diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index a1b08ff..610cf04 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy', 'Get-TokenLifetime', 'Set-TokenLifetime') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy', 'Get-TokenLifetime', 'Set-TokenLifetime', 'Add-ActiveDirectoryIdentitySource') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index b6f39e2..2748b09 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -289,7 +289,7 @@ function New-PersonUser { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -369,7 +369,7 @@ function Get-PersonUser { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -654,7 +654,7 @@ function Get-Group { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -726,7 +726,7 @@ function Get-PasswordPolicy { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -976,7 +976,7 @@ function Get-LockoutPolicy { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -1128,7 +1128,7 @@ function Get-TokenLifetime { $Server) Process { - $serversToProcess = $global:DefaultSsoAdminServers + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } @@ -1208,4 +1208,160 @@ function Set-TokenLifetime { } } } +#endregion + +#region IdentitySource +function Add-ActiveDirectoryIdentitySource { +<# + .NOTES + =========================================================================== + Created on: 9/30/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function adds Identity Source of ActiveDirectory type. + + .PARAMETER Name + Name of the identity source + + .PARAMETER DomainName + Domain name + + .PARAMETER DomainAlias + Domain alias + + .PARAMETER PrimaryUrl + Primary Server URL + + .PARAMETER BaseDNUsers + Base distinguished name for users + + .PARAMETER BaseDNGroups + Base distinguished name for groups + + .PARAMETER Username + Domain authentication user name + + .PARAMETER Passowrd + Domain authentication password + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Add-ActiveDirectoryIdentitySource ` + -Name 'sof-powercli' ` + -DomainName 'sof-powercli.vmware.com' ` + -DomainAlias 'sof-powercli' ` + -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' ` + -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` + -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` + -Username 'sofPowercliAdmin' ` + -Password '$up3R$Tr0Pa$$w0rD' + + Adds ActiveDirectory identity source +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Friendly name of the identity source')] + [ValidateNotNull()] + [string] + $Name, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [ValidateNotNull()] + [string] + $DomainName, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [string] + $DomainAlias, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [ValidateNotNull()] + [string] + $PrimaryUrl, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Base distinguished name for users')] + [ValidateNotNull()] + [string] + $BaseDNUsers, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Base distinguished name for groups')] + [ValidateNotNull()] + [string] + $BaseDNGroups, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Domain authentication user name')] + [ValidateNotNull()] + [string] + $Username, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Domain authentication password')] + [ValidateNotNull()] + [string] + $Password, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() + if ($Server -ne $null) { + $serversToProcess = $Server + } + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + $connection.Client.AddActiveDirectoryExternalDomain( + $DomainName, + $DomainAlias, + $Name, + $PrimaryUrl, + $BaseDNUsers, + $BaseDNGroups, + $Username, + $Password); + } +} #endregion \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index ccd44ab..f8c8d14 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index 744f948..764d165 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index c7caac1..ec44174 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -5,6 +5,7 @@ using System; using System.Collections.Generic; using System.IdentityModel.Selectors; +using System.Runtime.InteropServices.WindowsRuntime; using System.Security; using System.ServiceModel; using System.ServiceModel.Channels; @@ -617,6 +618,44 @@ namespace VMware.vSphere.SsoAdminClient return GetTokenLifetime(); } + + public void AddActiveDirectoryExternalDomain( + string domainName, + string domainAlias, + string friendlyName, + string primaryUrl, + string baseDNUsers, + string baseDNGroups, + string authenticationUserName, + string authenticationPassword) { + + string serverType = "ActiveDirectory"; + string authenticationType = "password"; + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.AddExternalDomainAsync( + new ManagedObjectReference { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + }, + serverType, + domainName, + domainAlias, + new SsoAdminExternalDomainDetails { + friendlyName = friendlyName, + primaryUrl = primaryUrl, + userBaseDn = baseDNUsers, + groupBaseDn = baseDNGroups + }, + authenticationType, + new SsoAdminDomainManagementServiceAuthenticationCredentails { + username = authenticationUserName, + password = authenticationPassword + })).Wait(); + } #endregion } }