Command Shell Examples
Useful SQL Queries
Import User Roles (powershell) - Jonathan Almquist on Operations Manager - Site Home - TechNet Blogs

Import User Roles (powershell)

Import User Roles (powershell)

  • Comments 4
  • Likes

PowerShell script to import User Roles.  Copy and save code to file with .ps1 extension.  Execute PS script from within SCOM Command Shell or PowerShell.  User input prompts will not work if copying and pasting code directly into shell.

This script works in conjunction with the ExportUserRoles script.  Otherwise, the input file must be in the following format:

Profile: <monitoringProfile>
Name: <userRoleName>
DisplayName: <userRoleDisplayName>
Description: <userRoleDescriptioin>
Users: <account1 account2 account3>

There is no validation of accounts worked into this script.  If an account cannot be queried in AD, the script will throw errors but continue to process.  Use netbios name for accounts/groups (domain\account).

 

##--------------------------------------------------##
#   Use this script to import User Roles.
#   This script requires the User Roles to have
#   already been exported using the ExportUserRoles
#   script, or a text file in the same format as the
#   output of the ExportUserRoles script.
#   Author: Jonathan Almquist
#   Name: ImportUserRoles.ps1
#   Ver: 6.0.6278.0-1
#   Date: 03/23/2008
#   Revisions:
##--------------------------------------------------##
##  Get user input
$rms = read-Host "Enter the RMS server name"
$filename = read-Host "Enter path and filename for output file (ex: c:\user_roles.txt)"
##  Check for Operations Manager Snap-in
$snapin = pssnapin | select-Object name
$added = 0
##  Loop through each instance of Snap-in
foreach ($pssnapin in $snapin)
    {
    if ($pssnapin -like "*Microsoft.EnterpriseManagement.OperationsManager.Client*")
        {
        $added = 1
        }
    }
if ($added -eq 0)
    {
    add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client"
    write-Host "Operations Manager Snap-in added."
    }
else
    {
    write-Host "Operations Manager Snap-in already added."
    }

set-location "OperationsManagerMonitoring::"
##  Check for Monitoring Drive
$drive = psdrive | select-Object name
$added = 0
##  Loop through each instance of Drive
foreach ($psdrive in $drive)
    {
        if ($psdrive -like "*Monitoring*")
        {
        $added = 1
        }
    }
if ($added -eq 0)
    {
    New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \
    write-Host "Monitoring Drive added."
    }
else
    {
    write-Host "Monitoring Drive alreaded added."
    }
##  Connect to Management Group
New-ManagementGroupConnection -ConnectionString: $rms
cd Monitoring:\$rms
$mg = (get-item .).ManagementGroup
$lines = get-content $filename
foreach ($line in $lines)
    {
    if ($line.StartsWith("Profile:"))
        {
        $profile = $line -replace "Profile: ", ""
        }
    elseif ($line.startswith("Name: "))
        {
        $name = $line -replace "Name: ", ""
        }
    elseif ($line.startswith("DisplayName: "))
        {
        $displayName = $line -replace "DisplayName: ", ""
        }
    elseif ($line.startswith("Description: "))
        {
        $description = $line -replace "Description: ", ""
        }
    elseif ($line.startswith("Users: "))
        {
        $users = $line -replace "Users: ", ""
        if ($users -like "* *")
        {
        $users = $users.Split(" ")
        }
        ##  When the script reaches the Users line, this Role block is complete.
        ##  Begin Role check and creation
        $rolelist = get-userrole | select-object name
        $added = 0
        foreach ($role in $rolelist)
            {
                if ($role -like "*$name*")
                {
                $added = 1
                }
            }
        if ($added -eq 0)
            {
            $getProfile = $mg.GetMonitoringProfiles() | where {$_.Name -eq $profile}
            $obj = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringUserRole
            $obj.Name = $name
            $obj.DisplayName = $displayName
            $obj.Description = $description
            $obj.MonitoringProfile = $getProfile
            $mg.InsertMonitoringUserRole($obj)
            write-Host "$name User Role added."
            }
        else
            {
            write-Host "$name Role alreaded added."
            }
        ##  Compare user list and add users
        if ($users -notlike "")
            {
            foreach ($user in $users)
                {
                write-host "Adding $user to $displayName"
                $addUser = get-userrole | where {$_.name -eq $name}
                $addUser.users.add($user)
                $addUser.update()
                }
            }
        else
            {write-Host "No users in $displayName"}
        ##  Move on to the next Role block.
        write-Host "`r`n"
        }
    }
write-Host "Process complete."
##
##

I do not moderate this blog anymore. If you have a question regarding this post, send me a message.

Comments
  • PingBack from http://blogs.technet.com/jonathanalmquist/archive/2008/03/20/write-user-roles-to-file-powershell.aspx

  • I have a customer who has many management groups and wants to synchronize the user roles between them.

  • Excellent post this saved me some time when moving between Management Groups and I want to thank you for that and the effort involved in writing these scripts.  Might I recommend a small change to accommodate different environments.

    AD Groups I added to the custom profiles had blanks in between them (ex. Domain\This is a Group).  The current import script doesn't handle this because you perform a split on blank space.  So there is a section of code that needs to be adjusted to account for this possibility within each script (i.e. Import and Export scripts).

    The export script should ultimately be changed to add a different delimiter between the "user" names.  I didn't have time to look exactly what needed to be changed.  But I did manually remove blank space between the groups from the export and added a comma to separate the values.  Then I needed to modify the import script to handle this change.

    The import script should then have this line change from:

           $users = $users.Split(" ")

    to

           $users = $users.Split(",")

  • Thanks, Jon.  I appreciate your feedback.  I haven't updated or used this script in a long time, and there are probably many ways to make this one a lot better :)  In fact, one of my peers did just that.

    blogs.msdn.com/.../exporting-and-importing-user-roles.aspx

    His version is a huge improvement with many enhancements.