Share via


Applies To: Forefront Identity Manager 2010

This is an example of a Windows PowerShell function that creates a new group in the Forefront Identity Manager (FIM) Service database. For more information, see FIM Windows PowerShell Cmdlet Examples.

CreateGroup Function

This function creates a new ImportObject object based on a Group resource type. It then uses the SetSingleValue function to add attributes to the object based on the function parameters. The new Group is added to the FIM Service database using the Import-FIMConfig cmdlet.

function CreateGroup
    PARAM($DisplayName, $Owner, $AccountName, $Domain, $Email, $GroupType, $GroupScope, $Uri = $DefaultUri)
        $NewGroup = CreateImportObject -ObjectType "Group"
        SetSingleValue $NewGroup "DisplayName" $DisplayName
        SetSingleValue $NewGroup "AccountName" $AccountName
        SetSingleValue $NewGroup "Domain" $Domain
        if($Email -ne $null)
            SetSingleValue $NewGroup "Email" $Email
        if($GroupScope -ne $null)
            SetSingleValue $NewGroup "Scope" $GroupScope
        SetSingleValue $NewGroup "Type" $GroupType
        $ResolveOwner = ResolveObject -ObjectType "Person" -AttributeName "Email" -AttributeValue $Owner
        SetSingleValue -ImportObject $NewGroup -AttributeName "Owner" -AttributeValue $ResolveOwner.SourceObjectIdentifier -FullyResolved 0
        $ImportObjects = (,$ResolveOwner)
        $ImportObjects += $NewGroup
        $ImportObjects | Import-FIMConfig -Uri $Uri

The previous code assumes that the following variable is included in the script that contains the CreateGroup function:

$DefaultUri = "https://localhost:5725"

You can use the CreateGroup function as a helper function to other functions that use fewer parameters, as the CreateDistributionGroup and CreateSecurityGroup example functions demonstrate.

CreateDistributionGroup Function

This following example function creates a new ImportObject object based on a Group resource type. It then uses the SetSingleValue function to add attributes to the object based on the function parameters. The new Group is added to the FIM Service database using the Import-FIMConfig cmdlet.

The following example uses the same parameters as the CreateGroup function, except that it does not include the GroupType parameter. The function passes its parameters to the CreateGroup function, but it sets GroupType to "Distribution".

function CreateDistributionGroup
    PARAM($DisplayName, $Owner, $AccountName, $Domain, $Email, $Uri = $DefaultUri)
        CreateGroup -DisplayName $DisplayName -Owner $Owner -AccountName $AccountName -Domain $Domain -Email $Email -GroupType "Distribution" -Uri $Uri    

CreateSecurityGroup Function

The following example function uses the same parameters as the CreateGroup function, except that it does not include the GroupType parameter. The function passes its parameters to the CreateGroup function, but it sets GroupType to "Security".

function CreateSecurityGroup
    PARAM($DisplayName, $Owner, $AccountName, $Domain, $Email, $GroupScope, $Uri = $DefaultUri)
        CreateGroup -DisplayName $DisplayName -Owner $Owner -AccountName $AccountName -Domain $Domain -Email $Email -GroupScope $GroupScope -GroupType "SecurityGroup" -Uri $Uri


You can use this function as a helper function to a Windows PowerShell script that creates Group objects as part of a bulk import.

See Also




FIM Windows PowerShell Cmdlet Examples