Working on backup and restore scripts for Directory Manager

Products Directory Manager Discussions & Questions
,
1

I am working on a script that will allow me to create a backup of our Directory Manager groups. I am having a hard time finding documentation that describes how to retrieve some of the necessary group properties using PowerShell. This is the command I am using to create groups. I was able to find some of the properties in the PowerShell documentation. I found others by looking at the property names in the ElasticVue metadata and using trial and error with the get-group and get-smartgroup commands. Can someone tell me how to retrieve the hardcoded properties: ObjectTypes, DataSourceUserName, DataSourcePassword, DataSourceName, TableOrView and DataSourceType?

        New-SmartGroup -SamAccountName $samAccountName `
                -Name $name `
                -OrganizationalUnit $ou `
                -GroupScope $groupScope `
                -Type $groupType `
                -SecurityType $groupSecurity `
                -SearchContainers $startPath `
                -ObjectTypes 'Users' `
                -Server $server `
                -DataSourceUserName 'username' `
                -DataSourcePassword 'password' `
                -DataSourceQuery $query `
                -DataSourceName 'DB' `
                -TableOrView 'DB.staff.Staff_curr_daily' `
                -KeyMapAD $newSmart.Imsgkeymapprovider `
                -KeyMapDB $newSmart.Imsgkeymapdb `
                -LdapFilter $ldapFilter `
                -DataSourceType 'Microsoft SQL Driver'
1 Like
2

The only required parameters are as follows:

  • SamAccountName
  • Name
  • OrganizationalUnit
  • GroupScope
  • Type
  • SecurityType

This is in the online documentation available here for this specific cmdlet:
New-SmartGroup

The specific parameters you are referring to are when you are establishing a smart group where a database is the referenced query. Is this smart group supposed to be a smart group from a database query? If not, then you would not need those properties which set the query parameters that are necessary to access an external database to determine membership. If the intention is just to create a regular group and not a smart group, you would use the New-Group cmdlet as documented here:
New-Group

3

We have a lot of smartgroups that use SQL queries to determine their membership. The script I am working on will be able to backup static groups as well as smartgroups. The code snippet I provided shows the minimum number of parameters necessary to recreate a smartgroup with functionality equivalent to the group that was backed up.

The following is an excerpt from the script I wrote to backup our production smartgroups to a csv file. In order to retrieve all of the information necessary to describe a smartGroup that uses a SQL query, I use the Get-SmartGroup cmdlet and pass a list of attributes to the AttributesToLoad parameter. Note that I was not able to find of the “imsg” attributes documented anywhere. I discovered by trial and error that I could take the attributes listed in the Elasticvue metadata, pass them using the AttributesToLoad parameter and get most of what I need. Unfortunately, I have not been able find a way to get some of the attributes describing a SQL smartgroup such as ObjectTypes, DataSourceUserName, DataSourcePassword, DataSourceName, TableOrView and DataSourceType.

$imsgAttributes = (
    'Domain',
    'DistinguishedName',
    "samaccountname",
    "grouptype",
    'ComputedGroupScope',
    'ComputedGroupType',
    'XGroupSecurity',
    "imsgstartpath",
    "imsgincludedisabledusers",
    "imsggroupenabled",
    "imsgcriteria",
    "imsgkeymapdb",
    "imsgexcludes",
    "imsgkeymapprovider",
    "imsggroupidconnectionstring",
    "imsggroupidstatement",
    "imsgincludes",
    "imsgscript",
    "imsgserverfilter",
    "imsgsearchservername",
    "imsgstorefilter",
    "imsgmanagedgrouptype",
    "imsgmembersupdatedon",
    "imsgmembersupdatedfrom",
    "imsgmembersupdatedstatus"
)

$smartGroups = @()

foreach ($group in $groups | Where-Object {$_.ManagedGroupType -eq 2}) {

    $criteria = Get-SmartGroup -Identity $group.SAMAccountName | Select-Object -ExpandProperty Criteria

    $smartGroup = Get-Object -Identity $group.SAMAccountName -AttributesToLoad $imsgAttributes
    $includes = ""
    $excludes = ""

    if ($smartGroup.imsgincludes -ne 'N/A') {
        
        $includes = ($smartGroup.imsgincludes | Get-ADUser | Select-Object -ExpandProperty SamAccountName) -join ','

    }

    if ($smartGroup.imsgexcludes -ne 'N/A') {
        
        $excludes = ($smartGroup.imsgexcludes | Get-ADUser | Select-Object -ExpandProperty SamAccountName) -join ','

    }

    $smartGroup | Add-Member -MemberType NoteProperty -Name Criteria -Value $criteria
    $smartGroup | Add-Member -MemberType NoteProperty -Name Includes -Value $includes
    $smartGroup | Add-Member -MemberType NoteProperty -Name Excludes -Value $excludes
    $smartGroups += $smartGroup

}