linking groups implemented and tested

This commit is contained in:
Karl-Wilfried Zimmer 2024-07-14 16:45:30 +02:00
parent a8f94c7d78
commit 9a5552a1e1
3 changed files with 22 additions and 26 deletions

View File

@ -11,17 +11,17 @@ param (
$Read = 'ACL-'+$ProjectName+'-RO' $Read = 'ACL-'+$ProjectName+'-RO'
$Write = 'ACL-'+$ProjectName+'-RW' $Write = 'ACL-'+$ProjectName+'-RW'
$ret=@() $reta=@()
if($PSBoundParameters.ContainsKey("ProjectName")){ if($PSBoundParameters.ContainsKey("ProjectName")){
if($PSBoundParameters.ContainsKey("Server")){ if($PSBoundParameters.ContainsKey("Server")){
$ret += New-ADGroup -Path $ACL -Server $Server -Name $Read -GroupCategory Security -GroupScope Global -PassThru $reta += New-ADGroup -Path $ACL -Server $Server -Name $Read -GroupCategory Security -GroupScope Global -PassThru
$ret += New-ADGroup -Path $ACL -Server $Server -Name $Write -GroupCategory Security -GroupScope Global -PassThru $reta += New-ADGroup -Path $ACL -Server $Server -Name $Write -GroupCategory Security -GroupScope Global -PassThru
} else { } else {
$ret += New-ADGroup -Path $ACL -Name $Read -GroupCategory Security -GroupScope Global -PassThru $reta += New-ADGroup -Path $ACL -Name $Read -GroupCategory Security -GroupScope Global -PassThru
$ret += New-ADGroup -Path $ACL -Name $Write -GroupCategory Security -GroupScope Global -PassThru $reta += New-ADGroup -Path $ACL -Name $Write -GroupCategory Security -GroupScope Global -PassThru
} }
return $ret return $reta
} }
throw "ProjectName parameter needs to be set" throw "ProjectName parameter needs to be set"

View File

@ -11,18 +11,18 @@ param (
$Read = 'GR-'+$ProjectName+'-RO' $Read = 'GR-'+$ProjectName+'-RO'
$Write = 'GR-'+$ProjectName+'-RW' $Write = 'GR-'+$ProjectName+'-RW'
$ret=@() $retr=@()
if($PSBoundParameters.ContainsKey("ProjectName")){ if($PSBoundParameters.ContainsKey("ProjectName")){
if($PSBoundParameters.ContainsKey("Server")){ if($PSBoundParameters.ContainsKey("Server")){
$ret += New-ADGroup -Path $Roles -Server $Server -Name $Read -GroupCategory Security -GroupScope Global -PassThru $retr += New-ADGroup -Path $Roles -Server $Server -Name $Read -GroupCategory Security -GroupScope Global -PassThru
$ret += New-ADGroup -Path $Roles -Server $Server -Name $Write -GroupCategory Security -GroupScope Global -PassThru $retr += New-ADGroup -Path $Roles -Server $Server -Name $Write -GroupCategory Security -GroupScope Global -PassThru
} else { } else {
$ret += New-ADGroup -Path $Roles -Name $Read -GroupCategory Security -GroupScope Global -PassThru $retr += New-ADGroup -Path $Roles -Name $Read -GroupCategory Security -GroupScope Global -PassThru
$ret += New-ADGroup -Path $Roles -Name $Write -GroupCategory Security -GroupScope Global -PassThru $retr += New-ADGroup -Path $Roles -Name $Write -GroupCategory Security -GroupScope Global -PassThru
} }
return $ret return $retr
} }
throw "ProjectName parameter needs to be set" throw "ProjectName parameter needs to be set"

View File

@ -8,27 +8,23 @@ param (
. .\Variables.ps1 . .\Variables.ps1
$ret
$acl
$r
if($PSBoundParameters.ContainsKey("ProjectName")){ if($PSBoundParameters.ContainsKey("ProjectName")){
if($PSBoundParameters.ContainsKey("Server")){ if($PSBoundParameters.ContainsKey("Server")){
$ret = New-ADGroup -Path $Projects -Server $Server -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru $ret = New-ADGroup -Path $Projects -Server $Server -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru
$ret = Get-ADGroup $ProjectName -SearchBase $Projects -Server $Server #$ret = Get-ADGroup $ProjectName -SearchBase $Projects -Server $Server
$acl = . .\AddProjectACL.ps1 -ProjectName $ProjectName -Server $Server $acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName -Server $Server
$r = . .\AddProjectRoles.ps1 -ProjectName $ProjectName -Server $Server $rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName -Server $Server
#$ret | Add-ADGroupMember -Members $acl,$r #$ret | Add-ADGroupMember -Members $acl,$r
$acl | ForEach-Object {add-ADGroupMember -Identity "$ret.DistinguishedName" -Members $_ -Server $Server} $acls | ForEach-Object {add-ADGroupMember -Identity $ret -Members $_ -Server $Server}
$r | ForEach-Object {Add-ADGroupMember -Identity "$ret.DistinguishedName" -Members $_ -Server $Server} $rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_ -Server $Server}
} else { } else {
$ret = New-ADGroup -Path $Projects -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru $ret = New-ADGroup -Path $Projects -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru
$ret = Get-ADGroup $ProjectName -SearchBase $Projects #$ret = Get-ADGroup $ProjectName -SearchBase $Projects
$acl = . .\AddProjectACL.ps1 -ProjectName $ProjectName $acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName
$r = . .\AddProjectRoles.ps1 -ProjectName $ProjectName $rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName
#$ret | Add-ADGroupMember -Members $acl,$r #$ret | Add-ADGroupMember -Members $acl,$r
$acl | ForEach-Object {Add-ADGroupMember -Identity "$ret.DistinguishedName" -Members $_} $acls | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_}
$r | ForEach-Object {Add-ADGroupMember -Identity "$ret.DistinguishedName" -Members $_} $rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_}
} }
return $ret return $ret