AddMembersToGroup

Applies To: Forefront Identity Manager 2010

This is an example of a Windows PowerShell function that you can use to add new members to a group in the Forefront Identity Manager (FIM) Service database. For more information, see FIM Windows PowerShell Cmdlet Examples.

AddMembersToGroup Function

This function creates ImportObject objects based on a Group resource type. It then uses the SetSingleValue function to add attributes to the objects based on the function parameters. It returns a reference to the collection of ImportObject objects that represent the changes to the membership of the group.

$DefaultUri = "https://localhost:5725"
function AddMembersToGroup
{
    PARAM($GroupIdentifier, $PersonIdentifiers, $IdentifierName="Email", $Uri = $DefaultUri)
    END
    {
        $ResolveGroup = ResolveObject -ObjectType "Group" -AttributeName $IdentifierName -AttributeValue $GroupIdentifier
        $ResolveGroup | Import-FIMConfig -Uri $Uri
        $ImportObjects = $NULL
        $AddedMembers = $NULL
        foreach($PersonIdentifier in $PersonIdentifiers)
        {
            $ImportObject = ResolveObject -ObjectType "Person" -AttributeName $IdentifierName -AttributeValue $PersonIdentifier
            if($AddedMembers -eq $NULL)
            {
                $AddedMembers = @($ImportObject.SourceObjectIdentifier)
            }
            else
            {
                $AddedMembers += $ImportObject.SourceObjectIdentifier
            }
            if($ImportObjects -eq $NULL)
            {
                $ImportObjects = @($ImportObject)
            }
            else
            {
                $ImportObjects += $ImportObject
            }
        }
        
        $ModifyImportObject = ModifyImportObject -TargetIdentifier $ResolveGroup.TargetObjectIdentifier -ObjectType "Group"
        $ModifyImportObject.SourceObjectIdentifier = $ResolveGroup.SourceObjectIdentifier
        
        foreach($AddedMember in $AddedMembers)
        {
            $newValue = $AddedMember
                               #The following line adds all of the Person resources to the group (if not commented out).
            AddMultiValue -ImportObject $ModifyImportObject -AttributeName "ExplicitMember" -NewAttributeValue $newValue -FullyResolved 0

                               #The following line removes all of the Person resources from the group (if not commented out).
            #RemoveMultiValue -ImportObject $ModifyImportObject -AttributeName "ExplicitMember" -NewAttributeValue $newValue -FullyResolved 0
        }
        $ImportObjects += $ModifyImportObject

        #The following line will update the group object with the added members (if not commented out). 
        #$ImportObjects | Import-FIMConfig -Uri $Uri

        #The following line returns a reference to the ImportObject collection (if not commented out).
        $ImportObjects
    }
}

Modifying the Function to Make the Changes to the FIM Service database

As shown in the previous example, this function returns a reference to the collection of ImportObject objects that define the changes that need to be made to add the members to the group:

$ImportObjects

If you replace that line of code with the following code:

$ImportObjects | Import-FIMConfig -Uri $Uri

The example now connects to the FIM Service database and makes the changes to the group's membership.

Modifying the Function to Delete Members from a Group

As shown in the code example, this function creates ImportObject objects that represent modifying the group by adding members:

AddMultiValue -ImportObject $ModifyImportObject -AttributeName "ExplicitMember" -NewAttributeValue $newValue -FullyResolved 0

If you replace that line of code with the following code:

RemoveMultiValue -ImportObject $ModifyImportObject -AttributeName "ExplicitMember" -NewAttributeValue $newValue -FullyResolved 0

The example now removes the members from the group instead of adding them. Of course, to make the behavior of the function clear, you must modify the name of the function and variables.

Remarks

You can use this function together with the CreatePerson and CreateGroup example functions in a Windows PowerShell script that performed a bulk import of People or Group resources into the FIM Service database.

See Also

Reference

Import-FIMConfig

Concepts

FIM Windows PowerShell Cmdlet Examples
SetSingleValue
CreateImportObject
ResolveObject