Share via


Import User Roles (powershell)

PowerShell script to import User Roles.  Copy and save code to file with .ps1 extension.  Execute PS script from within SCOM Command Shell or PowerShell.  User input prompts will not work if copying and pasting code directly into shell.

This script works in conjunction with the ExportUserRoles script.  Otherwise, the input file must be in the following format:

Profile: <monitoringProfile>
Name: <userRoleName>
DisplayName: <userRoleDisplayName>
Description: <userRoleDescriptioin>
Users: <account1 account2 account3>

There is no validation of accounts worked into this script.  If an account cannot be queried in AD, the script will throw errors but continue to process.  Use netbios name for accounts/groups (domain\account).

 

##--------------------------------------------------##
# Use this script to import User Roles.
# This script requires the User Roles to have
# already been exported using the ExportUserRoles
# script, or a text file in the same format as the
# output of the ExportUserRoles script.
# Author: Jonathan Almquist
# Name: ImportUserRoles.ps1
# Ver: 6.0.6278.0-1
# Date: 03/23/2008
# Revisions:
##--------------------------------------------------##
## Get user input
$rms = read-Host "Enter the RMS server name"
$filename = read-Host "Enter path and filename for output file (ex: c:\user_roles.txt)"
## Check for Operations Manager Snap-in
$snapin = pssnapin | select-Object name
$added = 0
## Loop through each instance of Snap-in
foreach ($pssnapin in $snapin)
{
if ($pssnapin -like "*Microsoft.EnterpriseManagement.OperationsManager.Client*")
{
$added = 1
}
}
if ($added -eq 0)
{
add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client"
write-Host "Operations Manager Snap-in added."
}
else
{
write-Host "Operations Manager Snap-in already added."
}

set-location "OperationsManagerMonitoring::"
## Check for Monitoring Drive
$drive = psdrive | select-Object name
$added = 0
## Loop through each instance of Drive
foreach ($psdrive in $drive)
{
if ($psdrive -like "*Monitoring*")
{
$added = 1
}
}
if ($added -eq 0)
{
New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \
write-Host "Monitoring Drive added."
}
else
{
write-Host "Monitoring Drive alreaded added."
}
## Connect to Management Group
New-ManagementGroupConnection -ConnectionString: $rms
cd Monitoring:\$rms
$mg = (get-item .).ManagementGroup
$lines = get-content $filename
foreach ($line in $lines)
{
if ($line.StartsWith("Profile:"))
{
$profile = $line -replace "Profile: ", ""
}
elseif ($line.startswith("Name: "))
{
$name = $line -replace "Name: ", ""
}
elseif ($line.startswith("DisplayName: "))
{
$displayName = $line -replace "DisplayName: ", ""
}
elseif ($line.startswith("Description: "))
{
$description = $line -replace "Description: ", ""
}
elseif ($line.startswith("Users: "))
{
$users = $line -replace "Users: ", ""
if ($users -like "* *")
{
$users = $users.Split(" ")
}
## When the script reaches the Users line, this Role block is complete.
## Begin Role check and creation
$rolelist = get-userrole | select-object name
$added = 0
foreach ($role in $rolelist)
{
if ($role -like "*$name*")
{
$added = 1
}
}
if ($added -eq 0)
{
$getProfile = $mg.GetMonitoringProfiles() | where {$_.Name -eq $profile}
$obj = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringUserRole
$obj.Name = $name
$obj.DisplayName = $displayName
$obj.Description = $description
$obj.MonitoringProfile = $getProfile
$mg.InsertMonitoringUserRole($obj)
write-Host "$name User Role added."
}
else
{
write-Host "$name Role alreaded added."
}
## Compare user list and add users
if ($users -notlike "")
{
foreach ($user in $users)
{
write-host "Adding $user to $displayName"
$addUser = get-userrole | where {$_.name -eq $name}
$addUser.users.add($user)
$addUser.update()
}
}
else
{write-Host "No users in $displayName"}
## Move on to the next Role block.
write-Host "`r`n"
}
}
write-Host "Process complete."
##
##

Comments