Scanning an Active Directory OU and adding each group into Passwordstate

[support 201]

Purpose:

Currently as of Build 8782 Passwordstate does not have a feature in the User Interface to scan an Active Directory OU and automatically add in all the security groups.  This Powershell script can do this as an alternative way, which will search an Organisational Unit of your choice and add each security group in via the Passwordstate API. 

 

The Security Groups will automatically sync all members within about 1 minute of being added into the system.

 

You must be running Passwordstate 8782 for this to work, and you'll find the Security Groups API key under Administration -> System Settings -> API

 

The script is listed below, and you could potentially put this into a Windows Scheduled Task to run on a regular schedule.  Please change the variables on lines 2,3,4 and 5 to suit your environment:

 

#Set following core variables in lines 2,3 & 4
$APIKey = "6c27d83f5a9b43e79843b632fe5dac5e"
$PasswordstateURL = "https://sandbox.contoso.com"
$Domain = "contoso"
$OUtoScan = "OU=Test,OU=Sandbox Testing,DC=contoso,DC=com"

 

#Begin Script

#Construct API URL for use later in script
$APIURL = $PasswordstateURL + "/api"

 

#Find Security Groups in OU
$SecurityGroups = (get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase $OUtoScan).Name

 

#Cycle through array and add each security group to Passwordstate
foreach ($SecurityGroup in $SecurityGroups)
{

 

#JSON data for the object
$Body = @{
        SecurityGroupName = $SecurityGroup
        ADDomainNetBIOS = $Domain
        APIKey = $APIKey
        }
        
# Convert Array to Json
$jsonData = $Body | ConvertTo-Json

 

#Add the group to Passwordstate
$result = Invoke-Restmethod -Method Post -Uri $APIURL'/securitygroup' -ContentType "application/json" -Body $jsonData 

}
 

 

 

 

 

Regards,

Support.