Summary: This article explains how to import and export Dynamic Groups definitions using an Export/Import Tool. You can use this tool to create Dynamic Groups in bulk or migrate Dynamic Group definitions between products. Below in this article, you will find the description of tool parameters and the tool usage examples.
Applies to: Cayosoft Administrator 6.4 or later
To create Dynamic Group rules in bulk, you can use one of the following ways:
Full CSV format
- Create a sample Dynamic Group in Cayosoft Administrator Console and then export it from Cayosoft Administrator or from the other product to a CSV file.
Important: To prevent losing umlauts inside LDAP filters during export/import, only the Utf-8 file format is supported.
- Modify the output CSV file in Excel or text file editor, adding a new row per Dynamic Group, and copying the exported data as an example.
- Run the tool, pointing to the prepared file, to import Dynamic Groups to Cayosoft Administrator.
- To see new Dynamic Groups in Cayosoft Administrator Console, select Dynamic Groups node, and click Refresh Groups command.
To update membership rules for existing Dynamic Groups, follow a similar procedure, and use the -ImportMode Replace parameter on step 3 to replace rules with new definitions.
Simplified CSV format
To import Dynamic groups you can create a CSV file manually. The file format is described here.
Export sample Active Directory Dynamic Group to the CSV file including its schedule:
Add new membership rule to existing Active Directory Dynamic Group:
Replace Active Directory Dynamic Group membership rules with new rules defined in the CSV file:
- Import parameters
- [-Import ]
- [-ImportMode Append] (default, optional)
- [-ImportMode Replace] (optional)
- [-Compare] (optional)
- [-DC] (required for AD groups)
- [-Tenant] (required for Office 365 groups)
- [-Credential] (required)
- [-MoveToContainer] (optional)
- [-StopIfIncExpResolveScopeError] (optional)
- Export parameters
- [-DynamicGroupContainer] (optional)
- Common parameters
- [-GroupType AD, Office365] (optional for AD groups, required for Office 365 groups)
- [-IncludeSchedule] (optional)
- [-IncludeOutput] (optional)
- [-CsvSeparator] (optional, default ",")
- [-ImportReportFileName] (optional)
Import Dynamic Groups.
This parameter is used by default. It adds new membership rules that are added to CSV file to existing Dynamic Groups.
Replace Dynamic Group membership rules with new rules defined in the CSV file.
For each created or updated Dynamic Group, reads the current group membership in Active Directory, compares to the new membership rules and display members to be added, and to be removed once the Dynamic Group rule would be executed. It also shows the total members count.
Specifies Domain Controller that will lookup the Dynamic Groups.
Specifies Office 365 tenant.
Specifies credentials to access the Domain Controller or Office 365 tenant.
Specified container name where Dynamic Group will be moved. If this parameter is not specified, the default Active Directory and Microsoft Office 365 containers will be used.
Specify if Dynamic Group tool should stop processing the group list and report an error in case of scope object could not be resolved. If not set warning is reported and all the groups are imported.
Exports Dynamic Groups.
Exports Dynamic Group by its rule name. To get the rule name:
- Open Cayosoft Administrator console.
- Open Dynamic Group properties.
- Browse for Advanced section.
- Copy the name from the Rule name setting.
Specifies container name from which Dynamic Group must be exported.
Specifies the path to the output CSV file.
The tool supports both Active Directory Groups and Office 365 groups.
Specifies if export\import must include Dynamic Groups schedule.
Specifies if export\import must include Dynamic Groups output section.
Specifies the separator that is used in the CSV file.
Specifies the path to the log file.
Simplified CSV format description
CSV file example
- "CN=GroupName,OU=GrouoOU,DC=domain,DC=com" - group DistinguishedName
- 0x1 - Membership rule type:
- 0x1 - Include Query
- 0x2 - Exclude Query
- 0x3 - Include Objects
- 0x4 - Exclude Objects
- 2486dfc1-2de1-4aac-9ba4-56b6324d67c4 - ObjectGuid of domain or OU to search in.
- (&(objectCategory=Person)(objectClass=User)(employeeType=employee)) - example of LDAP filter. You should specify LDAP filter for each membership rule.
Import simplified CSV file
To import groups from simplified CSV file run this PowerShell script. Change the path and name for CSV file:
New parameters are added: