voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor advanced functions moving them to dedicated .ps1 file

Browse Source 
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
Dimitar Milov
2021-05-25 15:47:52 +03:00
parent a8d656e879
commit 09fad317e1
14 changed files with 2013 additions and 1967 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
Modules/VMware.vSphere.SsoAdmin/Connect.ps1 Normal file
View File

@@ -0,0 +1,162 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Connect-SsoAdminServer {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function establishes a connection to a vSphere SSO Admin server.
.PARAMETER Server
Specifies the IP address or the DNS name of the vSphere server to which you want to connect.
.PARAMETER User
Specifies the user name you want to use for authenticating with the server.
.PARAMETER Password
Specifies the password you want to use for authenticating with the server.
.PARAMETER SkipCertificateCheck
Specifies whether server Tls certificate validation will be skipped
.EXAMPLE
Connect-SsoAdminServer -Server my.vc.server -User myAdmin@vsphere.local -Password MyStrongPa$$w0rd
Connects 'myAdmin@vsphere.local' user to Sso Admin server 'my.vc.server'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'IP address or the DNS name of the vSphere server')]
[string]
$Server,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'User name you want to use for authenticating with the server')]
[string]
$User,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Password you want to use for authenticating with the server')]
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
[SecureString]
$Password,
[Parameter(
Mandatory = $false,
HelpMessage = 'Skips server Tls certificate validation')]
[switch]
$SkipCertificateCheck)
Process {
$certificateValidator = $null
if ($SkipCertificateCheck) {
$certificateValidator = New-Object 'VMware.vSphere.SsoAdmin.Utils.AcceptAllX509CertificateValidator'
}
$ssoAdminServer = $null
try {
$ssoAdminServer = New-Object `
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
-ArgumentList @(
$Server,
$User,
$Password,
$certificateValidator)
}
catch {
Write-Error (FormatError $_.Exception)
}
if ($ssoAdminServer -ne $null) {
$existingConnectionIndex = $global:DefaultSsoAdminServers.IndexOf($ssoAdminServer)
if ($existingConnectionIndex -ge 0) {
$global:DefaultSsoAdminServers[$existingConnectionIndex].RefCount++
$ssoAdminServer = $global:DefaultSsoAdminServers[$existingConnectionIndex]
}
else {
# Update $global:DefaultSsoAdminServers varaible
$global:DefaultSsoAdminServers.Add($ssoAdminServer) | Out-Null
}
# Function Output
Write-Output $ssoAdminServer
}
}
}
function Disconnect-SsoAdminServer {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function closes the connection to a vSphere SSO Admin server.
.PARAMETER Server
Specifies the vSphere SSO Admin systems you want to disconnect from
.EXAMPLE
$mySsoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
Disconnect-SsoAdminServer -Server $mySsoAdminConnection
Disconnect a SSO Admin connection stored in 'mySsoAdminConnection' varaible
#>
[CmdletBinding()]
param(
[Parameter(
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdmin.Utils.StringToSsoAdminServerArgumentTransformationAttribute()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer[]]
$Server
)
Process {
if (-not $PSBoundParameters['Server']) {
switch (@($global:DefaultSsoAdminServers).count) {
{ $_ -eq 1 } { $server = ($global:DefaultSsoAdminServers).ToArray()[0] ; break }
{ $_ -gt 1 } {
Throw 'Connected to more than 1 SSO server, please specify a SSO server via -Server parameter'
break
}
Default {
Throw 'Not connected to SSO server.'
}
}
}
foreach ($requestedServer in $Server) {
if ($requestedServer.IsConnected) {
$requestedServer.Disconnect()
}
if ($global:DefaultSsoAdminServers.Contains($requestedServer) -and $requestedServer.RefCount -eq 0) {
$global:DefaultSsoAdminServers.Remove($requestedServer) | Out-Null
}
}
}
}

103
Modules/VMware.vSphere.SsoAdmin/Group.ps1 Normal file
View File

@@ -0,0 +1,103 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Get-SsoGroup {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets domain groups.
.PARAMETER Name
Specifies Name to filter on when searching for groups.
.PARAMETER Domain
Specifies the Domain in which search will be applied, default is 'localos'.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoGroup -Name administrators -Domain vsphere.local
Gets 'adminsitrators' group in 'vsphere.local' domain
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Name filter to be applied when searching for group')]
[string]
$Name,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain name to search in, default is "localos"')]
[string]
$Domain = 'localos',
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
if ($Name -eq $null) {
$Name = [string]::Empty
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
foreach ($group in $connection.Client.GetGroups(
(RemoveWildcardSymbols $Name),
$Domain)) {
if ([string]::IsNullOrEmpty($Name) ) {
Write-Output $group
}
else {
# Apply Name filtering
if ((HasWildcardSymbols $Name) -and `
$group.Name -like $Name) {
Write-Output $group
}
elseif ($group.Name -eq $Name) {
# Exactly equal
Write-Output $group
}
}
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

633
Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1 Normal file
View File

@@ -0,0 +1,633 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Add-ExternalDomainIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/11/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER Name
Name of the identity source
.PARAMETER DomainName
Domain name
.PARAMETER DomainAlias
Domain alias
.PARAMETER PrimaryUrl
Primary Server URL
.PARAMETER BaseDNUsers
Base distinguished name for users
.PARAMETER BaseDNGroups
Base distinguished name for groups
.PARAMETER Username
Domain authentication user name
.PARAMETER Passowrd
Domain authentication password
.PARAMETER DomainServerType
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Add-ExternalDomainIdentitySource `
-Name 'sof-powercli' `
-DomainName 'sof-powercli.vmware.com' `
-DomainAlias 'sof-powercli' `
-PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-Username 'sofPowercliAdmin' `
-Password '$up3R$Tr0Pa$$w0rD'
Adds External Identity Source
#>
[CmdletBinding()]
[Alias("Add-ActiveDirectoryIdentitySource")]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Friendly name of the identity source')]
[ValidateNotNull()]
[string]
$Name,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$DomainName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$DomainAlias,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$PrimaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for users')]
[ValidateNotNull()]
[string]
$BaseDNUsers,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for groups')]
[ValidateNotNull()]
[string]
$BaseDNGroups,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication user name')]
[ValidateNotNull()]
[string]
$Username,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication password')]
[ValidateNotNull()]
[string]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'External domain server type')]
[ValidateSet('ActiveDirectory')]
[string]
$DomainServerType = 'ActiveDirectory',
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.AddActiveDirectoryExternalDomain(
$DomainName,
$DomainAlias,
$Name,
$PrimaryUrl,
$BaseDNUsers,
$BaseDNGroups,
$Username,
$Password,
$DomainServerType);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
function Add-LDAPIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/11/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER Name
Friendly name of the identity source
.PARAMETER DomainName
Domain name
.PARAMETER DomainAlias
Domain alias
.PARAMETER PrimaryUrl
Primary Server URL
.PARAMETER SecondaryUrl
Secondary Server URL
.PARAMETER BaseDNUsers
Base distinguished name for users
.PARAMETER BaseDNGroups
Base distinguished name for groups
.PARAMETER Username
Domain authentication user name
.PARAMETER Passowrd
Domain authentication password
.PARAMETER ServerType
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
.PARAMETER Certificates
List of X509Certicate2 LDAP certificates
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
Adds LDAP Identity Source
.EXAMPLE
Add-LDAPIdentitySource `
-Name 'sof-powercli' `
-DomainName 'sof-powercli.vmware.com' `
-DomainAlias 'sof-powercli' `
-PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
-Password '$up3R$Tr0Pa$$w0rD' `
-Certificates 'C:\Temp\test.cer'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Friendly name of the identity source')]
[ValidateNotNull()]
[string]
$Name,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$DomainName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$DomainAlias,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$SecondaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$PrimaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for users')]
[ValidateNotNull()]
[string]
$BaseDNUsers,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for groups')]
[ValidateNotNull()]
[string]
$BaseDNGroups,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication user name')]
[ValidateNotNull()]
[string]
$Username,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication password')]
[ValidateNotNull()]
[string]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Certificates')]
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$Certificates,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Server type')]
[ValidateSet('ActiveDirectory')]
[string]
$ServerType = 'ActiveDirectory',
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.AddLdapIdentitySource(
$DomainName,
$DomainAlias,
$Name,
$PrimaryUrl,
$SecondaryUrl,
$BaseDNUsers,
$BaseDNGroups,
$Username,
$Password,
$ServerType,
$Certificates);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
function Set-LDAPIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/17/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER IdentitySource
Identity Source to update
.PARAMETER Certificates
List of X509Certicate2 LDAP certificates
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
Updates LDAP Identity Source
.EXAMPLE
Updates certificate of a LDAP identity source
Get-IdentitySource -External | `
Set-LDAPIdentitySource `
-Certificates 'C:\Temp\test.cer'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Identity source to update')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource]
$IdentitySource,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Certificates')]
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$Certificates,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.UpdateLdapIdentitySource(
$IdentitySource.Name,
$IdentitySource.FriendlyName,
$IdentitySource.PrimaryUrl,
$IdentitySource.FailoverUrl,
$IdentitySource.UserBaseDN,
$IdentitySource.GroupBaseDN,
$Certificates);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Get-IdentitySource {
<#
.NOTES
===========================================================================
Created on: 11/26/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets Identity Source.
.PARAMETER Localos
Filter parameter to return only the localos domain identity source
.PARAMETER System
Filter parameter to return only the system domain identity source
.PARAMETER External
Filter parameter to return only the external domain identity sources
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-IdentitySource -External
Gets all external domain identity source
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the localos domain identity source')]
[Switch]
$Localos,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the system domain identity source')]
[Switch]
$System,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the external domain identity sources')]
[Switch]
$External,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$resultIdentitySources = @()
$allIdentitySources = $connection.Client.GetDomains()
if (-not $Localos -and -not $System -and -not $External) {
$resultIdentitySources = $allIdentitySources
}
if ($Localos) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.LocalOSIdentitySource] }
}
if ($System) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.SystemIdentitySource] }
}
if ($External) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] }
}
#Return result
$resultIdentitySources
}
}
function Remove-IdentitySource {
<#
.NOTES
===========================================================================
Created on: 03/19/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes Identity Source.
.PARAMETER IdentitySource
The identity source to remove
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-IdentitySource -External | Remove-IdentitySource
Removes all external domain identity source
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Identity source to remove')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
$IdentitySource,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.DeleteDomain($IdentitySource.Name)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

164
Modules/VMware.vSphere.SsoAdmin/LockoutPolicy.ps1 Normal file
View File

@@ -0,0 +1,164 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Get-SsoLockoutPolicy {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets lockout policy.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoLockoutPolicy
Gets lockout policy for the server connections available in $global:defaultSsoAdminServers
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.GetLockoutPolicy();
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoLockoutPolicy {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function updates lockout policy settings.
.PARAMETER LockoutPolicy
Specifies the LockoutPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
.PARAMETER Description
.PARAMETER AutoUnlockIntervalSec
.PARAMETER FailedAttemptIntervalSec
.PARAMETER MaxFailedAttempts
.EXAMPLE
Get-SsoLockoutPolicy | Set-SsoLockoutPolicy -AutoUnlockIntervalSec 15 -MaxFailedAttempts 4
Updates lockout policy auto unlock interval seconds and maximum failed attempts
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'LockoutPolicy instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.LockoutPolicy]
$LockoutPolicy,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'LockoutPolicy description')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int64]]
$AutoUnlockIntervalSec,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int64]]
$FailedAttemptIntervalSec,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MaxFailedAttempts)
Process {
try {
foreach ($lp in $LockoutPolicy) {
$ssoAdminClient = $lp.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$lp' is from disconnected server"
continue
}
if ([string]::IsNullOrEmpty($Description)) {
$Description = $lp.Description
}
if ($AutoUnlockIntervalSec -eq $null) {
$AutoUnlockIntervalSec = $lp.AutoUnlockIntervalSec
}
if ($FailedAttemptIntervalSec -eq $null) {
$FailedAttemptIntervalSec = $lp.FailedAttemptIntervalSec
}
if ($MaxFailedAttempts -eq $null) {
$MaxFailedAttempts = $lp.MaxFailedAttempts
}
$ssoAdminClient.SetLockoutPolicy(
$Description,
$AutoUnlockIntervalSec,
$FailedAttemptIntervalSec,
$MaxFailedAttempts);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

262
Modules/VMware.vSphere.SsoAdmin/PasswordPolicy.ps1 Normal file
View File

@@ -0,0 +1,262 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Get-SsoPasswordPolicy {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets password policy.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoPasswordPolicy
Gets password policy for the server connections available in $global:defaultSsoAdminServers
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.GetPasswordPolicy();
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoPasswordPolicy {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function updates password policy settings.
.PARAMETER PasswordPolicy
Specifies the PasswordPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
.PARAMETER Description
.PARAMETER ProhibitedPreviousPasswordsCount
.PARAMETER MinLength
.PARAMETER MaxLength
.PARAMETER MaxIdenticalAdjacentCharacters
.PARAMETER MinNumericCount
.PARAMETER MinSpecialCharCount
.PARAMETER MinAlphabeticCount
.PARAMETER MinUppercaseCount
.PARAMETER MinLowercaseCount
.PARAMETER PasswordLifetimeDays
.EXAMPLE
Get-SsoPasswordPolicy | Set-SsoPasswordPolicy -MinLength 10 -PasswordLifetimeDays 45
Updates password policy setting minimum password length to 10 symbols and password lifetime to 45 days
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'PasswordPolicy instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.PasswordPolicy]
$PasswordPolicy,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'PasswordPolicy description')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$ProhibitedPreviousPasswordsCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinLength,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MaxLength,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MaxIdenticalAdjacentCharacters,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinNumericCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinSpecialCharCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinAlphabeticCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinUppercaseCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$MinLowercaseCount,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int32]]
$PasswordLifetimeDays)
Process {
try {
foreach ($pp in $PasswordPolicy) {
$ssoAdminClient = $pp.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$pp' is from disconnected server"
continue
}
if ([string]::IsNullOrEmpty($Description)) {
$Description = $pp.Description
}
if ($ProhibitedPreviousPasswordsCount -eq $null) {
$ProhibitedPreviousPasswordsCount = $pp.ProhibitedPreviousPasswordsCount
}
if ($MinLength -eq $null) {
$MinLength = $pp.MinLength
}
if ($MaxLength -eq $null) {
$MaxLength = $pp.MaxLength
}
if ($MaxIdenticalAdjacentCharacters -eq $null) {
$MaxIdenticalAdjacentCharacters = $pp.MaxIdenticalAdjacentCharacters
}
if ($MinNumericCount -eq $null) {
$MinNumericCount = $pp.MinNumericCount
}
if ($MinSpecialCharCount -eq $null) {
$MinSpecialCharCount = $pp.MinSpecialCharCount
}
if ($MinAlphabeticCount -eq $null) {
$MinAlphabeticCount = $pp.MinAlphabeticCount
}
if ($MinUppercaseCount -eq $null) {
$MinUppercaseCount = $pp.MinUppercaseCount
}
if ($MinLowercaseCount -eq $null) {
$MinLowercaseCount = $pp.MinLowercaseCount
}
if ($PasswordLifetimeDays -eq $null) {
$PasswordLifetimeDays = $pp.PasswordLifetimeDays
}
$ssoAdminClient.SetPasswordPolicy(
$Description,
$ProhibitedPreviousPasswordsCount,
$MinLength,
$MaxLength,
$MaxIdenticalAdjacentCharacters,
$MinNumericCount,
$MinSpecialCharCount,
$MinAlphabeticCount,
$MinUppercaseCount,
$MinLowercaseCount,
$PasswordLifetimeDays);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

521
Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1 Normal file
View File

@@ -0,0 +1,521 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function New-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function creates new person user account.
.PARAMETER UserName
Specifies the UserName of the requested person user account.
.PARAMETER Password
Specifies the Password of the requested person user account.
.PARAMETER Description
Specifies the Description of the requested person user account.
.PARAMETER EmailAddress
Specifies the EmailAddress of the requested person user account.
.PARAMETER FirstName
Specifies the FirstName of the requested person user account.
.PARAMETER LastName
Specifies the FirstName of the requested person user account.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Creates person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
.EXAMPLE
New-SsoPersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
#>
[CmdletBinding(ConfirmImpact = 'Low')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'User name of the new person user account')]
[string]
$UserName,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Password of the new person user account')]
[string]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Description of the new person user account')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'EmailAddress of the new person user account')]
[string]
$EmailAddress,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'FirstName of the new person user account')]
[string]
$FirstName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'LastName of the new person user account')]
[string]
$LastName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'CreateLocalUser'
try {
$connection.Client.CreateLocalUser(
$UserName,
$Password,
$Description,
$EmailAddress,
$FirstName,
$LastName
)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Get-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets person user account.
.PARAMETER Name
Specifies Name to filter on when searching for person user accounts.
.PARAMETER Domain
Specifies the Domain in which search will be applied, default is 'localos'.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoPersonUser -Name admin -Domain vsphere.local
Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
.EXAMPLE
Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
Gets person user accounts members of 'Administrators' group
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Name filter to be applied when searching for person user accounts')]
[string]
$Name,
[Parameter(
ParameterSetName = 'ByNameAndDomain',
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain name to search in, default is "localos"')]
[string]
$Domain = 'localos',
[Parameter(
ParameterSetName = 'ByGroup',
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Searches members of the specified group')]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
if ($Name -eq $null) {
$Name = [string]::Empty
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$personUsers = $null
if ($Group -ne $null) {
$personUsers = $connection.Client.GetPersonUsersInGroup(
(RemoveWildcardSymbols $Name),
$Group)
}
else {
$personUsers = $connection.Client.GetLocalUsers(
(RemoveWildcardSymbols $Name),
$Domain)
}
if ($personUsers -ne $null) {
foreach ($personUser in $personUsers) {
if ([string]::IsNullOrEmpty($Name) ) {
Write-Output $personUser
}
else {
# Apply Name filtering
if ((HasWildcardSymbols $Name) -and `
$personUser.Name -like $Name) {
Write-Output $personUser
}
elseif ($personUser.Name -eq $Name) {
# Exactly equal
Write-Output $personUser
}
}
}
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Updates person user account.
.PARAMETER User
Specifies the PersonUser instance to update.
.PARAMETER Group
Specifies the Group you want to add or remove PwersonUser from.
.PARAMETER Add
Specifies user will be added to the spcified group.
.PARAMETER Remove
Specifies user will be removed from the spcified group.
.PARAMETER Unlock
Specifies user will be unloacked.
.PARAMETER NewPassword
Specifies new password for the specified user.
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
Adds $myPersonUser to $myExampleGroup
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
Removes $myPersonUser from $myExampleGroup
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
Unlocks $myPersonUser
.EXAMPLE
Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
Resets $myPersonUser password
#>
[CmdletBinding(ConfirmImpact = 'Medium')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Person User instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want user to be added to or removed from')]
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want user to be added to or removed from')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory = $true)]
[switch]
$Add,
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory = $true)]
[switch]
$Remove,
[Parameter(
ParameterSetName = 'ResetPassword',
Mandatory = $true,
HelpMessage = 'New password for the specified user.')]
[ValidateNotNull()]
[string]
$NewPassword,
[Parameter(
ParameterSetName = 'UnlockUser',
Mandatory = $true,
HelpMessage = 'Specifies to unlock user account.')]
[switch]
$Unlock)
Process {
try {
foreach ($u in $User) {
$ssoAdminClient = $u.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$u' is from disconnected server"
continue
}
if ($Add) {
$result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
if ($result) {
Write-Output $u
}
}
if ($Remove) {
$result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
if ($result) {
Write-Output $u
}
}
if ($Unlock) {
$result = $ssoAdminClient.UnlockPersonUser($u)
if ($result) {
Write-Output $u
}
}
if ($NewPassword) {
$ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
Write-Output $u
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoSelfPersonUserPassword {
<#
.NOTES
===========================================================================
Created on: 2/19/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Resets connected person user password.
.PARAMETER NewPassword
Specifies new password for the connected person user.
.EXAMPLE
Set-SsoSelfPersonUserPassword -Password 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
Resets password
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
HelpMessage = 'New password for the connected user.')]
[ValidateNotNull()]
[SecureString]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
try {
$connection.Client.ResetSelfPersonUserPassword($Password)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Remove-SsoPersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes existing person user account.
.PARAMETER User
Specifies the PersonUser instance to remove.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
$myNewPersonUser = New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Remove-SsoPersonUser -User $myNewPersonUser
Remove person user account with user name 'myAdmin'
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Person User instance you want to remove from specified servers')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User)
Process {
try {
foreach ($u in $User) {
$ssoAdminClient = $u.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$u' is from disconnected server"
continue
}
$ssoAdminClient.DeleteLocalUser($u)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

128
Modules/VMware.vSphere.SsoAdmin/TokenLifetime.ps1 Normal file
View File

@@ -0,0 +1,128 @@
<#
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Get-SsoTokenLifetime {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets HoK and Bearer Token lifetime settings.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoTokenLifetime
Gets HoK and Bearer Token lifetime settings for the server connections available in $global:defaultSsoAdminServers
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.GetTokenLifetime();
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-SsoTokenLifetime {
<#
.NOTES
===========================================================================
Created on: 9/30/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function updates HoK or Bearer token lifetime settings.
.PARAMETER TokenLifetime
Specifies the TokenLifetime instance to update.
.PARAMETER MaxHoKTokenLifetime
.PARAMETER MaxBearerTokenLifetime
.EXAMPLE
Get-SsoTokenLifetime | Set-SsoTokenLifetime -MaxHoKTokenLifetime 60
Updates HoK token lifetime setting
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'TokenLifetime instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.TokenLifetime]
$TokenLifetime,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int64]]
$MaxHoKTokenLifetime,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Nullable[System.Int64]]
$MaxBearerTokenLifetime)
Process {
try {
foreach ($tl in $TokenLifetime) {
$ssoAdminClient = $tl.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$tl' is from disconnected server"
continue
}
$ssoAdminClient.SetTokenLifetime(
$MaxHoKTokenLifetime,
$MaxBearerTokenLifetime
);
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}

2007
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
View File

File diff suppressed because it is too large Load Diff

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.