Christian Kokeisl Posted March 14, 2017 #1 Share Posted March 14, 2017 Hello togehter, I just have an little issue, and I'll need a bit of help, please. I have an script which will create for several users in a group the certifacte for the RemoteConnector, which is working fine. Also the script will set the IpPbxUserLogin for "StrongPasswordPolicy" and "PasswordExpired". This is needed, because we won't have weak passwords. The problem here is, that if the script will run a second or third time, all users in the group will have to change there password at the next login. What we will prefere to do is to move the users from the first group to an second group. And here I got stuck...... Here is the part of my script which is working fine: import-module IpPbx connect-ippbx localhost $RootPassword = (ConvertTo-SecureString -String "RemoteConnectorPassword" -AsPlainText -Force) Get-IpPbxGroupMember -GroupName "# RemoteConnector - NewMembers" | ForEach-Object {Get-IpPbxUser -UserID $_.UserID | New-IpPbxClientCertificate -RootPassword $RootPassword -Confirm:$false} Get-IpPbxGroupMember -GroupName "# RemoteConnector - NewMembers" | ForEach-Object {Get-IpPbxUser -UserName $_.UserName | Set-IpPbxUserLogin -EnableLogin:$true -StrongPasswordPolicy YES -PasswordExpired} Now comes the part of my script which is not working: Get-IpPbxGroupMember -GroupName "# RemoteConnector - NewMembers" | ForEach-Object {Get-IpPbxUser -UserName $_.UserName | Add-IpPbxGroupMember -GroupName "# RemoteConnector" -UserName $_.UserName} When I will run this part of the script, all SwyxWare users are in the group RemoteConnector. It would be nice to get some help. Thanks a lot. Link to comment Share on other sites More sharing options...
Most Valued User Sebastian Dreier Posted March 14, 2017 Most Valued User #2 Share Posted March 14, 2017 Hello Christian, the following code should work for you (not tested). Please always try to use the "entry" parameters of the Swyx Commandlets. This leads to better performance and the Swyx Server has far less work to do. Furthermore you should remove the # character from your group names because that could lead to unexpected problems. # Load ippbx module Import-Module ippbx # Connect to the local IpPbx server via Windows Authentication Connect-IpPbx # Get root password for client certificate generation $RootPassword = (ConvertTo-SecureString -String "RemoteConnectorPassword" -AsPlainText -Force) # Get "# RemoteConnector - NewMembers" group object $newMemberGroup = Get-IpPbxGroup -GroupName "# RemoteConnector - NewMembers" # Do action for all users of the group "# RemoteConnector - NewMembers"# I highly recommend the usage of the ForEach-Object commandlet # for ForEach loops. For more details please read the following article: # https://blogs.technet.microsoft.com/heyscriptingguy/2014/07/08/getting-to-know-foreach-and-foreach-object/ Get-IpPbxGroupMember -GroupEntry $newMemberGroup | ForEach-Object { # Save the current ForEach object in a separate variable. # This leads to better readability and maintainability. # Furthermore the separate variable can also be used # in antoher inner ForEach loop. $userEntry = $_ # Create the new client certificate New-IpPbxClientCertificate -UserEntry $userEntry -RootPassword $RootPassword -Confirm:$false # Force the user to enter a new complex password on the next login Set-IpPbxUserLogin -UserEntry $userEntry -EnableLogin:$true -StrongPasswordPolicy YES -PasswordExpired # Add user to the group "# RemoteConnector" Add-IpPbxGroupMember -GroupName "# RemoteConnector" -UserEntry $userEntry # Remove current user from the group "# RemoteConnector - NewMembers" Remove-IpPbxGroupMember -GroupEntry $newMemberGroup -UserEntry $userEntry -Confirm:$false # Status Output Write-Host "User updated: $($userEntry.Name)" } # Clean up Disconnect-IpPbx Link to comment Share on other sites More sharing options...
Christian Kokeisl Posted March 15, 2017 Author #3 Share Posted March 15, 2017 Hi Sebastian, thanks a lot for your help, the Script seems to be working, but I'll get two exeptions: Thumbprint AutomaticCertificateAvailable ---------- ----------------------------- c7e73dab0b955d5762192c67b5db4207e6b4d4b5 TrueAusnahme beim Aufrufen von "Update" mit 1 Argument(en): "Concurrency violation: the UpdateCommand affected 0 of the expected 1 records." In C:\Program Files (x86)\SwyxWare Administration\Modules\IpPbx\IpPbxUserLogin.ps1:188 Zeichen:13 + $UserEntry.Update($true) + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SDBConcurrencyException User updated: SpinneFehler beim Durchlaufen einer Auflistung: Collection was modified; enumeration operation may not execute.. In C:\Program Files (x86)\SwyxWare Administration\Modules\IpPbx\IpPbxGroupMember.ps1:187 Zeichen:9 + $Result | ForEach-Object { + ~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Collecti...numeratorSimple:ArrayListEnumeratorSimple) [], RuntimeException + FullyQualifiedErrorId : BadEnumeration What do you think about that? Shall we leave it like this, or do you think we have to modify something in de script? Link to comment Share on other sites More sharing options...
Most Valued User Sebastian Dreier Posted March 26, 2017 Most Valued User #4 Share Posted March 26, 2017 Hello Christian, I now finally had time to check this on my own and I found the problem. Here is the working solution: # Load ippbx module Import-Module ippbx # Connect to the local IpPbx server via Windows Authentication Connect-IpPbx # Get root password for client certificate generation $RootPassword = (ConvertTo-SecureString -String "RemoteConnectorPassword" -AsPlainText -Force) # Group names $sourceGroup = "# RemoteConnector - NewMembers" $destinationGroup = "# RemoteConnector" # Temp list with user entries $modifedUsers = @() # Do action for all users of the source group # I highly recommend the usage of the ForEach-Object commandlet # for ForEach loops. For more details please read the following article: # https://blogs.technet.microsoft.com/heyscriptingguy/2014/07/08/getting-to-know-foreach-and-foreach-object/ Get-IpPbxGroupMember -GroupName $sourceGroup | ForEach-Object { # Save the current ForEach object in a separate variable. # This leads to better readability and maintainability. # Furthermore the separate variable can also be used # in antoher inner ForEach loop. $userEntry = $_ # Create the new client certificate New-IpPbxClientCertificate -UserEntry $userEntry -RootPassword $RootPassword -Confirm:$false -ErrorAction Stop # Force the user to enter a new complex password on the next login Set-IpPbxUserLogin -UserEntry $userEntry -EnableLogin:$true -StrongPasswordPolicy YES -PasswordExpired -ErrorAction Stop # Add user to destination group Add-IpPbxGroupMember -GroupName $destinationGroup -UserEntry $userEntry -ErrorAction Stop # Add to temp list $modifedUsers += $userEntry # Status Output Write-Host "User '$($userEntry.Name)' updated and added to group '$($destinationGroup)'" } # Remove current user from the source group $modifedUsers | ForEach-Object { # Save the current ForEach object in a separate variable. $userEntry = $_ # Do the action Remove-IpPbxGroupMember -GroupName $sourceGroup -UserEntry $userEntry -Confirm:$false -ErrorAction Stop # Status Output Write-Host "User '$($userEntry.Name)' removed from group '$($sourceGroup)'" } # Clean up Disconnect-IpPbx Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.