locked
Using PowerShell to turn static groups into dynamic groups RRS feed

 > 

  • General discussion

  • Discussion
    Sign in to vote
    1
    Sign in to vote
      Summary
     

    This script transforms static groups into dynamic groups. The script reads a CSV file (delimited by tabs), "MyFile.csv" to identify and modify static groups into dynamic groups. The CSV file takes in DisplayName-Filter pairs. The script will look up the groups by DisplayName, removes all its explicit members, and sets the appropriate attributes to make those groups dynamic.

     

    if (@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0)
{
 Add-PSSnapIn FIMAutomation
}

function GenerateFilter
{
 PARAM ($xpathFilter)
 END
 {    
  return "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">" + $xpathFilter + "</Filter>"
 }
}

function CreateImportChange
{
 PARAM($AttributeName, $AttributeValue, $Operation)
 END
 {
  $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
  $importChange.Operation = $Operation
  $importChange.AttributeName = $AttributeName
  $importChange.AttributeValue = $AttributeValue
  $importChange.FullyResolved = 1
  $importChange.Locale = "Invariant"
  return $importChange
 }
}

function GetAttributeValueFromResource
{
 PARAM ($exportObject, $attributeName)
 END
 {
  foreach ($attribute in $exportObject.ResourceManagementObject.ResourceManagementAttributes)
  {    
   if($attribute.AttributeName.Equals($attributeName))
   {
    if ($attribute.IsMultiValue)
    {
     return $attribute.Values
    }
    else
    {
     return $attribute.Value
    }
   }
   
  }
  return $null
 }
}

$csv = Import-Csv -delimiter `t -header "GroupName","Filter" "MyFile.csv"

foreach ($entry in $csv)
{
 $myGroupName=$entry.GroupName
 $myFilter = $entry.Filter

 $group = Export-FIMConfig -customConfig "/Group[DisplayName='$myGroupName']" -onlyBaseResources
 if ($group -eq $NULL) #if group doesn't exist, continue
 {
  continue
 }
 $filter = GenerateFilter -xpathFilter $myFilter

 #construct the web service operation
 $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
 #the object type is Group
 $importObject.ObjectType = "Group"
 #we are modify the group we've identified above
 $importObject.SourceObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
 $importObject.TargetObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
  #Put operation is enum 1
 $importObject.State = 1

 #construct the operation to Replace filter, Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "Filter" -attributeValue $filter -operation 1

 #construct the operation to change membership add workflow to None. Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "MembershipAddWorkflow" -attributeValue "None" -operation 1

 #construct the operation to change membership locked to True. Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "MembershipLocked" -attributeValue "True" -operation 1

 #construct the operations to remove explicit members. Remove attribute operation is enum 2

 $explicitMembers = GetAttributeValueFromResource -exportObject $group -attributeName "ExplicitMember"
 if ($explictMembers -ne $NULL)
 {
  foreach ($explicitMember in $explicitMembers)
  {
   $importObject.Changes += CreateImportChange -attributeName "ExplicitMember" -attributeValue $explicitMember -Operation 2
  }
 }
 
 $importObject | Import-FIMConfig$undone.Count
}

     

      Go to the FIM ScriptBox
    Thursday, May 27, 2010 9:43 PM

All replies

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    This is awesome!
    Thanks a lot for sharing this script with the community, Billy.

    All, you can find more background to this script here.

    Cheers,
    Markus

     

    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Thursday, May 27, 2010 9:51 PM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi, 

    I dont know much about powershell. can you please share sample csv. it will be easy to understand the parameters to add in csv. 

    Thanks,

    Shashidhar



    • Edited by Shashidhar J Wednesday, January 22, 2020 4:57 AM
    Wednesday, January 22, 2020 4:56 AM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi,

    understood the csv file format.

    is the following parameters for the above shared powershell script "myfile.csv" file ?

    reference:

    https://docs.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ee652287(v%3Dvs.100)

    https://docs.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ff393652(v%3Dvs.100)

    Thanks,

    Shashidhar


    • Edited by Shashidhar J Wednesday, January 22, 2020 6:13 AM
    Wednesday, January 22, 2020 5:55 AM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi

    Getting following error.

    Import-FIMConfig : The URI is not in a recognized format. URI = 
    At line:90 char:18
    +  $importObject | Import-FIMConfig -Uri $URI
    +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Import-FIMConfig], InvalidOperationException
        + FullyQualifiedErrorId : ExportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

    Wednesday, January 22, 2020 6:31 AM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi Getting following error

    Import-FIMConfig : Failure when making web service call.
    SourceObjectID = urn:uuid:fff616d1-10da-4ba5-89fa-821362461ee0 urn:uuid:b44c6e8f-47d3-4922-bd42-f683193d68ee
    Error = The web service client has encountered the following class of error: IdentityIsNotFound
    Details: Additional Text Details: The requestor’s identity was not found.
    Correlation Identifier: 92159d07-1c5e-47de-a03d-be9074cdc033
    Failure Message: 
    Request Identifier: 
    At line:90 char:18
    +  $importObject | Import-FIMConfig -Uri $URI
    +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
        + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

    Wednesday, January 22, 2020 6:43 AM
  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Adding MIM Portal admin account in the group's owner field solved the problem. 

    Thanks,

    Shashidhar


    • Edited by Shashidhar J Wednesday, January 22, 2020 9:28 AM
    Wednesday, January 22, 2020 9:28 AM
  • Discussion
    Sign in to vote
    0
    Sign in to vote
    Hi Billy,

    found the following "if" query not working...

    $explicitMembers = GetAttributeValueFromResource -exportObject $group -attributeName "ExplicitMember"
     if ($explictMembers -ne $NULL)
     {
      foreach ($explicitMember in $explicitMembers)
      {
       $importObject.Changes += CreateImportChange -attributeName "ExplicitMember" -attributeValue $explicitMember -Operation 2
      }
     }


    when i checked, it was showing Filter,MembershipAddWorkflow,MembershipLocked. ExplicitMember was not added in the $importObject.Changes


    Wednesday, January 22, 2020 10:51 AM