## p4add-groupmember ## aaron bockelie <# .SYNOPSIS Adds a user to a Perforce depot group and updates the corresponding AD group. .DESCRIPTION This function simplifies adding a user to a depot group. It also keeps sync with the corresponding Active Directory group. .EXAMPLE [PS] p4add-groupmember -userarg dayne.mcclurg -grouparg p4infosys Name Type DN ---- ---- -- p4infosys group CN=p4infosys,OU=p4infosys,OU=Depots,OU=Perforce,OU=Crowd,OU=Security ... Group p4infosys updated. The command will list the corresponding Active Directory user object that is being added the group, and remove the user from the synchronized depot group. .PARAMETER userarg This is the user you want to add to the group. .PARAMETER grouparg This is the group you are adding the user to. .FUNCTIONALITY Use this function to add a validated user object to a relevant perforce group. #> Function p4add-groupmember {param([Parameter(Mandatory = $true)][array]$users,[Parameter(Mandatory = $true)]$group,[switch]$silent)#begin function p4add-groupmember $servercheck = p4get-server if ($servercheck.pingsuccess.equals($true)) { $fqgroup = $null #init this variable so we can test reliably. $fqgroup = get-qadgroup -samaccountname $group #get/validate the group we are going to modify. if ($fqgroup -eq $null) #if the returned group isn't in AD, offer to make a new group. { $message = "Group object `'" + $group + "`' not found for server `'" + $servercheck.server + "`'.`r`n`r`nI will create this group with the selected users/subgroups:`r`n " + ($users|%{$_ + "`r`n"}) #warn user write-warning $message -warningaction inquire #and give a choice to continue p4add-group -group $group -users ($users | %{get-qadobject $_} | ?{$_.type -eq "user"} | %{$_.samaccountname}) -subgroups ($users | %{get-qadobject $_} | ?{$_.type -eq "group"} | %{$_.samaccountname}) } else { $p4users = New-Object System.Collections.ArrayList # array of new + old users $p4subgroups = New-Object System.Collections.ArrayList # array of new + old subgroups $p4owners = New-Object System.Collections.ArrayList # array of new+old owners $p4groupobject = p4get-group $group $fqitem = $null #set temp object Fully Qualified Item to be null. This is a var for testing validity of an user list object from $users #expand member lists into nice arrays for manipulation. foreach ($user in $p4groupobject.users) #expand p4 group object "users" into system.collections arraylist. { if ($user) { [void]$p4users.add($user) } } foreach ($subgroup in $p4groupobject.subgroups) #expand p4 group object "subgroups" into system.collections arraylist. { if ($user) { [void]$p4subgroups.add($subgroup) } } foreach ($owner in $p4groupobject.owners) #expand p4 group object "subgroups" into system.collections arraylist. { if ($user) { [void]$p4owners.add($owner) } } #validate input list of objects to add. Any that do not return objects will be thrown as an error. We only want to add users and groups that exist in active directory. #users and groups. foreach ($item in $users) { $fqitem = $null #set to null for each loop during users. $fqitem = get-qadobject $item #attempt to retrieve the object from AD. if ($fqitem) #if an object was returned, process it. { if ($fqitem.type -eq "user") #if the object is a user, add it to the users array, and add the user to the correct AD group { [void]$p4users.add($fqitem.samaccountname) add-qadgroupmember -member $fqitem $fqgroup.dn >$null } if ($fqitem.type -eq "group") #if the object is a group, add it to the subgroup array, and add the group to the correct AD group { [void]$p4subgroups.add($fqitem.samaccountname) add-qadgroupmember -member $fqitem $fqgroup.dn >$null } } else #if no object was returned, { $message = "Object named `'" + $item + "`' was not returned as an Active Directory object. Excluding from addition." #write warning that nothing will be done for this user. write-warning $message } } $file = p4add-groupspec -group $fqgroup.samaccountname -users $p4users -owners $p4owners -subgroups $p4subgroups -maxlocktime $p4groupobject.maxlocktime -timeout $p4groupobject.timeout -maxresults $p4groupobject.maxresults -maxscanrows $p4groupobject.maxscanrows# generate a groupspec $result = $file | p4 group -i #feed groupspec into perforce to update group. } if ($silent -eq $false) #if silent is false, send result. { #$result } } }#end function p4add-groupmember