This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Workflow Parameter

Hi all,

we need help while passing the parameter to workflow.

we have created a script to get the dfs share path permissions. script is working when we run from the powershell with Write-host. it is showing the permissions.

we are using same script in automated workflow, and created a custom function to specify in the workflow to run script activity.

when we run the script we are ending up with the Error "the expression after '&' in a pipeline element produced an object that was not valid. "

can anyone help to suggest what we are missing while running the automated workflow which is passing the parameter to script.

Parents

0 prasad over 7 years ago

Hi Johnny, thanks for the reply. we are also creating dfs share through ARS. and we are getting same error. here is the script to create dfs share...

================start here==================

#Check for a $path parameter, if not given prompt for it...
param (
[string]$folder = $workflow.Parameter("folder"),
[string]$tla = $workflow.Parameter("tla"),
[string]$env = $workflow.Parameter("env"),
[string]$globalgroup,
[string]$svcacct,
[string]$acct,
[string]$access
)

function createAppShare {

#######################################################################################################
#Declared variables
$type="application"
$dfsRoot="abc.com"
$dFileGroupsPath="OU=File,OU=Domain,OU=SM-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$gGroupsPath="OU=File,OU=Global,OU=SD-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$dfsnameSpace="Apps"

#NAS hostnames
$strNASProd="prodstore"
$strNASNProd="devstore"

#Default App Shares
$strDefProdApp="PRODAPP$"
$strDefNProdApp="NPRODAPP$"
#######################################################################################################
#Local Variables

#Array for Share types
$arrShareTypes = "application"

#Hash for share types to DFS namespace
$hshShareTypes = @{
"application" = "Applications"
}

#Array for envirnment types
$arrEnv = "DEV", "UAT", "PROD"
$hshEnv = @{
"DEV" = "D";
"UAT" = "U";
"PROD" = "P"
}

#Array for access
$arrAccess = "RW", "RX"

#Miscellaneous strings for further processing
$strToQtree; $strApplication; $strNas; $strShare; $strSharePath; $strPath; $strIsDefApp; $strTLAEnv

#By default set the $strSvrName to the non-prod instances
$strSvrName=$strNASNProd
$strDefApp=$strDefNProdApp

#######################################################################################################
#Functions
#######################################################################################################

function checkForDFSPath {
[cmdletbinding()]param(
[Parameter(Position=0,mandatory=$true)][string] $strDFSCheckPath
)

$ckresult = Get-DfsnFolderTarget $strDFSCheckPath -EA 0
#Write-Host "DEBUG result for checkForDFSPath function is '$ckresult'"
if ( $ckresult -ne $null ) {
#Write-Host -ForegroundColor Red "INPUT ERROR!! Parent path '$strDFSCheckPath' is already a DFS Target. Choose a different path to proceed. Exiting"
exit 10
}
}

#######################################################################################################
#Body
#######################################################################################################
#Requires -Version 4.0

#Import the DFSN module
Import-Module dfsn

#Ensure -tla is three letters long
$tla=$tla.ToUpper()
$measureObject = $tla | Measure-Object -Character;
if ( $measureObject.Characters -ne 3 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! -tla argument is not three characters long! Exiting..."
exit 2
}

#Ensure the $env is found in $arrEnvTypes or a two digit Environment and Instance number. Set $sharename variable for further processing
#Write-Host "DEBUG Got '$env' as an argument gonna do some processing on it"
$env=$env.ToUpper()
if ( $env -match '^\d{2}$' ) {
#Write-Host "DEBUG found a two digit number gonna check if it is prod or not"
$sharename=$tla + $env + "$"
$strTLAEnv = $tla + $env

#Change $strSvrName to strNASProd if 9 starts the $env variable
if ( $env -match "9\d" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

} elseif ( $arrEnv -contains $env ) {
$sharename=$tla + $hshEnv.Get_Item($env) + "$"
$strTLAEnv = $tla + $hshEnv.Get_Item($env)

#Change $strSvrName to strNASProd if PROD is the environment
if ($env -eq "PROD" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

}else {
#Write-Host -ForegroundColor Red "INPUT ERROR! -env must be 'DEV', 'UAT', 'PROD', or a two digit number(XX) representing the environment and instance number! Exiting..."
exit 3
}
#Write-Host "DEBUG using '$strSvrName' as target NAS"

#Ensure the $access is found in $arrAccess
if ($access ) {
$access=$access.ToUpper()
if ( $arrAccess -notcontains $access ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Optional argument -env must be 'RX', or 'RW'! Exiting..."
exit 4
}
}

#Use $type parameter to determine where to setup the DFS link and setup the $dfsPath variable
$type=$type.ToLower()
if ( $arrShareTypes -notcontains $type ) {
$(throw "-type must be either 'application' or 'collaboration'")
} else {
$dfsPath="\\$dfsroot\" + $hshShareTypes.Get_Item($type)
#Write-Host "DEBUG Setting up the $type share under $dfsPath"
}

#Determine the DFS path by splitting the $strPath string to determine the qtree dept.
if ( $type -eq "application" ) {

#Check to see if $strSharePath already exists, if it doesn't exit with error
$strShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG Testing path to $strShare"
if (!(Test-Path $strShare)) {
$strIsDefApp=1
#Write-Host "INFO! Share $strShare does not exist, will create it on the appropriate default app share $strDefApp"
$strShare="\\" + $strSvrName + "\" + $strDefApp
}
#Write-Host "DEBUG: strShare: $strShare"

#Construct the $strPath string and check to see if $strPath already exists, if so exit script
$strPath = $strShare + "\" + $folder

if ($strSvrName.ToLower().StartsWith("ntap")) {
#Write-Host "DEBUG Netapp server detected!!"
$strNas="netapp"

#Split the string by backslashes limiting the array to 5 elements with the 4th being the sharename
$arrPath = $strPath -split("\\",5)
$strSvrName=$arrPath[2]; $sharename=$arrPath[3]; $strRemains=$arrPath[4]
#Write-Host "DEBUG Path breakdown is as follows: servername:'$strSvrName' sharename: '$sharename' remains: '$strRemains'"
$strToShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG strToShare: $strToShare"
} else {
#Legacy nas does not have a qtree value
#Write-Host "DEBUG Legacy nas detected!!"
$strNas="legacy"
#Write-Host -ForegroundColor Red "FATAL ERROR!! could not determine that the target NAS is a Netapp SVM. No support for setting up shares on legacy NAS"
exit 6
}

#Error out if operator provides a traling backslah in -Folder argument
#Write-Host "DEBUG Checking for a trailing slash here"
if ($strRemains -match '\\$') {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Found a trailing backslash in folder argument '$strRemains'. Please rerun the script without trailing backslashes."
exit 7
#$strRemains = $strRemains -replace '\\$','' #Work in progress to remove all trailing backslahes
#Write-Host "DEBUG strRemains after removal is '$strRemains'"
}

#Verify that there are no '-' in the remaining string
if ($strRemains.Contains("-")) {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! $strPath contains an invalid character '-'. Please remove the character and re-run the script."
exit 8
} else {
#Write-Host "DEBUG strRemains before replacement of backslashes '$strRemains' "
$strRemains = $strRemains -replace "\\","-"
#Write-Host "DEBUG strRemains after replacement '$strRemains' "
}

#Verify that a DFS folder structure specified under the share will not be more than three levels deep, else exit script with an error
if ( $strRemains ) {

$strApplication = "$tla$env"
#Write-Host "DEBUG application string: $strApplication"
$dfsPath += "\" + $tla + "-" + $env + "\"

#Write-Host "DEBUG Working on remaining string"
$arrRemains = $strRemains -split("-")
#Write-Host "DEBUG arrRemains after split: '$arrRemains' "

#If remaining string is greater than two, then exit on error
if ( $arrRemains.count -eq 1 ) {
#Write-Host "DEBUG Doing something with one thing"
$strDFSPathEnd = $arrRemains[0]
$strGroup = $arrRemains[0]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 2 ) {
#Write-Host "DEBUG Doing something with two things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1]
$strGroup = $arrRemains[0] + "-" + $arrRemains[1]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 3 ) {
#Write-Host "DEBUG Doing something with three things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSCheckPath += "\" + $arrRemains[1]
#Write-Host "DEBUG strDFSCheckPath 2 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1] + "\" + $arrRemains[2]

$strGroup = $arrRemains[0] + "-" + $arrRemains[1] + "-" + $arrRemains[2]
$strGroup = $strGroup -replace '\s',''
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! Permissions may only go three level deep as a maximum. Check path and re-run script."
exit 9
}
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Folder argument is blank or unreadable. Exiting."
exit 10
}

$dfsPath += $strDFSPathEnd
#Write-Host "DEBUG Setting up the $type share under $dfsPath"

#If the DFS path already exists then fatally exit
if (Test-Path $dfsPath) {
#Write-Host -ForegroundColor Red "INPUT ERROR! $dfsPath already exists. Check path and try again. Exiting..."
exit 11
}

#Verify that the path to the share exists then create the DFS paths, else fatally exit
if (Test-Path $strToShare) {

#Setup local variables for later use
$dgrouprw="d-File-$dfsnameSpace-$strApplication-$strGroup-Write"
$dgrouprx="d-File-$dfsnameSpace-$strApplication-$strGroup-Read"
$ggrouprw="g-File-$dfsnameSpace-$strApplication-$strGroup-Users"
$ggrouprx="g-File-$dfsnameSpace-$strApplication-$strGroup-RX-Users"

#Check to see if security group will be greater than 64 characters
$strGGroupLen = $ggrouprx.Length
if ($strGGroupLen -ge 65 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Resulting group name is greater than the maximum of 64 characters! Please shorten the folder argument!"
exit 10
}

#Add code to insert a TLA+Env if using the default app share introduced in Version 1.3 of the script
if ( $strIsDefApp ) {
#Write-Host "DEBUG Default app string is detected gonna do some stuff"
$strSharePath = $strShare + "\" + $strTLAEnv + "-" + $strRemains
} else {
$strSharePath=$strShare + "\" + $strRemains
}

#Write-Host "DEBUG will use $strSharePath for DFS target folder"

#Create the path, if it doesn't exist. If it exists, exit
#Write-Host "DEBUG Creating $strSharePath"
if (Test-Path $strSharePath) {
#Write-Host -ForegroundColor Red "FATAL ERROR! DFS folder target $strSharePath already exists. Check to see if contents exist and remove it and rerun script. Exiting..."
exit 8
}
try {New-Item -ItemType "directory" -Path $strSharePath -ErrorAction stop|out-null} catch {
#Write-Host -ForegroundColor Red "FATAL ACCESS DENIED ERROR!!! '$strSharePath' could not be created. Run with the delegated account or follow-up with Platforms for access group memberships"
exit 16
}

#Create DFS Folder
#Write-Host "Creating DFS Path $dfsPath using $strSharePath as targetfolder"
New-DfsnFolder -TargetPath $strSharePath -Path $dfsPath | Out-Null

#Create d-file groups
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprw
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated across the domain
Start-Sleep -s 30

#Set foldername in the d-file groups
Set-ADGroup -Identity $dgrouprw -Add @{folderPathname = "$dfsPath"}
Set-ADGroup -Identity $dgrouprx -Add @{folderPathname = "$dfsPath"}

#Set permissions on the new folder
icacls "$strSharePath" /grant:r $dgrouprw":(OI)(CI)M" /grant:r $dgrouprx":(OI)(CI)RX" | Out-Null

#Create g-group if not specified as an argument.
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprw
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated accross the domain
Start-Sleep -s 30

Add-ADGroupMember $dgrouprw $ggrouprw
Add-ADGroupMember $dgrouprx $ggrouprx

#If a global group has been given as an argument, add the group to the appropriate g-file group created above if it exists
if ($globalgroup) {
#Write-Host "DEBUG groupck using '$globalgroup' as an argument"
$globalgroup = $globalgroup -replace " ","," #Replace a space character incase the operator did not encase the $globalgroup in quotes

#Add a loop through the $globalgroup argument by looking for a comma separated list
$arrGGroups = $globalgroup.Split(",")
#Write-Host "DEBUG there are " . $arrGGroups.Count . " elements in the array"
foreach($addGGroup in $arrGGroups) {

#Write-Host "DEBUG going to process '$addGGroup' "
$dGrpToAdd = $dgrouprw #Set default d group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrGGrpSplit = $addGGroup.Split(":")
$addGGroup=$arrGGrpSplit[0]; $access = $arrGGrpSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$ggroupck = [bool](Get-ADObject -filter {sAMAccountname -eq $addGGroup})
#Write-Host "DEBUG G-group check is '$ggroupck'"
if ($ggroupck) {
if ($access -and ($accesss -eq "RX")) {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
} else {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
}
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not detect a group named '$addGGroup'. Please add membership to '$dGrpToAdd' manually..."
}

} #End of $arrGGroups ForEach loop
} #End of $globalgroup check if statement

#If a service account argument has been given as an argument, add the serviceaccount to the appropriate d-file group created above if it exists
if ($svcacct) {

$svcacct = $svcacct -replace " ","," #Replace a space character in case the operator did not encase the $svcacct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrSvcAccounts = $svcacct.Split(",")
#Write-Host "DEBUG there are " . $arrSvcAccounts.Count . " elements in the array"
foreach($addAccount in $arrSvcAccounts) {

$dGrpToAdd = $dgrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$svcacctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$svcacctck'"
if ($svcacctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find a service account named '$addAccount'. Please add membership to $dGrpToAdd manually..."
}
} #End of $arrSvcAccounts ForEach loop
} #End of $svcacct check if statement

#If a user account argument has been given as an argument, add the user account to the appropriate g-file group created above if it exists
if ($acct) {

$acct = $acct -replace " ","," #Replace a space character in case the operator did not encase the $acct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrAccounts = $acct.Split(",")
#Write-Host "DEBUG there are " . $arrAccounts.Count . " elements in the array"
foreach($addAccount in $arrAccounts) {

$gGrpToAdd = $ggrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$gGrpToAdd = $ggrouprx
}
}

$acctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$acctck'"
if ($acctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $gGrpToAdd"
Add-ADGroupMember $gGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find an account named '$addAccount'. Please add membership to $gGrpToAdd manually..."
}
} #End of $arrAccounts ForEach loop
} #End of $acct check if statement

#Write-Host "Completed DFS creation. Global groups are $ggrouprw and $ggrouprx `n"

} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! $strToShare is not reachable. Check path and try again. Exiting..."
exit 15
}
} #End of application if statement
}

========Ends here======================
Cancel
Up 0 Down

Cancel

Reply

0 prasad over 7 years ago

Hi Johnny, thanks for the reply. we are also creating dfs share through ARS. and we are getting same error. here is the script to create dfs share...

================start here==================

#Check for a $path parameter, if not given prompt for it...
param (
[string]$folder = $workflow.Parameter("folder"),
[string]$tla = $workflow.Parameter("tla"),
[string]$env = $workflow.Parameter("env"),
[string]$globalgroup,
[string]$svcacct,
[string]$acct,
[string]$access
)

function createAppShare {

#######################################################################################################
#Declared variables
$type="application"
$dfsRoot="abc.com"
$dFileGroupsPath="OU=File,OU=Domain,OU=SM-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$gGroupsPath="OU=File,OU=Global,OU=SD-Managed-Groups,OU=ManagedGroups,DC=abc,DC=com"
$dfsnameSpace="Apps"

#NAS hostnames
$strNASProd="prodstore"
$strNASNProd="devstore"

#Default App Shares
$strDefProdApp="PRODAPP$"
$strDefNProdApp="NPRODAPP$"
#######################################################################################################
#Local Variables

#Array for Share types
$arrShareTypes = "application"

#Hash for share types to DFS namespace
$hshShareTypes = @{
"application" = "Applications"
}

#Array for envirnment types
$arrEnv = "DEV", "UAT", "PROD"
$hshEnv = @{
"DEV" = "D";
"UAT" = "U";
"PROD" = "P"
}

#Array for access
$arrAccess = "RW", "RX"

#Miscellaneous strings for further processing
$strToQtree; $strApplication; $strNas; $strShare; $strSharePath; $strPath; $strIsDefApp; $strTLAEnv

#By default set the $strSvrName to the non-prod instances
$strSvrName=$strNASNProd
$strDefApp=$strDefNProdApp

#######################################################################################################
#Functions
#######################################################################################################

function checkForDFSPath {
[cmdletbinding()]param(
[Parameter(Position=0,mandatory=$true)][string] $strDFSCheckPath
)

$ckresult = Get-DfsnFolderTarget $strDFSCheckPath -EA 0
#Write-Host "DEBUG result for checkForDFSPath function is '$ckresult'"
if ( $ckresult -ne $null ) {
#Write-Host -ForegroundColor Red "INPUT ERROR!! Parent path '$strDFSCheckPath' is already a DFS Target. Choose a different path to proceed. Exiting"
exit 10
}
}

#######################################################################################################
#Body
#######################################################################################################
#Requires -Version 4.0

#Import the DFSN module
Import-Module dfsn

#Ensure -tla is three letters long
$tla=$tla.ToUpper()
$measureObject = $tla | Measure-Object -Character;
if ( $measureObject.Characters -ne 3 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! -tla argument is not three characters long! Exiting..."
exit 2
}

#Ensure the $env is found in $arrEnvTypes or a two digit Environment and Instance number. Set $sharename variable for further processing
#Write-Host "DEBUG Got '$env' as an argument gonna do some processing on it"
$env=$env.ToUpper()
if ( $env -match '^\d{2}$' ) {
#Write-Host "DEBUG found a two digit number gonna check if it is prod or not"
$sharename=$tla + $env + "$"
$strTLAEnv = $tla + $env

#Change $strSvrName to strNASProd if 9 starts the $env variable
if ( $env -match "9\d" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

} elseif ( $arrEnv -contains $env ) {
$sharename=$tla + $hshEnv.Get_Item($env) + "$"
$strTLAEnv = $tla + $hshEnv.Get_Item($env)

#Change $strSvrName to strNASProd if PROD is the environment
if ($env -eq "PROD" ) {
$strSvrName=$strNASProd
$strDefApp=$strDefProdApp
}

}else {
#Write-Host -ForegroundColor Red "INPUT ERROR! -env must be 'DEV', 'UAT', 'PROD', or a two digit number(XX) representing the environment and instance number! Exiting..."
exit 3
}
#Write-Host "DEBUG using '$strSvrName' as target NAS"

#Ensure the $access is found in $arrAccess
if ($access ) {
$access=$access.ToUpper()
if ( $arrAccess -notcontains $access ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Optional argument -env must be 'RX', or 'RW'! Exiting..."
exit 4
}
}

#Use $type parameter to determine where to setup the DFS link and setup the $dfsPath variable
$type=$type.ToLower()
if ( $arrShareTypes -notcontains $type ) {
$(throw "-type must be either 'application' or 'collaboration'")
} else {
$dfsPath="\\$dfsroot\" + $hshShareTypes.Get_Item($type)
#Write-Host "DEBUG Setting up the $type share under $dfsPath"
}

#Determine the DFS path by splitting the $strPath string to determine the qtree dept.
if ( $type -eq "application" ) {

#Check to see if $strSharePath already exists, if it doesn't exit with error
$strShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG Testing path to $strShare"
if (!(Test-Path $strShare)) {
$strIsDefApp=1
#Write-Host "INFO! Share $strShare does not exist, will create it on the appropriate default app share $strDefApp"
$strShare="\\" + $strSvrName + "\" + $strDefApp
}
#Write-Host "DEBUG: strShare: $strShare"

#Construct the $strPath string and check to see if $strPath already exists, if so exit script
$strPath = $strShare + "\" + $folder

if ($strSvrName.ToLower().StartsWith("ntap")) {
#Write-Host "DEBUG Netapp server detected!!"
$strNas="netapp"

#Split the string by backslashes limiting the array to 5 elements with the 4th being the sharename
$arrPath = $strPath -split("\\",5)
$strSvrName=$arrPath[2]; $sharename=$arrPath[3]; $strRemains=$arrPath[4]
#Write-Host "DEBUG Path breakdown is as follows: servername:'$strSvrName' sharename: '$sharename' remains: '$strRemains'"
$strToShare="\\" + $strSvrName + "\" + $sharename
#Write-Host "DEBUG strToShare: $strToShare"
} else {
#Legacy nas does not have a qtree value
#Write-Host "DEBUG Legacy nas detected!!"
$strNas="legacy"
#Write-Host -ForegroundColor Red "FATAL ERROR!! could not determine that the target NAS is a Netapp SVM. No support for setting up shares on legacy NAS"
exit 6
}

#Error out if operator provides a traling backslah in -Folder argument
#Write-Host "DEBUG Checking for a trailing slash here"
if ($strRemains -match '\\$') {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Found a trailing backslash in folder argument '$strRemains'. Please rerun the script without trailing backslashes."
exit 7
#$strRemains = $strRemains -replace '\\$','' #Work in progress to remove all trailing backslahes
#Write-Host "DEBUG strRemains after removal is '$strRemains'"
}

#Verify that there are no '-' in the remaining string
if ($strRemains.Contains("-")) {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! $strPath contains an invalid character '-'. Please remove the character and re-run the script."
exit 8
} else {
#Write-Host "DEBUG strRemains before replacement of backslashes '$strRemains' "
$strRemains = $strRemains -replace "\\","-"
#Write-Host "DEBUG strRemains after replacement '$strRemains' "
}

#Verify that a DFS folder structure specified under the share will not be more than three levels deep, else exit script with an error
if ( $strRemains ) {

$strApplication = "$tla$env"
#Write-Host "DEBUG application string: $strApplication"
$dfsPath += "\" + $tla + "-" + $env + "\"

#Write-Host "DEBUG Working on remaining string"
$arrRemains = $strRemains -split("-")
#Write-Host "DEBUG arrRemains after split: '$arrRemains' "

#If remaining string is greater than two, then exit on error
if ( $arrRemains.count -eq 1 ) {
#Write-Host "DEBUG Doing something with one thing"
$strDFSPathEnd = $arrRemains[0]
$strGroup = $arrRemains[0]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 2 ) {
#Write-Host "DEBUG Doing something with two things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1]
$strGroup = $arrRemains[0] + "-" + $arrRemains[1]
$strGroup = $strGroup -replace '\s',''
} elseif ( $arrRemains.count -eq 3 ) {
#Write-Host "DEBUG Doing something with three things"

#Use $strDFSCheckPath target's parents are DFSTargets already, if so error out
$strDFSCheckPath = $dfsPath + $arrRemains[0]
#Check $strDFSCheckPath if it is a DFSTarget already, if so error out
#Write-Host "DEBUG strDFSCheckPath 1 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSCheckPath += "\" + $arrRemains[1]
#Write-Host "DEBUG strDFSCheckPath 2 is '$strDFSCheckPath'"
checkForDFSPath $strDFSCheckPath

$strDFSPathEnd = $arrRemains[0] + "\" + $arrRemains[1] + "\" + $arrRemains[2]

$strGroup = $arrRemains[0] + "-" + $arrRemains[1] + "-" + $arrRemains[2]
$strGroup = $strGroup -replace '\s',''
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! Permissions may only go three level deep as a maximum. Check path and re-run script."
exit 9
}
} else {
#Write-Host -ForegroundColor Red "INPUT ERROR!!! Folder argument is blank or unreadable. Exiting."
exit 10
}

$dfsPath += $strDFSPathEnd
#Write-Host "DEBUG Setting up the $type share under $dfsPath"

#If the DFS path already exists then fatally exit
if (Test-Path $dfsPath) {
#Write-Host -ForegroundColor Red "INPUT ERROR! $dfsPath already exists. Check path and try again. Exiting..."
exit 11
}

#Verify that the path to the share exists then create the DFS paths, else fatally exit
if (Test-Path $strToShare) {

#Setup local variables for later use
$dgrouprw="d-File-$dfsnameSpace-$strApplication-$strGroup-Write"
$dgrouprx="d-File-$dfsnameSpace-$strApplication-$strGroup-Read"
$ggrouprw="g-File-$dfsnameSpace-$strApplication-$strGroup-Users"
$ggrouprx="g-File-$dfsnameSpace-$strApplication-$strGroup-RX-Users"

#Check to see if security group will be greater than 64 characters
$strGGroupLen = $ggrouprx.Length
if ($strGGroupLen -ge 65 ) {
#Write-Host -ForegroundColor Red "INPUT ERROR! Resulting group name is greater than the maximum of 64 characters! Please shorten the folder argument!"
exit 10
}

#Add code to insert a TLA+Env if using the default app share introduced in Version 1.3 of the script
if ( $strIsDefApp ) {
#Write-Host "DEBUG Default app string is detected gonna do some stuff"
$strSharePath = $strShare + "\" + $strTLAEnv + "-" + $strRemains
} else {
$strSharePath=$strShare + "\" + $strRemains
}

#Write-Host "DEBUG will use $strSharePath for DFS target folder"

#Create the path, if it doesn't exist. If it exists, exit
#Write-Host "DEBUG Creating $strSharePath"
if (Test-Path $strSharePath) {
#Write-Host -ForegroundColor Red "FATAL ERROR! DFS folder target $strSharePath already exists. Check to see if contents exist and remove it and rerun script. Exiting..."
exit 8
}
try {New-Item -ItemType "directory" -Path $strSharePath -ErrorAction stop|out-null} catch {
#Write-Host -ForegroundColor Red "FATAL ACCESS DENIED ERROR!!! '$strSharePath' could not be created. Run with the delegated account or follow-up with Platforms for access group memberships"
exit 16
}

#Create DFS Folder
#Write-Host "Creating DFS Path $dfsPath using $strSharePath as targetfolder"
New-DfsnFolder -TargetPath $strSharePath -Path $dfsPath | Out-Null

#Create d-file groups
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprw
New-ADGroup -Path "$dFileGroupsPath" -GroupScope DomainLocal -Name $dgrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated across the domain
Start-Sleep -s 30

#Set foldername in the d-file groups
Set-ADGroup -Identity $dgrouprw -Add @{folderPathname = "$dfsPath"}
Set-ADGroup -Identity $dgrouprx -Add @{folderPathname = "$dfsPath"}

#Set permissions on the new folder
icacls "$strSharePath" /grant:r $dgrouprw":(OI)(CI)M" /grant:r $dgrouprx":(OI)(CI)RX" | Out-Null

#Create g-group if not specified as an argument.
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprw
New-ADGroup -Path "$gGroupsPath" -GroupScope Global -Name $ggrouprx

#Use Start-Sleep function to wait 10 seconds to allow the newly created groups to be replicated accross the domain
Start-Sleep -s 30

Add-ADGroupMember $dgrouprw $ggrouprw
Add-ADGroupMember $dgrouprx $ggrouprx

#If a global group has been given as an argument, add the group to the appropriate g-file group created above if it exists
if ($globalgroup) {
#Write-Host "DEBUG groupck using '$globalgroup' as an argument"
$globalgroup = $globalgroup -replace " ","," #Replace a space character incase the operator did not encase the $globalgroup in quotes

#Add a loop through the $globalgroup argument by looking for a comma separated list
$arrGGroups = $globalgroup.Split(",")
#Write-Host "DEBUG there are " . $arrGGroups.Count . " elements in the array"
foreach($addGGroup in $arrGGroups) {

#Write-Host "DEBUG going to process '$addGGroup' "
$dGrpToAdd = $dgrouprw #Set default d group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrGGrpSplit = $addGGroup.Split(":")
$addGGroup=$arrGGrpSplit[0]; $access = $arrGGrpSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$ggroupck = [bool](Get-ADObject -filter {sAMAccountname -eq $addGGroup})
#Write-Host "DEBUG G-group check is '$ggroupck'"
if ($ggroupck) {
if ($access -and ($accesss -eq "RX")) {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
} else {
#Write-Host "MEMBERSHIP INFO: Adding '$addGGroup' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addGGroup
}
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not detect a group named '$addGGroup'. Please add membership to '$dGrpToAdd' manually..."
}

} #End of $arrGGroups ForEach loop
} #End of $globalgroup check if statement

#If a service account argument has been given as an argument, add the serviceaccount to the appropriate d-file group created above if it exists
if ($svcacct) {

$svcacct = $svcacct -replace " ","," #Replace a space character in case the operator did not encase the $svcacct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrSvcAccounts = $svcacct.Split(",")
#Write-Host "DEBUG there are " . $arrSvcAccounts.Count . " elements in the array"
foreach($addAccount in $arrSvcAccounts) {

$dGrpToAdd = $dgrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$dGrpToAdd = $dgrouprx
}
}

$svcacctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$svcacctck'"
if ($svcacctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $dGrpToAdd"
Add-ADGroupMember $dGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find a service account named '$addAccount'. Please add membership to $dGrpToAdd manually..."
}
} #End of $arrSvcAccounts ForEach loop
} #End of $svcacct check if statement

#If a user account argument has been given as an argument, add the user account to the appropriate g-file group created above if it exists
if ($acct) {

$acct = $acct -replace " ","," #Replace a space character in case the operator did not encase the $acct in quotes

#Add a loop through the $acct argument by looking for a comma separated list
$arrAccounts = $acct.Split(",")
#Write-Host "DEBUG there are " . $arrAccounts.Count . " elements in the array"
foreach($addAccount in $arrAccounts) {

$gGrpToAdd = $ggrouprw #Set default group to add members as RW

#Split with a ':' in the $addAccount to see if RX is specified
$arrAcctSplit = $addAccount.Split(":")
$addAccount=$arrAcctSplit[0]; $access = $arrAcctSplit[1]
if ($access) {
$access=$access.ToUpper()
#Write-Host "DEBUG found something $access"
if ($access -eq "RX") {
$gGrpToAdd = $ggrouprx
}
}

$acctck = [bool](Get-ADObject -filter {sAMAccountname -eq $addAccount})
#Write-Host "DEBUG Status of account check for $addAccount is '$acctck'"
if ($acctck) {
#Write-Host "MEMBERSHIP INFO: Adding '$addAccount' to $gGrpToAdd"
Add-ADGroupMember $gGrpToAdd $addAccount
} else {
#Write-Host -ForegroundColor Yellow "INPUT WARNING! Did not find an account named '$addAccount'. Please add membership to $gGrpToAdd manually..."
}
} #End of $arrAccounts ForEach loop
} #End of $acct check if statement

#Write-Host "Completed DFS creation. Global groups are $ggrouprw and $ggrouprx `n"

} else {
#Write-Host -ForegroundColor Red "INPUT ERROR! $strToShare is not reachable. Check path and try again. Exiting..."
exit 15
}
} #End of application if statement
}

========Ends here======================
Cancel
Up 0 Down

Cancel

Children

No Data