBaseResources `
                                    -customconfig "/Person[AccountName='$($_.Owner_1)']"
       if($OwnerObject1 -eq $null) {throw "Owner not found!"}
       
       $owner1 = $OwnerObject1.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
       
       
       
       $OwnerObject2 = export-fimconfig -uri $URI `
                                    –onlyBaseResources `
                                    -customconfig "/Person[AccountName='$($_.owner_2)']"
       if($OwnerObject2 -eq $null) {throw "Owner not found!"}
       
       $owner2 = $OwnerObject2.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
       
       $owner = @($owner1,$owner2)
       #>
       $newGroup = CreateObject -objectType "Group"
       SetAttribute -object $newGroup -attributeName "DisplayName" -attributeValue $objectName
       SetAttribute -object $newGroup -attributeName "AccountName" -attributeValue $_.AccountName
       SetAttribute -object $newGroup -attributeName "Domain" -attributeValue $DOMAIN
       SetAttribute -object $newGroup -attributeName "Scope" -attributeValue $SCOPE
       SetAttribute -object $newGroup -attributeName "Type" -attributeValue $TYPE
       # SetAttribute -object $newGroup -attributeName "Filter" -attributeValue $filter
       SetAttribute -object $newGroup -attributeName "Description" -attributeValue $_.Description
       SetAttribute -object $newGroup -attributeName "Owner" -attributeValue $DispOwnerID
       SetAttribute -object $newGroup -attributeName "DisplayedOwner" -attributeValue $DispOwnerID
       SetAttribute -object $newGroup -attributeName "MembershipLocked" -attributeValue $false
       SetAttribute -object $newGroup -attributeName "MembershipAddWorkflow" -attributeValue "None"
     
       # Import group into the FIM Portal
       $newGroup | Import-FIMConfig -uri $URI
       write-host "`nGroup creation request complete`n"
      }
     } 


    • Edited by cweste Wednesday, January 11, 2017 3:13 PM
    Wednesday, January 11, 2017 3:12 PM
  • I don't know offhand how to do this with the PS Snapin directly, but, if you use the FIM PowerShell Module (http://fimpowershellmodule.codeplex.com), you can do something like this:

    New-FimImportObject -ObjectType Group -State Create -Changes @(
      New-FimImportChange -AttributeName "DisplayName" -AttributeValue "Test Group"
      New-FimImportChange -AttributeName "Owner" -AttributeValue @("Person","AccountName","OwnerUsername1") -Operation Add
      New-FimImportChange -AttributeName "Owner" -AttributeValue @("Person","AccountName","OwnerUsername2") -Operation Add
    ) -ApplyNow

    You'll have to add all your other attributes, but the sample shows how to resolve owners by AccountName and have more than one.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Wednesday, January 11, 2017 3:36 PM
    Moderator