support 234 Posted September 20, 2019 Report Share Posted September 20, 2019 Purpose: Currently as of Build 8782 Passwordstate does not have a feature in the User Interface to scan an Active Directory OU and automatically add in all the security groups. This Powershell script can do this as an alternative way, which will search an Organisational Unit of your choice and add each security group in via the Passwordstate API. The Security Groups will automatically sync all members within about 1 minute of being added into the system. You must be running Passwordstate 8782 for this to work, and you'll find the Security Groups API key under Administration -> System Settings -> API The script is listed below, and you could potentially put this into a Windows Scheduled Task to run on a regular schedule. Please change the variables on lines 2,3,4 and 5 to suit your environment: #Set following core variables in lines 2,3 & 4 $APIKey = "6c27d83f5a9b43e79843b632fe5dac5e" $PasswordstateURL = "https://sandbox.contoso.com" $Domain = "contoso" $OUtoScan = "OU=Test,OU=Sandbox Testing,DC=contoso,DC=com" #Begin Script #Construct API URL for use later in script $APIURL = $PasswordstateURL + "/api" #Find Security Groups in OU $SecurityGroups = (get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase $OUtoScan).Name #Cycle through array and add each security group to Passwordstate foreach ($SecurityGroup in $SecurityGroups) { #JSON data for the object $Body = @{ SecurityGroupName = $SecurityGroup ADDomainNetBIOS = $Domain APIKey = $APIKey } # Convert Array to Json $jsonData = $Body | ConvertTo-Json #Add the group to Passwordstate $result = Invoke-Restmethod -Method Post -Uri $APIURL'/securitygroup' -ContentType "application/json" -Body $jsonData } Regards, Support. Quote Link to post Share on other sites
Emad 2 Posted February 18 Report Share Posted February 18 HI This will be very useful for my operation. I have script that creates folders, passwordlist & relevant AD groups. Currently I manually sync PasswordState with AD for the groups but now I will be able add sync & possibly add users to these groups in one go. thank you. Emad Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.