# Create criteria-base security groups from a CSV file.<\/p>\n
# The CSV file must include a header row, such as in the following example (without the leading hashes):<\/p>\n
#DisplayName,AccountName,Description,Filter
\n#SG-Geneva,sgGeneva,Staff based in Geneva,\/Person[(EmployeeType = ‘Employee’) and (OfficeLocation = ‘Geneva’)]
\n#SG-Engineers,sgEngineers,All Engineers,\/Person[(EmployeeType = ‘Employee’) and ((starts-with(JobTitle, ‘Consultant’)) or (starts-with(JobTitle, ‘Technical’)))]
\n#———————————————————————————————————-
\n\u00c2\u00a0set-variable -name CSV -value “C:\\groups.csv”
\n\u00c2\u00a0set-variable -name URI -value “http:\/\/localhost:5725\/resourcemanagementservice”
\n\u00c2\u00a0set-variable -name DOMAIN -value “MYDOMAIN”
\n\u00c2\u00a0set-variable -name SCOPE -value “Global”
\n\u00c2\u00a0set-variable -name TYPE -value “Security”
\n\u00c2\u00a0set-variable -name OWNER -value “Administrator”
\n\u00c2\u00a0set-variable -name PREFILTER -value “<Filter xmlns:xsi=`”http:\/\/www.w3.org\/2001\/XMLSchema-instance`” xmlns:xsd=`”http:\/\/www.w3.org\/2001\/XMLSchema`” Dialect=`”http:\/\/schemas.microsoft.com\/2006\/11\/XPathFilterDialect`” xmlns=`”http:\/\/schemas.xmlsoap.org\/ws\/2004\/09\/enumeration`”>”
\n\u00c2\u00a0set-variable -name POSTFILTER -value “<\/Filter>”
\n#———————————————————————————————————-
\n\u00c2\u00a0function SetAttribute
\n\u00c2\u00a0{
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 PARAM($object, $attributeName, $attributeValue)
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 END
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 {
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 write-host $attributeName $attributeValue
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange.Operation = 1
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange.AttributeName = $attributeName
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange.AttributeValue = $attributeValue
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange.FullyResolved = 1
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $importChange.Locale = “Invariant”
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 if ($object.Changes -eq $null) {$object.Changes = (,$importChange)}
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 else {$object.Changes += $importChange}
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 }
\n}
\n#———————————————————————————————————-
\n\u00c2\u00a0function CreateObject
\n\u00c2\u00a0{
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 PARAM($objectType)
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 END
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 {
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $newObject.ObjectType = $objectType
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString()
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $newObject
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 }
\n\u00c2\u00a0}
\n#———————————————————————————————————-<\/p>\n
if(@(get-pssnapin | where-object {$_.Name -eq “FIMAutomation”} ).count -eq 0) {add-pssnapin FIMAutomation}<\/p>\n
# Get Owner
\n$ownerObject = export-fimconfig -uri $URI `
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00e2\u20ac\u201conlyBaseResources `
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 -customconfig “\/Person[AccountName=’$OWNER’]”
\nif($ownerObject -eq $null) {throw “Owner not found!”}
\n$ownerID = $ownerObject.ResourceManagementObject.ObjectIdentifier -replace “urn:uuid:”,””<\/p>\n
# Import CSV and process each line
\nimport-csv(“C:\\Development\\FIM\\powershell\\groups.csv”) | foreach {<\/p>\n
\u00c2\u00a0# Check if a group with the same name already exists
\n\u00c2\u00a0$objectName = $_.DisplayName
\n\u00c2\u00a0$exportObject = export-fimconfig -uri $URI `
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00e2\u20ac\u201conlyBaseResources `
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 -customconfig “\/Group[DisplayName=’$objectName’]”
\n\u00c2\u00a0if($exportObject) {write-host “`nGroup $objectName already exists”}
\n\u00c2\u00a0else
\n\u00c2\u00a0 {
\n\u00c2\u00a0 $filter = $PREFILTER + $_.Filter + $POSTFILTER<\/p>\n
\u00c2\u00a0 # Create group and add attributes
\n\u00c2\u00a0 $newGroup = CreateObject -objectType “Group”
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “DisplayName” -attributeValue $objectName
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “AccountName” -attributeValue $_.AccountName
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Domain” -attributeValue $DOMAIN
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Scope” -attributeValue $SCOPE
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Type” -attributeValue $TYPE
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Filter” -attributeValue $filter
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Description” -attributeValue $_.Description
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “Owner” -attributeValue $ownerID
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “DisplayedOwner” -attributeValue $ownerID
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “MembershipLocked” -attributeValue $true
\n\u00c2\u00a0 SetAttribute -object $newGroup -attributeName “MembershipAddWorkflow” -attributeValue “None”
\n\u00c2\u00a0
\n\u00c2\u00a0 # Import group into the FIM Portal
\n\u00c2\u00a0 $newGroup | Import-FIMConfig -uri $URI
\n\u00c2\u00a0 write-host “`nGroup creation request complete`n”
\n\u00c2\u00a0 }
\n\u00c2\u00a0}
\n#———————————————————————————————————-
\n\u00c2\u00a0trap
\n\u00c2\u00a0{
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 $exMessage = $_.Exception.Message
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 if($exMessage.StartsWith(“L:”))
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 {write-host “`n” $exMessage.substring(2) “`n” -foregroundcolor white -backgroundcolor darkblue}
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 else {write-host “`nError: ” $exMessage “`n” -foregroundcolor white -backgroundcolor darkred}
\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Exit
\n\u00c2\u00a0}
\n#———————————————————————————————————-<\/p>\n","protected":false},"excerpt":{"rendered":"
# Create criteria-base security groups from a CSV file. # The CSV file must include a header row, such as in the following example (without the leading hashes): #DisplayName,AccountName,Description,Filter #SG-Geneva,sgGeneva,Staff based in Geneva,\/Person[(EmployeeType = ‘Employee’) and (OfficeLocation = ‘Geneva’)] #SG-Engineers,sgEngineers,All Engineers,\/Person[(EmployeeType = ‘Employee’) and ((starts-with(JobTitle, ‘Consultant’)) or (starts-with(JobTitle, ‘Technical’)))] #———————————————————————————————————- \u00c2\u00a0set-variable -name CSV -value “C:\\groups.csv”…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-688","page","type-page","status-publish","hentry"],"jetpack_shortlink":"https:\/\/wp.me\/Pkp1o-b6","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/pages\/688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/comments?post=688"}],"version-history":[{"count":6,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/pages\/688\/revisions"}],"predecessor-version":[{"id":702,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/pages\/688\/revisions\/702"}],"wp:attachment":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/media?parent=688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}