Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please Add flag for -AddGroup to Set-SsoPersonUser #610

Open
butch7903 opened this issue Apr 27, 2023 · 0 comments
Open

Please Add flag for -AddGroup to Set-SsoPersonUser #610

butch7903 opened this issue Apr 27, 2023 · 0 comments
Labels
enhancement

Comments

@butch7903
Copy link

butch7903 commented Apr 27, 2023
edited
Loading

Is your feature request related to a problem? Please describe.

Cannot Add LDAP Domain groups to SSO Groups (vsphere.local)

Describe the solution you'd like

function Set-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Updates person user account.

.PARAMETER User
Specifies the PersonUser instance to update.

.PARAMETER Group
Specifies the Group you want to add or remove PwersonUser from.

.PARAMETER Add
Specifies user will be added to the spcified group.

.PARAMETER Remove
Specifies user will be removed from the spcified group.

.PARAMETER Unlock
Specifies user will be unloacked.

.PARAMETER NewPassword
Specifies new password for the specified user.

.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection

Adds $myPersonUser to $myExampleGroup

.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection

Removes $myPersonUser from $myExampleGroup

.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection

Unlocks $myPersonUser

.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection

Resets $myPersonUser password

#>
[CmdletBinding(ConfirmImpact = 'Medium')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Person User instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User,

    [Parameter(
        ParameterSetName = 'AddToGroup',
        Mandatory = $true,
        ValueFromPipeline = $false,
        ValueFromPipelineByPropertyName = $false,
        HelpMessage = 'Group instance you want user to be added to or removed from')]
    [Parameter(
        ParameterSetName = 'RemoveFromGroup',
        Mandatory = $true,
        ValueFromPipeline = $false,
        ValueFromPipelineByPropertyName = $false,
        HelpMessage = 'Group instance you want user to be added to or removed from')]
    [ValidateNotNull()]
    [VMware.vSphere.SsoAdminClient.DataTypes.Group]
    $Group,

    [Parameter(
        ParameterSetName = 'AddToGroup',
        Mandatory = $true)]
    [switch]
    $Add,

    [Parameter(
        ParameterSetName = 'RemoveFromGroup',
        Mandatory = $true)]
    [switch]
    $Remove,

    [Parameter(
        ParameterSetName = 'ResetPassword',
        Mandatory = $true,
        HelpMessage = 'New password for the specified user.')]
    [ValidateNotNull()]
    [string]
    $NewPassword,

    [Parameter(
        ParameterSetName = 'UnlockUser',
        Mandatory = $true,
        HelpMessage = 'Specifies to unlock user account.')]
    [switch]
    $Unlock)

Process {
    try {
        foreach ($u in $User) {
            $ssoAdminClient = $u.GetClient()
            if ((-not $ssoAdminClient)) {
                Write-Error "Object '$u' is from disconnected server"
                continue
            }

            if ($Add) {
                $result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
                if ($result) {
                    Write-Output $u
                }
            }

##Begin of added code, from Russell Hamker (@butch7903)
if ($AddGroup) {
$result = $ssoAdminClient.AddGroupToGroup($u, $Group)
if ($result) {
Write-Output $u
}
}
##End of added code , from Russell Hamker (@butch7903)

            if ($Remove) {
                $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
                if ($result) {
                    Write-Output $u
                }
            }

            if ($Unlock) {
                $result = $ssoAdminClient.UnlockPersonUser($u)
                if ($result) {
                    Write-Output $u
                }
            }

            if ($NewPassword) {
                $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
                Write-Output $u
            }
        }
    }
    catch {
        Write-Error (FormatError $_.Exception)
    }
}

}

Describe alternatives you've considered

Work Around I have today:

$SsoGroup = "administratrors"
$ADDomain = "hamker.local"
$ADGroup = "esx admins"

Write-Host "Getting SSO User Group on vSphere.local"
$GROUP = Get-SsoGroup -name $SsoGroup -Domain "vsphere.local"
Write-Host "Getting Active Directory $ADDomain User Group $ADGroup"
$g = Get-SsoGroup -Name $ADGroup -Domain $ADDomain
Write-Host "Adding Active Directory User Group $ADGroup Into SSO Group $SsoGroup"
$ssoAdminClient = $g.GetClient()
$result = $ssoAdminClient.AddGroupToGroup($g, $GROUP)
if ($result) {
Write-Output $g
}

Additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@butch7903