Create Distribution Groups Based on Department Names

Updated: May 27, 2010

Applies To: Forefront Identity Manager 2010

This Windows PowerShell script example shows how to create distribution groups in Microsoft® Forefront® Identity Manager (FIM) 2010 based on a list of Department names that are saved in a file. The filter for each Group is set to include all Person resources that are members of that department.

Example

This Windows PowerShell script creates a dynamic Group for each Department name that is stored in a file. The filter for each Group includes all Person resources in that department (Department is a default attribute of a Person resource). Groups that could not be created are saved to a file that is named "undone.txt." The example uses the CreateImportObject example function and the CreateImportChange example function as helper functions.


if (@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0)
{
    add-pssnapin FIMAutomation
}
# GenerateFilter is a helper function that takes an XPath filter as a parameter and returns a Filter schema element.
function GenerateFilter
{
    PARAM ($xpathFilter)
    END
    {                
        return "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">" + $xpathFilter + "</Filter>"
    }
}

$importFileName = "Department.txt"
# The following value is the resourceId for the default administrator:
$owner = "urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4"
# This example assumes that all Groups are in the domain "FabrikamDomain".
$domain = "FabrikamDomain"

Write-Host ("Reading file " + $importFileName)
$departmentNames = Get-Content $importFileName

if ($departmentNames.Count -eq 0)
{
    Write-Host "There are no department names in the file " + $importFileName
    Exit
}

$importList = @()

foreach ($departmentName in $departmentNames)
{
    # Create an ImportObject that represents a distribution group for the department.
    # The filter for the group will dynamically include all Person resources that are in that department.    

    # Use the CreateImportObject example function to create an ImportObject (State = 0 indicates create)    
    # that represents the Group.
    $importObject = CreateImportObject -objectType "Group"   
    $importObject.State = 0 

# Use the CreateImportChange example function to populate the attributes of the ImportObject.
    $importObject.Changes += CreateImportChange -attributeName "AccountName" -attributeValue $departmentName -operation 3
    $importObject.Changes += CreateImportChange -attributeName "DisplayedOwner" -attributeValue $owner -operation 3
    $importObject.Changes += CreateImportChange -attributeName "DisplayName" -attributeValue ("People in the " + $departmentName + " department")  -operation 3
    $importObject.Changes += CreateImportChange -attributeName "Domain" -attributeValue $domain -operation 3

# Create a filter that dynamically populates the group with all People resources that are in the department.  
    $xpath = "/Person[Department='" + $departmentName + "']"
    $filter = GenerateFilter -xpathFilter $xpath
    $importObject.Changes += CreateImportChange -attributeName "Filter" -attributeValue $filter -operation 3
    $importObject.Changes += CreateImportChange -attributeName "MembershipLocked" -attributeValue "True" -operation 3

    $importObject.Changes += CreateImportChange -attributeName "MailNickname" -attributeValue "Department" + $departmentName -operation 3
    $importObject.Changes += CreateImportChange -attributeName "MembershipAddWorkflow" -attributeValue "None" -operation 3
    $importObject.Changes += CreateImportChange -attributeName "ObjectType" -attributeValue "Group" -operation 3
    $importObject.Changes += CreateImportChange -attributeName "Owner" -attributeValue $owner -operation 3
    $importObject.Changes += CreateImportChange -attributeName "Scope" -attributeValue "Universal" -operation 3
    $importObject.Changes += CreateImportChange -attributeName "Type" -attributeValue "Distribution" -operation 3

    $importList += $importObject
}

# Import the Groups to FIM and store any Groups that could not be created in $undoneChanges.
Write-Host ("Importing " + $importList.Count + " groups")
$undoneChanges = $importList | Import-FIMConfig -uri "http://localhost:5725/ResourceManagementService"

# Use ConvertFrom-FIMResource cmdlet to convert contents of $undoneChanges to the file "undone.xml".
if ($undoneChanges.Count > 0)
{
   Write-Host "There are " + $undoneChanges.Count + " groups that failed to create"
   Write-Host "The undone imports are written to undone.xml"
   $undoneChanges | ConvertFrom-FIMResource -file undone.xml
}
Write-Host "Import complete"

This code example assumes that the helper functions CreateImportChange and CreateImportObject are added to the Windows PowerShell script and that "Department.txt" is saved in the same folder as the script.

Remarks

The Export Department Names example shows how to generate the Department.txt file that this example uses based on the "Department" values for all Person resources in the FIM Service.

See Also

Reference

ConvertFrom-FIMResource
Import-FIMConfig

Concepts

CreateImportChange
CreateImportObject
FIM Windows PowerShell Cmdlet Examples

Community Additions

ADD
Show: