create-fimsecgroups.ps1

# Create criteria-base security groups from a CSV file.

# The CSV file must include a header row, such as in the following example (without the leading hashes):

#DisplayName,AccountName,Description,Filter
#SG-Geneva,sgGeneva,Staff based in Geneva,/Person[(EmployeeType = ‘Employee’) and (OfficeLocation = ‘Geneva’)]
#SG-Engineers,sgEngineers,All Engineers,/Person[(EmployeeType = ‘Employee’) and ((starts-with(JobTitle, ‘Consultant’)) or (starts-with(JobTitle, ‘Technical’)))]
#———————————————————————————————————-
 set-variable -name CSV -value “C:\groups.csv”
 set-variable -name URI -value “http://localhost:5725/resourcemanagementservice”
 set-variable -name DOMAIN -value “MYDOMAIN”
 set-variable -name SCOPE -value “Global”
 set-variable -name TYPE -value “Security”
 set-variable -name OWNER -value “Administrator”
 set-variable -name PREFILTER -value “<Filter xmlns:xsi=`”http://www.w3.org/2001/XMLSchema-instance`” xmlns:xsd=`”http://www.w3.org/2001/XMLSchema`” Dialect=`”http://schemas.microsoft.com/2006/11/XPathFilterDialect`” xmlns=`”http://schemas.xmlsoap.org/ws/2004/09/enumeration`”>”
 set-variable -name POSTFILTER -value “</Filter>”
#———————————————————————————————————-
 function SetAttribute
 {
    PARAM($object, $attributeName, $attributeValue)
    END
    {
        write-host $attributeName $attributeValue
        $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
        $importChange.Operation = 1
        $importChange.AttributeName = $attributeName
        $importChange.AttributeValue = $attributeValue
        $importChange.FullyResolved = 1
        $importChange.Locale = “Invariant”
        if ($object.Changes -eq $null) {$object.Changes = (,$importChange)}
        else {$object.Changes += $importChange}
    }
}
#———————————————————————————————————-
 function CreateObject
 {
    PARAM($objectType)
    END
    {
       $newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
       $newObject.ObjectType = $objectType
       $newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString()
       $newObject
     }
 }
#———————————————————————————————————-

if(@(get-pssnapin | where-object {$_.Name -eq “FIMAutomation”} ).count -eq 0) {add-pssnapin FIMAutomation}

# Get Owner
$ownerObject = export-fimconfig -uri $URI `
                                –onlyBaseResources `
                                -customconfig “/Person[AccountName=’$OWNER’]”
if($ownerObject -eq $null) {throw “Owner not found!”}
$ownerID = $ownerObject.ResourceManagementObject.ObjectIdentifier -replace “urn:uuid:”,””

# Import CSV and process each line
import-csv(“C:\Development\FIM\powershell\groups.csv”) | foreach {

 # Check if a group with the same name already exists
 $objectName = $_.DisplayName
 $exportObject = export-fimconfig -uri $URI `
                                  –onlyBaseResources `
                                  -customconfig “/Group[DisplayName=’$objectName’]”
 if($exportObject) {write-host “`nGroup $objectName already exists”}
 else
  {
  $filter = $PREFILTER + $_.Filter + $POSTFILTER

  # Create group and add attributes
  $newGroup = CreateObject -objectType “Group”
  SetAttribute -object $newGroup -attributeName “DisplayName” -attributeValue $objectName
  SetAttribute -object $newGroup -attributeName “AccountName” -attributeValue $_.AccountName
  SetAttribute -object $newGroup -attributeName “Domain” -attributeValue $DOMAIN
  SetAttribute -object $newGroup -attributeName “Scope” -attributeValue $SCOPE
  SetAttribute -object $newGroup -attributeName “Type” -attributeValue $TYPE
  SetAttribute -object $newGroup -attributeName “Filter” -attributeValue $filter
  SetAttribute -object $newGroup -attributeName “Description” -attributeValue $_.Description
  SetAttribute -object $newGroup -attributeName “Owner” -attributeValue $ownerID
  SetAttribute -object $newGroup -attributeName “DisplayedOwner” -attributeValue $ownerID
  SetAttribute -object $newGroup -attributeName “MembershipLocked” -attributeValue $true
  SetAttribute -object $newGroup -attributeName “MembershipAddWorkflow” -attributeValue “None”
 
  # Import group into the FIM Portal
  $newGroup | Import-FIMConfig -uri $URI
  write-host “`nGroup creation request complete`n”
  }
 }
#———————————————————————————————————-
 trap
 {
    $exMessage = $_.Exception.Message
    if($exMessage.StartsWith(“L:”))
    {write-host “`n” $exMessage.substring(2) “`n” -foregroundcolor white -backgroundcolor darkblue}
    else {write-host “`nError: ” $exMessage “`n” -foregroundcolor white -backgroundcolor darkred}
    Exit
 }
#———————————————————————————————————-

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*