Content:
Overview
Starting from Cayosoft Administrator 8.x you should export or import Dynamic Group rules with the help of the Cayosoft Graph Module for PowerShell. Please see this article for details: Installing Cayosoft Graph Module from PowerShell Gallery – Cayosoft Help Center.
Using Cayo Graph (CGraph) Module allows import or updating Dynamic Groups in bulk or migrating Dynamic Group definitions between products. Below in this article, you will find the Cgraph parameters descriptions and usage examples.
Dynamic Group import supports two different file formats: full format and simplified format. The full file format can define any setting and one or more membership rules of any type. The simplified file format supports a reduced set of settings and membership rules.
Full CSV file format
To define and import a set of Dynamic Groups with a file, please follow these steps:
- Create a template Dynamic Group using Cayosoft Administrator Console and then export it from Cayosoft Administrator using Cayosoft Graph cmdlet to a CSV file.
- Or, you can export a similar group configuration from other vendor products to a CSV file.
Important: Only the Utf-8 file format is supported. This preserves umlauts and other special symbols you might have in the membership rule LDAP filters and other settings.
- Modify the output CSV file in Excel or a text file editor by making a copy of the template group and modifying the copy accordingly.
- Run the Cayosoft Graph cmdlet, pointing to the prepared file, to import or update Dynamic Groups in Cayosoft Administrator.
- To see new Dynamic Groups in Cayosoft Administrator Console, select the Dynamic Groups node, and click the Refresh Groups command.
Simplified CSV file format
You can also use a simplified CSV file format when importing groups from another vendor's product or when preparing the file manually. The simplified file format is described here.
Commands
Export-CGDynamicGroup
[-Container] (optional)
[-CsvSeparator] (optional, default ",")
[-FileName] (required)
[-IncludeSchedule] (optional)
[-IncludeRuleOutput] (optional)
[-ManagedSystem] (optional, default value "AD")
[-Name] (optional)
[-ShowBanner] (optional)
Description
The Export-CGDynamicGroup cmdlet exports Dynamic Group rule configuration from Cayosoft Administrator to a CSV file.
Example 1
Export-CGDynamicGroup -FileName C:\Temp\output.csv -Name "GroupName" -IncludeSchedule
This command exports a specified Active Directory Dynamic Group rule settings with its schedule to a CSV file.
Example 2
Export-CGDynamicGroup -FileName C:\Temp\output.csv -IncludeSchedule -ManagedSystem "AD"
This command exports all Active Directory Dynamic Group rules with their schedule to a CSV file.
Example 3
Export-CGDynamicGroup -FileName C:\Temp\output_MS365.csv -IncludeSchedule -ManagedSystem "Microsoft365"
This command exports all Microsoft 365 Dynamic Group rules with its schedule to a CSV file.
Import-CGDynamicGroup
[-CompareMembers] (optional)
[-Credential] (required)
[-CsvSeparator] (optional, default value: ",")
[-DC] (required for AD groups)
[-DefaultParameters] (optional)
[-FileName] (required)
[-ImportMode] (optional)
[-IncludeSchedule] (optional)
[-IncludeRuleOutput] (optional)
[-MoveToContainer] (optional)
[-ManagedSystem] (optional, default value "AD")
[-ReportFileName] (optional)
[-StopOnScopeResolutionError] (optional, default value "$False")
[-ShowBanner] (optional)
[-Tenant] (required for Office 365 groups)
Description
The Import-CGDynamicGroup cmdlet imports Dynamic Group rule configuration from a CSV file to the Cayosoft Administrator.
Example 1
$credential = get-credential
Import-CGDynamicGroup -ImportMode Append -FileName C:\Temp\output.csv -DC "DCName" -Credential $credential
This command adds new membership rules from the CSV file to the existing Active Directory Dynamic Group.
Example 2
$credential = get-credential
Import-CGDynamicGroup -ImportMode Replace -FileName C:\Temp\output.csv -DC "DCName" -Credential $credential
This command overwrites the existing membership rules in the existing Active Directory Dynamic Group.
Example 3
$MS365credential = get-credential
Import-CGDynamicGroup -ImportMode Replace -FileName C:\Temp\output_MS365.csv -ManagedSystem "Microsoft365" -Tenant "Tenant Name" -Credential $MS365credential
This command overwrites the existing membership rules in the existing Microsoft 365 Dynamic Group.
Remove-CGDynamicGroup
[-CsvSeparator] (optional, default ",")
[-FileName] (required)
[-ShowBanner] (optional)
Description
The Remove-CGDynamicGroup cmdlet deletes the Dynamic Group rule configuration from the Cayosoft Administrator based on the input CSV file.
Example
Remove-CGDynamicGroup -FileName C:\Temp\output.csv
This command deletes Dynamic Group rules specified in the CSV file and removes links to these groups from Runbooks.
Parameters description
Export parameters
-Container <String>
Specifies one or more containers with Dynamic Group rules. When not set, all Dynamic Group rules for the specified managed system are exported.
-Name <String>
Specifies one or more Dynamic Group rule names to export. If not set all Dynamic Group rules are exported.
Import parameters
-CompareMembers [<SwitchParameter>]
If set, future membership calculated by the imported Dynamic Group rule will be compared to the current group membership, and the difference would be reported to the command output.
-Credential <PSCredential>
Specifies connection credentials. Active Directory or Microsoft 365 credentials can be supplied, depending on the ManagedSystem parameter value.
-DefaultParameters <Hashtable>
Specifies membership command parameters that will be overwritten on import.
-DC <String>
Specifies Domain Controller DNS name that will lookup the Dynamic Groups.
-ImportMode <String>
Specifies how to merge Dynamic Group membership commands. For Append mode imported membership commands will be added to the current list of membership commands. For Replace mode imported membership commands will overwrite the existing membership commands.
-MoveToContainer <String>
Specifies container to move all imported Dynamic Groups.
If this parameter is not specified, the default Active Directory and Microsoft Office 365 containers will be used.
-ReportFileName <String>
Specifies file name to store report with the results of the import.
-StopOnScopeResolutionError [<SwitchParameter>]
Stop processing the import file if the Include or Exclude Explicitly rule scope object could not be resolved.
-Tenant <String>
Specifies Office 365 tenant name.
Common parameters
-CsvSeparator <Char>
Specifies separator symbol for the output CSV file.
-FileName <String>
Specifies the input CSV file name.
-IncludeSchedule [<SwitchParameter>]
Specifies if to include the rule schedule from the import file.
-IncludeRuleOutput [<SwitchParameter>]
Specifies if to include Dynamic Group rule output settings.
-ManagedSystem <String>
Specifies Cayosoft Administrator Dynamic Group rule type to process. Possible values: "AD", "Microsoft365".
-ShowBanner [<SwitchParameter>]
If set cmdlet prints version information.
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters about_CommonParameters - PowerShell | Microsoft Docs.
Simplified CSV format description
CSV file example
"DN","edsadgconditionslist"
- "CN=GroupName,OU=GrouoOU,DC=domain,DC=com" - group DistinguishedName
- 0x1 - Membership rule type:
- 0x1 - Include Query
- 0x2 - Exclude Query
- 0x3 - Include Objects
- 0x4 - Exclude Objects
- 0x5 - Include Group Members
- 0x6 - Exclude Group Members
- 2486dfc1-2de1-4aac-9ba4-56b6324d67c4 - ObjectGuid of domain or OU or group to search in.
- (&(objectCategory=Person)(objectClass=User)(employeeType=employee)) - example of an LDAP filter. You should specify an LDAP filter for each membership rule.
Import simplified CSV file
To import groups from a simplified CSV file run this PowerShell script. Change the path and name for the CSV file:
$credential = get-credential
Import-CGDynamicGroup -ImportMode Replace -FileName "C:\Temp\output.csv" -DC "DCName" -Credential $credential
Release Notes
Version | Notes |
---|---|
8.0.1.202 |
|
Comments
0 comments
Please sign in to leave a comment.