Script Repository


Add users to Novel eDirectory groups from CSV

February 03, 2020
216

The script adds users specified in a CSV file to the corresponding groups in Novel eDirectory.

Note: The script uses the $Context variable available on the server side only. This means that it can be executed only by Business Rules, Custom Commands, and Scheduled Tasks via the Run a program or PowerShell script action.

Parameters:

  • $eDirectoryServer - Specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389).
  • $adminDN - Specifies the Distinguished Name (DN) of a eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
    • View the user account and the group in question;
    • Modify the groupMembership and securityEquals attributes of the user account;
    • Modify the member and equivalentToMe attributes of the group;
  • $adminPassword - Specifies the password to the account identified by $adminDN.
  • $csvFilePath - Specifies the path to the CSV file. The file should contain only two columns containing user names and names of groups they will be added to respectively.
  • $userIdentityColumn - Specifies the header of the column containing names of users.
  • $groupNameColumn - Specifies the header of the column containing names of groups.
  • $valueDelimiter - Specifies a delimiter used to separate multiple group names in a single record.
Edit Remove
PowerShell
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$csvFilePath = "\\server\share\import.csv" # TODO: modify me
$userIdentityColumn = "userName" # TODO: modify me
$groupNameColumn = "Group" # TODO: modify me
$valueDelimiter = ";" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword, $directoryEntry)
{
    try
    {
        
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter, @(), [System.DirectoryServices.SearchScope]::Subtree)
        $searchResults = $searcher.FindAll()
        
        return ,$searchResults
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Warning")
    }
    finally
    {
        # Release resources
        $searcher.Dispose()
    }
}

# Check whether CSV file exists
if (!(Test-Path -Path $csvFilePath))
{
    $Context.LogMessage("File '$csvFilePath' was not found.", "Warning")
    return
}

$records = Import-Csv -Path $csvFilePath
try
{
    $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    foreach ($record in $records)
    {
        # Search users
        $userNames = ($record.$userIdentityColumn).Split($valueDelimiter)
        $userDNsToPath = @{}
        foreach ($userName in $userNames)
        {
            $userSearchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$userName))" $eDirectoryServer $adminDN $adminPassword $directoryEntry
            if ($userSearchResults.Count -eq 0)
            {
                $Context.LogMessage("User '$userName' not found", "Warning")
                continue
            }
            elseif ($userSearchResults.Count -gt 1)
            {
                $Context.LogMessage("Found more than one user with name '$userName'", "Warning")
                continue
            }
        
            $userDN = $userSearchResults[0].Path.Replace("LDAP://$eDirectoryServer/", "")
            $userDNsToPath.Add($userDN, $userSearchResults[0].Path)
        }
        
        # Search groups
        $groupNames = ($record.$groupNameColumn).Split($valueDelimiter)
        foreach ($groupName in $groupNames)
        {
            $groupSearchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword $directoryEntry
            if ($groupSearchResults.Count -eq 0)
            {
                $Context.LogMessage("Group '$groupName' not found", "Warning")
                continue
            }
            elseif ($groupSearchResults.Count -gt 1)
            {
                $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
                continue
            }
            
            # Bind to group
            $groupDN = $groupSearchResults[0].Path.Replace("LDAP://$eDirectoryServer/", "")
            $groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupSearchResults[0].Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
            foreach ($userDN in $userDNsToPath.Keys)
            {
                try
                {
                    # Update user
                    $userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userDNsToPath[$userDN], $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
                    $userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
                    $userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
                    $userDirectoryEntry.CommitChanges()
            
                    # Update group
                    $groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
                    $groupDirectoryEntry.Properties["member"].Add($userDN)
                    $groupDirectoryEntry.CommitChanges()
                }
                catch
                {
                    $Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
                }
                finally
                {
                    $userDirectoryEntry.Dispose()
                }
            }
        }
    }
}
finally
{
    $directoryEntry.Dispose()
}

Comments ( 0 )
No results found.
Leave a comment