Need to create a bunch of Virtual Attributes. All single value Directory String, User attributes. Does any one have a script to create virtual attributes of a csv file or similar?
I am not finding any of the Quest CmdLets that do it.
Need to create a bunch of Virtual Attributes. All single value Directory String, User attributes. Does any one have a script to create virtual attributes of a csv file or similar?
I am not finding any of the Quest CmdLets that do it.
If you look on one of your AR servers in the following folder:
\Program Files\One Identity\Active Roles\7.4\SDK\Samples\ADSI Provider\Virtual Attribute
...there is sample code there for creating new VAs.
That helps. I am having trouble getting a import of Virtual Attribute names to create from a csv. This is what I have so far.
#Store the data from VAttributes.csv in the $VAttributes variable
$VAttributes = Import-csv "C:\Scripts\VA\VaList.csv"
#Loop through VAttribute in the CSV file
foreach ($VA in $VAttributes)
{
# Set the property lDAPDisplayName for the VA
$strAttributeName = $VA
# Set the object class to which the VA will apply
$strAttributeClass = "user"
# Set the property attributeSyntax for the VA
$strAttributeSyntax = "2.5.5.12"
# Set the property oMSyntax for the VA
$iAttributeOMSyntax = 64
# Specify whether to store the VA in the Active Roles configuration database
$bIsAttributeStored = $true
# Specify whether the VA is single-valued
$bIsAttributeSindleValued = $true
# Set the property Description for the VA
$strAttributeDescription = "AGN"
# Set the property ContainerDN for VA
$strVaContainerDn = "CN=Virtual Attributes,CN=Server Configuration,CN=Configuration"
function CreateVA($AttrName, $ClassSchemas, $AttrSyntax, $OMSyntax, $IsStored, $IsSingleValued)
{
$objVaContainer = [ADSI]"EDMS://$strVaContainerDn"
$objOctetString = New-Object -ComObject "AelitaEDM.EDMOctetString"
"Creating VA $AttrName ..."
$objNewVa = $objVaContainer.Create("edsVirtualAttribute", "CN=$AttrName")
$objPolicyInfoList = $objNewVa.GetPolicyInfoList()
$objOctetString.SetGuidString($objPolicyInfoList.Item("schemaIDGUID").GeneratedValue)
$objNewVa.Put("edsaAttributeIsStored", [bool]$IsStored)
$objNewVa.Put("isSingleValued", [bool]$IsSingleValued)
$objNewVa.Put("lDAPDisplayName", [string]$AttrName)
$objNewVa.Put("edsaClassSchemas", [string]$ClassSchemas)
$objNewVa.Put("attributeSyntax", [string]$AttrSyntax)
$objNewVa.Put("oMSyntax", [int]$OMSyntax)
$objNewVa.Put("schemaIDGUID", $objOctetString.GetOctetString())
$objNewVa.Put("attributeID", $objPolicyInfoList.Item("attributeID").GeneratedValue)
$objNewVa.Put("description", [string]$strAttributeDescription)
$objNewVa.SetInfo()
}
CreateVA -AttrName $strAttributeName -ClassSchemas $strAttributeClass -AttrSyntax $strAttributeSyntax -OMSyntax $iAttributeOMSyntax -IsStored $bIsAttributeStored -IsSingleValued $bIsAttributeSindleValued
}
OK - this all looks fairly reasonable. What kind of error are you receiving?
My input file is the following:
edsvaTest123A
edsvaTest123B
edsvaTest123C
This is the error I get:
Creating VA @{edsvaTest123A=edsvaTest123B} ...
Exception calling "SetInfo" with "0" argument(s): "Administrative Policy returned an error.
'CN=@{edsvaTest123A=edsvaTest123B},CN=Virtual Attributes,CN=Server Configuration,CN=Configuration' is not a valid LDAP distinguished name.
"
At C:\Scripts\VA\CreateVA2.ps1:44 char:6
+ $objNewVa.SetInfo()
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
Creating VA @{edsvaTest123A=edsvaTest123C} ...
Exception calling "SetInfo" with "0" argument(s): "Administrative Policy returned an error.
'CN=@{edsvaTest123A=edsvaTest123C},CN=Virtual Attributes,CN=Server Configuration,CN=Configuration' is not a valid LDAP distinguished name.
"
At C:\Scripts\VA\CreateVA2.ps1:44 char:6
+ $objNewVa.SetInfo()
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
Do you have a header row in your file? If not, then rather than import-csv, I would just use Get-Content. That way your syntax for iterating through the list should work OK.
Do you have a header row in your file? If not, then rather than import-csv, I would just use Get-Content. That way your syntax for iterating through the list should work OK.
Holy Crap...That worked!! thanks!!
I notice in the gui you can only delete on VA at a time. What would the command to delete a VA in a script be? I don't see any examples of that in the sample folder.
For that you could use:
Remove-QADObject -identity $MyVADistinguishedName -proxy
i.e. in a loop
So:
# Create a persistent session with Active Roles
$ARSession = Connnect-QADService -proxy
# List your VAs
Get-QADObject -SearchRoot "CN=Virtual Attributes,CN=Server Configuration,CN=Configuration" -Connection $ARSession -Name 'SomePattern*' | select -expandproperty distinguishedname | foreach {
$MyVADistinguishedName = $_
Remove-QADObject -identity $MyVADistinguishedName -Connection $ARSession -Force
}
Thanks again!