Articles in this section

See more
Print

How to export or import Dynamic Groups using Dynamic Groups Export/Import Tool

Avatar
Tatiana Golubovich
  • Updated
Follow

Summary: This article explains how to import and export Dynamic Groups definitions using an Export/Import Tool. You can use this tool to create Dynamic Groups in bulk or migrate Dynamic Group definitions between products. Below in this article, you will find the description of tool parameters and the tool usage examples.

Note: Please contact Cayosoft support to obtain the latest version of the tool.

Applies to: Cayosoft Administrator 6.4 or later  

ID: KB20200121-1

Content: 

Overview

To create Dynamic Group rules in bulk, you can use one of the following ways:

Full CSV format

  1. Create a sample Dynamic Group in Cayosoft Administrator Console and then export it from Cayosoft Administrator or from the other product to a CSV file.
    Important: To prevent losing umlauts inside LDAP filters during export/import, only the Utf-8 file format is supported.
  2. Modify the output CSV file in Excel or text file editor, adding a new row per Dynamic Group, and copying the exported data as an example. 
  3. Run the tool, pointing to the prepared file, to import Dynamic Groups to Cayosoft Administrator.
  4. To see new Dynamic Groups in Cayosoft Administrator Console, select Dynamic Groups node, and click Refresh Groups command.

To update membership rules for existing Dynamic Groups, follow a similar procedure, and use the -ImportMode Replace parameter on step 3 to replace rules with new definitions.

 

Simplified CSV format

To import Dynamic groups you can create a CSV file manually. The file format is described here. 

 

Example 1

Export sample Active Directory Dynamic Group to the CSV file including its schedule:

powershell.exe .\dg_imp_exp_2_0_14.ps1 -Export -FileName C:\1\output.csv -DynamicGroupName "<GroupName>" -IncludeSchedule 
 

Example 2

Add new membership rule to existing Active Directory Dynamic Group:

$credential = get-credential
powershell.exe .\dg_imp_exp_2_0_14.ps1 -Import -ImportMode Append -FileName C:\1\output.csv -DC "<DC.name>" -Credential $credential
 

Example 3

Replace Active Directory Dynamic Group membership rules with new rules defined in the CSV file:

$credential = get-credential
powershell.exe .\dg_imp_exp_2_0_14.ps1 -Import -ImportMode Replace -FileName C:\1\output.csv -DC "<DC.name>" -Credential $credential

 

Possible parameters

  1. Import parameters
    1. [-Import ]
    2. [-ImportMode Append] (default, optional)
    3. [-ImportMode Replace] (optional)
    4. [-Compare] (optional)
    5. [-DC] (required for AD groups)
    6. [-Tenant] (required for Office 365 groups)
    7. [-Credential] (required)
    8. [-MoveToContainer] (optional)
    9. [-StopIfIncExpResolveScopeError] (optional)
  2. Export parameters
    1. [-Export]
    2. [-DynamicGroupName]
    3. [-DynamicGroupContainer] (optional)
  3. Common parameters
    1. [-FileName]
    2. [-GroupType AD, Office365] (optional for AD groups, required for Office 365 groups)
    3. [-IncludeSchedule] (optional)
    4. [-IncludeOutput] (optional)
    5. [-CsvSeparator] (optional, default ",")
    6. [-ImportReportFileName] (optional)

 

Parameters description

Import parameters

-Import

Import Dynamic Groups.

 

-ImportMode Append

This parameter is used by default. It adds new membership rules that are added to CSV file to existing Dynamic Groups.

 

-ImportMode Replace

Replace Dynamic Group membership rules with new rules defined in the CSV file.

 

-Compare

For each created or updated Dynamic Group, reads the current group membership in Active Directory, compares to the new membership rules and display members to be added, and to be removed once the Dynamic Group rule would be executed. It also shows the total members count.

 

-DC

Specifies Domain Controller that will lookup the Dynamic Groups.

 

-Tenant

Specifies Office 365 tenant.

 

-Credential 

Specifies credentials to access the Domain Controller or Office 365 tenant. 

 

-MoveToContainer

Specified container name where Dynamic Group will be moved. If this parameter is not specified, the default Active Directory and Microsoft Office 365 containers will be used.

 

-StopIfIncExpResolveScopeError

Specify if Dynamic Group tool should stop processing the group list and report an error in case of scope object could not be resolved. If not set warning is reported and all the groups are imported.

 

Export parameters

-Export

Exports Dynamic Groups.

 

-DynamicGroupName

Exports Dynamic Group by its rule name. To get the rule name:

  1. Open Cayosoft Administrator console.
  2. Open Dynamic Group properties.
  3. Browse for Advanced section.
  4. Copy the name from the Rule name setting.

 

-DynamicGroupContainer

Specifies container name from which Dynamic Group must be exported.

 

Common parameters

-FileName

Specifies the path to the output CSV file.

 

-GroupType

The tool supports both Active Directory Groups and Office 365 groups.

 

-IncludeSchedule

Specifies if export\import must include Dynamic Groups schedule. 

 

-IncludeOutput

Specifies if export\import must include Dynamic Groups output section. 

 

-CsvSeparator

 Specifies the separator that is used in the CSV file.

 

-ImportReportFileName

Specifies the path to the log file.

 

Simplified CSV format description

CSV file example

"DN","edsadgconditionslist"

"CN=GroupName,OU=GroupOU,DC=domain,DC=com","[0x1;2486dfc1-2de1-4aac-9ba4-56b6324d67c4;(&(objectCategory=Person)(objectClass=User)(employeeType=employee))]"
"DN","edsadgconditionslist" - Column names
"CN=GroupName,OU=GroupOU,DC=domain,DC=com","[0x1;2486dfc1-2de1-4aac-9ba4-56b6324d67c4;(&(objectCategory=Person)(objectClass=User)(employeeType=employee))]" - Dynamic Group filter and conditions. You should create such record for each group.
  1. "CN=GroupName,OU=GrouoOU,DC=domain,DC=com" - group DistinguishedName 
  2. 0x1 - Membership rule type:
    1. 0x1 - Include Query
    2. 0x2 - Exclude Query
    3. 0x3 - Include Objects
    4. 0x4 - Exclude Objects
  3. 2486dfc1-2de1-4aac-9ba4-56b6324d67c4 - ObjectGuid of domain or OU to search in.
  4. (&(objectCategory=Person)(objectClass=User)(employeeType=employee)) - example of LDAP filter. You should specify LDAP filter for each membership rule.

Import simplified CSV file

To import groups from simplified CSV file run this PowerShell script. Change the path and name for CSV file:

$credential = get-credential
powershell.exe .\dg_imp_exp_2_0_14.ps1 -Import -ImportMode Replace -FileName C:\1\output.csv -DC "<DC.name>" -Credential $credential

 

 

 

Release Notes

Version Notes
2.0.14

New parameters are added:

  1. StopIfIncExpResolveScopeError parameter is added. It specifies if the Dynamic Group tool should stop processing the group list and report an error in case of scope object could not be resolved. If it is not set, a warning is reported and all the groups are imported.
  2. ImportReportFileName parameter is added. It specifies the path to the log file.
2.0.12
  1. MoveToContainer parameter is added. It allows specifying a container name where Dynamic Group will be moved. If this parameter is not specified, the default Active Directory and Microsoft Office 365 containers will be used.
  2. An object display name for include explicitly membership command is added.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.