Skip to content

New HPOVLdapGroup

Jump to bottom
Chris Lynch edited this page Dec 10, 2020 · 44 revisions

Library Version 4.20

Library Version 4.10

Library Version 4.00

HPE OneView 4.10 Library

New-HPOVLdapGroup

Add a new Directory Group to appliance.

SYNTAX

New-HPOVLdapGroup [-Directory] <Object> [-Group] <Object> [-Roles] <Array> [-Username] <String>[ [-Password] <Object>][ [-Credential] <PSCredential>][ [-ApplianceConnection] <Object>] [<CommonParameters>]
New-HPOVLdapGroup [-Directory] <Object> [-Group] <Object>[ [-ScopePermissions] <Array>] [-Username] <String>[ [-Password] <Object>][ [-Credential] <PSCredential>][ [-ApplianceConnection] <Object>] [<CommonParameters>]

Detailed Description

This cmdlet provides the ability to add a new Directory Group to the appliance. You can use the Show-HPOVLdapGroups to retrieve a list of avialable Directory Groups from the specified Directory.

Parameters

-ApplianceConnection <Object>

Aliases [-Appliance]

Specify one or more HPOneView.Appliance.Connection object(s) or Name property value(s).

Default Value: ${Global:ConnectedSessions} | ? Default

Aliases Appliance
Required? false
Position? named
Default value (${Global:ConnectedSessions} | ? Default)
Accept pipeline input? false
Accept wildcard characters?    False

-Credential <PSCredential>

Use this parameter if you want to provide a PSCredential object instead.

Aliases None
Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Directory <Object>

Aliases [-d, -domain, -AuthProvider] LDAP/Active Directory Domain object.

Aliases d, domain, authProvider
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters?    False

-Group <Object>

Aliases [-g, -GroupName, -name] Directroy Group to add. Can either be a string value of a Cononical Name of directory group, or object from Show-HPOVLdapGroups.

Aliases g, GroupName, name
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Password <Object>

Aliases [-p] Directory User account password. Can be System.String or SecureString object.

Aliases p
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Roles <Array>

Aliases [-r, -role] The role(s) to assign to the Directroy Group, in System.Collections.ArrayList format. Accepted values are noted within the ApplianceRoles property of the HPOneView.Appliance.Connection object stored in the $Global:ConnectedSessions variable.

Example: $roles = "Server administrator","Network administrator"

Aliases r, role
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-ScopePermissions <Array>

Array collection of Hashtable<Role; Scope>.

Example: -ScopePermissions @{Role = "Network administrator"; Scope = (Get-HPOVScope -Name CorpNetAdmins -ErrorAction Stop) }

Aliases None
Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Username <String>

Aliases [-u] Directory Username to authenticate with

Aliases u
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216)

Input Types

HPOneView.Appliance.DirectoryGroup [System.Management.Automation.PSCustomObject]

The external authentication directory object from -Get-HPOVLdapDirectory.

Return Values

System.Management.Automation.PSCustomObject

New LDAP Group object with role assignment(s)

Examples

 -------------------------- EXAMPLE 1 --------------------------

New-HPOVLdapGroup -d Domain1 -GroupName "MY Directory Group1" -roles @("Server administrator") -u "Sarah Peterson"

Add "MY Directory Group1" from Domain1 with Server Administrator role and prompt for password for group validation.

 -------------------------- EXAMPLE 2 --------------------------

# Get the defined directory group from the appliance. $Directory = Get-HPOVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the users AD password.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $Password = ConvertTo-SecureString -AsPlainText "password123890" -force  # Get the directory group object. $Group = Show-HPOVLdapDirectoryGroup -Name "Domain1" -Directory $Directory -Username "[email protected]" -Password $Password -ErrorAction Stop  # Specify the roles needed to be assigned to the directory group. $Roles = "Server administrator","Backup administrator"  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-HPOVLdapGroup -Directory $Directory -GroupName "MY Directory Group1" -Roles $Roles -Username "[email protected]" -Password $Password

Add "MY Directory Group1" from Domain1 with Server and Backup administrator roles, and specify password for group validation.

 -------------------------- EXAMPLE 3 --------------------------

# Get the defined directory group from the appliance. $Directory = Get-HPOVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the scope needed to assign permissions. $VirtAdminsScope = Get-HPOVScope -Name CorpVirtAdmins -ErrorAction Stop  # Create a hashtable of the roles to scopes (SBAC) which would then be assigned to the directory group. $ScopeRoles = @{Role = "Server administrator"; Scope = $VirtAdminsScope},@{Role = "Storage administrator"; Scope = $VirtAdminsScope}  # Collect the users AD credentials.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $MyAdCreds = Get-Credential  # Get the directory group object. $Group = Show-HPOVLdapDirectoryGroup -Name "CorpVirtAdmins" -Directory $Directory -Credential $MyAdCreds -ErrorAction Stop  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-HPOVLdapGroup -Directory Directory -GroupName CorpVirtAdmins -ScopePermissions $ScopeRoles -Credential $MyAdCreds

Add the new directory group with specific scope permissions, and using a PSCredential object for authentication directory validation.

Related Links

HPE OneView 4.00 Library

New-HPOVLdapGroup

Add a new Directory Group to appliance.

SYNTAX

New-HPOVLdapGroup [-Directory] <Object> [-Group] <Object> [-Roles] <Array> [-Username] <String>[ [-Password] <Object>][ [-Credential] <PSCredential>][ [-ApplianceConnection] <Object>] [<CommonParameters>]
New-HPOVLdapGroup [-Directory] <Object> [-Group] <Object>[ [-ScopePermissions] <Array>] [-Username] <String>[ [-Password] <Object>][ [-Credential] <PSCredential>][ [-ApplianceConnection] <Object>] [<CommonParameters>]

Detailed Description

This cmdlet provides the ability to add a new Directory Group to the appliance. You can use the Show-HPOVLdapGroups to retrieve a list of avialable Directory Groups from the specified Directory.

Parameters

-ApplianceConnection <Object>

Aliases [-Appliance]

Specify one or more HPOneView.Appliance.Connection object(s) or Name property value(s).

Default Value: ${Global:ConnectedSessions} | ? Default

Aliases Appliance
Required? false
Position? named
Default value (${Global:ConnectedSessions} | ? Default)
Accept pipeline input? false
Accept wildcard characters?    False

-Credential <PSCredential>

Use this parameter if you want to provide a PSCredential object instead.

Aliases None
Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Directory <Object>

Aliases [-d, -domain, -AuthProvider] LDAP/Active Directory Domain object.

Aliases d, domain, authProvider
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters?    False

-Group <Object>

Aliases [-g, -GroupName, -name] Directroy Group to add. Can either be a string value of a Cononical Name of directory group, or object from Show-HPOVLdapGroups.

Aliases g, GroupName, name
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Password <Object>

Aliases [-p] Directory User account password. Can be System.String or SecureString object.

Aliases p
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Roles <Array>

Aliases [-r, -role] The role(s) to assign to the Directroy Group, in System.Collections.ArrayList format. Accepted values are noted within the ApplianceRoles property of the HPOneView.Appliance.Connection object stored in the $Global:ConnectedSessions variable.

Example: $roles = "Server administrator","Network administrator"

Aliases r, role
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-ScopePermissions <Array>

Array collection of Hashtable<Role; Scope>.

Example: -ScopePermissions @{Role = 'Network administrator'; Scope = (Get-HPOVScope -Name CorpNetAdmins -ErrorAction Stop) }

Aliases None
Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

-Username <String>

Aliases [-u] Directory Username to authenticate with

Aliases u
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters?    False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216)

Input Types

System.SecureString

Directory User Account password

Return Values

System.Management.Automation.PSCustomObject

New LDAP Group object with role assignment(s)

Examples

 -------------------------- EXAMPLE 1 --------------------------

New-HPOVLdapGroup -d Domain1 -GroupName "MY Directory Group1" -roles @("Server administrator") -u "Sarah Peterson"

Add "MY Directory Group1" from Domain1 with Server Administrator role and prompt for password for group validation.

 -------------------------- EXAMPLE 2 --------------------------

# Get the defined directory group from the appliance. $Directory = Get-HPOVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the users AD password.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $Password = ConvertTo-SecureString -AsPlainText "password123890" -force  # Get the directory group object. $Group = Show-HPOVLdapDirectoryGroup -Name "Domain1" -Directory $Directory -Username "[email protected]" -Password $Password -ErrorAction Stop  # Specify the roles needed to be assigned to the directory group. $Roles = "Server administrator","Backup administrator"  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-HPOVLdapGroup -Directory $Directory -GroupName "MY Directory Group1" -Roles $Roles -Username "[email protected]" -Password $Password

Add "MY Directory Group1" from Domain1 with Server and Backup administrator roles, and specify password for group validation.

 -------------------------- EXAMPLE 3 --------------------------

# Get the defined directory group from the appliance. $Directory = Get-HPOVLdapDirectory -Name "Domain1" -ErrorAction Stop  # Collect the scope needed to assign permissions. $VirtAdminsScope = Get-HPOVScope -Name CorpVirtAdmins -ErrorAction Stop  # Create a hashtable of the roles to scopes (SBAC) which would then be assigned to the directory group. $ScopeRoles = @{Role = "Server administrator"; Scope = $VirtAdminsScope},@{Role = "Storage administrator"; Scope = $VirtAdminsScope}  # Collect the users AD credentials.  This does not require Domain Admins or an administrator level account.  Only a standard user account that can query the directory. $MyAdCreds = Get-Credential  # Get the directory group object. $Group = Show-HPOVLdapDirectoryGroup -Name "CorpVirtAdmins" -Directory $Directory -Credential $MyAdCreds -ErrorAction Stop  # Create the directory group resource on the appliance, and associate with the SBAC permissions. New-HPOVLdapGroup -Directory Directory -GroupName CorpVirtAdmins -ScopePermissions $ScopeRoles -Credential $MyAdCreds

Add the new directory group with specific scope permissions, and using a PSCredential object for authentication directory validation.

Related Links

Wiki Table of Contents

Clone this wiki locally