Skip to content

New-OVLdapGroup

Syntax

New-OVLdapGroup
    [-Directory] <Object>
    [-Group] <Object>
    [-Roles] <Array>
    [-Username] <String>
    [-Password <Object>]
    [-Credential <PSCredential>]
    [-ApplianceConnection <Object>]
    [<CommonParameters>]

New-OVLdapGroup
    [-Directory] <Object>
    [-Group] <Object>
    [-ScopePermissions <Array>]
    [-Username] <String>
    [-Password <Object>]
    [-Credential <PSCredential>]
    [-ApplianceConnection <Object>]
    [<CommonParameters>]

Description

This Cmdlet provides the ability to add a new Directory Group to the appliance. You can use the Show-OVLdapGroups to retrieve a list of avialable Directory Groups from the specified Directory.

Examples

Example 1

New-OVLdapGroup -d Domain1 -GroupName "MY Directory Group1" -roles @("Server administrator") -u "Sarah Peterson"

Add "MY Directory Group1" from Domain1 with Server Administrator role and prompt for password for group validation.

Example 2

# Get the defined directory group from the appliance. $Directory = Get-OVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the users AD password.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $Password = ConvertTo-SecureString -AsPlainText "password123890" -force  # Get the directory group object. $Group = Show-OVLdapDirectoryGroup -Name "Domain1" -Directory $Directory -Username "Sarah.Peterson@domain1.com" -Password $Password -ErrorAction Stop  # Specify the roles needed to be assigned to the directory group. $Roles = "Server administrator","Backup administrator"  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-OVLdapGroup -Directory $Directory -GroupName "MY Directory Group1" -Roles $Roles -Username "Sarah.Peterson@domain1.com" -Password $Password

Add "MY Directory Group1" from Domain1 with Server and Backup administrator roles, and specify password for group validation.

Example 3

# Get the defined directory group from the appliance. $Directory = Get-OVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the scope needed to assign permissions. $VirtAdminsScope = Get-OVScope -Name CorpVirtAdmins -ErrorAction Stop  # Create a hashtable of the roles to scopes (SBAC) which would then be assigned to the directory group. $ScopeRoles = @{Role = "Server administrator"; Scope = $VirtAdminsScope},@{Role = "Storage administrator"; Scope = $VirtAdminsScope}  # Collect the users AD credentials.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $MyAdCreds = Get-Credential  # Get the directory group object. $Group = Show-OVLdapDirectoryGroup -Name "CorpVirtAdmins" -Directory $Directory -Credential $MyAdCreds -ErrorAction Stop  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-OVLdapGroup -Directory Directory -GroupName CorpVirtAdmins -ScopePermissions $ScopeRoles -Credential $MyAdCreds

Add the new directory group with specific scope permissions, and using a PSCredential object for authentication directory validation.

Parameters

-Directory <Object>

LDAP/Active Directory Domain object.

Aliases d, domain, authProvider
Required? True
Position? Named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? False

-Group <Object>

Directroy Group to add. Can either be a string value of a Cononical Name of directory group, or object from Show-OVLdapGroups.

Aliases g, GroupName, name
Required? True
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Roles <Array>

The role(s) to assign to the Directroy Group, in [System.Collections.ArrayList] format. Accepted values are noted within the ApplianceRoles property of the [HPEOneView.Appliance.Connection] object stored in the $Global:ConnectedSessions variable.

Example: $roles = "Server administrator","Network administrator"

Aliases r, role
Required? True
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Username <String>

Warning

This parameter is now obsolete. Please transition to using the -Credential parameter.

Directory Username to authenticate with

Aliases u
Required? True
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Password <Object>

Warning

This parameter is now obsolete. Please transition to using the -Credential parameter.

Directory User account password. Can be [System.String] or [System.Security.SecureString] object.

Aliases p
Required? False
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-ApplianceConnection <Object>

Specify one or more [HPEOneView.Appliance.Connection] object(s) or Name property value(s).

Aliases Appliance
Required? False
Position? Named
Default value (${Global:ConnectedSessions} | ? Default)
Accept pipeline input? false
Accept wildcard characters? False

-Credential <PSCredential>

Use this parameter if you want to provide a PSCredential object instead.

Aliases None
Required? False
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-ScopePermissions <Array>

Array collection of Hashtable.

Example: -ScopePermissions @{Role = "Network administrator"; Scope = (Get-OVScope -Name CorpNetAdmins -ErrorAction Stop) }

Aliases None
Required? False
Position? Named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216)

Input Types

The external authentication directory object from -Get-OVLdapDirectory.

Return Values

New LDAP Group object with role assignment(s)