| Summary | |
| Create one or more criteria-based security groups in the FIM Portal using a CSV file. |
# Create criteria-base security groups from a CSV file.
# The CSV file must include a header row, such as in the following example (without the leading hashes):
#DisplayName,AccountName,Description,Filter
#SG-Geneva,sgGeneva,Staff based in Geneva,/Person[(EmployeeType = 'Employee') and (OfficeLocation = 'Geneva')]
#SG-Engineers,sgEngineers,All Engineers,/Person[(EmployeeType = 'Employee') and ((starts-with(JobTitle, 'Consultant')) or (starts-with(JobTitle, 'Technical')))]
#----------------------------------------------------------------------------------------------------------
set-variable -name CSV -value "groups.csv"
set-variable -name URI -value "http://fim:5725/resourcemanagementservice"
set-variable -name DOMAIN -value "MYDOMAIN"
set-variable -name SCOPE -value "Global"
set-variable -name TYPE -value "Security"
set-variable -name OWNER -value "Administrator"
set-variable -name PREFILTER -value "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">"
set-variable -name POSTFILTER -value "</Filter>"
#----------------------------------------------------------------------------------------------------------
function SetAttribute
{
PARAM($object, $attributeName, $attributeValue)
END
{
write-host $attributeName $attributeValue
$importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
$importChange.Operation = 1
$importChange.AttributeName = $attributeName
$importChange.AttributeValue = $attributeValue
$importChange.FullyResolved = 1
$importChange.Locale = "Invariant"
if ($object.Changes -eq $null) {$object.Changes = (,$importChange)}
else {$object.Changes += $importChange}
}
}
#----------------------------------------------------------------------------------------------------------
function CreateObject
{
PARAM($objectType)
END
{
$newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$newObject.ObjectType = $objectType
$newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString()
$newObject
}
}
#----------------------------------------------------------------------------------------------------------
if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
# Get Owner
$ownerObject = export-fimconfig -uri $URI `
–onlyBaseResources `
-customconfig "/Person[AccountName='$OWNER']"
if($ownerObject -eq $null) {throw "Owner not found!"}
$ownerID = $ownerObject.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
# Import CSV and process each line
import-csv($CSV) | foreach {
# Check if a group with the same name already exists
$objectName = $_.DisplayName
$exportObject = export-fimconfig -uri $URI `
–onlyBaseResources `
-customconfig "/Group[DisplayName='$objectName']"
if($exportObject) {write-host "`nGroup $objectName already exists"}
else
{
$filter = $PREFILTER + $_.Filter + $POSTFILTER
# Create group and add attributes
$newGroup = CreateObject -objectType "Group"
SetAttribute -object $newGroup -attributeName "DisplayName" -attributeValue $objectName
SetAttribute -object $newGroup -attributeName "AccountName" -attributeValue $_.AccountName
SetAttribute -object $newGroup -attributeName "Domain" -attributeValue $DOMAIN
SetAttribute -object $newGroup -attributeName "Scope" -attributeValue $SCOPE
SetAttribute -object $newGroup -attributeName "Type" -attributeValue $TYPE
SetAttribute -object $newGroup -attributeName "Filter" -attributeValue $filter
SetAttribute -object $newGroup -attributeName "Description" -attributeValue $_.Description
SetAttribute -object $newGroup -attributeName "Owner" -attributeValue $ownerID
SetAttribute -object $newGroup -attributeName "DisplayedOwner" -attributeValue $ownerID
SetAttribute -object $newGroup -attributeName "MembershipLocked" -attributeValue $true
SetAttribute -object $newGroup -attributeName "MembershipAddWorkflow" -attributeValue "None"
# Import group into the FIM Portal
$newGroup | Import-FIMConfig -uri $URI
write-host "`nGroup creation request complete`n"
}
}
#----------------------------------------------------------------------------------------------------------
trap
{
$exMessage = $_.Exception.Message
if($exMessage.StartsWith("L:"))
{write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
Exit
}
#----------------------------------------------------------------------------------------------------------
| Go to the FIM ScriptBox |
http://www.wapshere.com/missmiis