Create Virtual Attribute Script?

Need to create a bunch of Virtual Attributes. All single value Directory String, User attributes. Does any one have a script to create virtual attributes of a csv file or similar?

I am not finding any of the Quest CmdLets that do it. 

Parents Reply Children
  • That helps. I am having trouble getting a import of Virtual Attribute names to create from a csv. This is what I have so far.

    #Store the data from VAttributes.csv in the $VAttributes variable
    $VAttributes = Import-csv "C:\Scripts\VA\VaList.csv"

    #Loop through VAttribute in the CSV file
    foreach ($VA in $VAttributes)
    {
    # Set the property lDAPDisplayName for the VA
    $strAttributeName = $VA

    # Set the object class to which the VA will apply
    $strAttributeClass = "user"
    # Set the property attributeSyntax for the VA
    $strAttributeSyntax = "2.5.5.12"
    # Set the property oMSyntax for the VA
    $iAttributeOMSyntax = 64
    # Specify whether to store the VA in the Active Roles configuration database
    $bIsAttributeStored = $true
    # Specify whether the VA is single-valued
    $bIsAttributeSindleValued = $true
    # Set the property Description for the VA
    $strAttributeDescription = "AGN"
    # Set the property ContainerDN for VA
    $strVaContainerDn = "CN=Virtual Attributes,CN=Server Configuration,CN=Configuration"

    function CreateVA($AttrName, $ClassSchemas, $AttrSyntax, $OMSyntax, $IsStored, $IsSingleValued)
    {
    $objVaContainer = [ADSI]"EDMS://$strVaContainerDn"
    $objOctetString = New-Object -ComObject "AelitaEDM.EDMOctetString"
    "Creating VA $AttrName ..."
    $objNewVa = $objVaContainer.Create("edsVirtualAttribute", "CN=$AttrName")
    $objPolicyInfoList = $objNewVa.GetPolicyInfoList()
    $objOctetString.SetGuidString($objPolicyInfoList.Item("schemaIDGUID").GeneratedValue)

    $objNewVa.Put("edsaAttributeIsStored", [bool]$IsStored)
    $objNewVa.Put("isSingleValued", [bool]$IsSingleValued)
    $objNewVa.Put("lDAPDisplayName", [string]$AttrName)
    $objNewVa.Put("edsaClassSchemas", [string]$ClassSchemas)
    $objNewVa.Put("attributeSyntax", [string]$AttrSyntax)
    $objNewVa.Put("oMSyntax", [int]$OMSyntax)
    $objNewVa.Put("schemaIDGUID", $objOctetString.GetOctetString())
    $objNewVa.Put("attributeID", $objPolicyInfoList.Item("attributeID").GeneratedValue)
    $objNewVa.Put("description", [string]$strAttributeDescription)

    $objNewVa.SetInfo()
    }

    CreateVA -AttrName $strAttributeName -ClassSchemas $strAttributeClass -AttrSyntax $strAttributeSyntax -OMSyntax $iAttributeOMSyntax -IsStored $bIsAttributeStored -IsSingleValued $bIsAttributeSindleValued

    }

  • OK - this all looks fairly reasonable.  What kind of error are you receiving?

  • My input file is the following:

    edsvaTest123A
    edsvaTest123B
    edsvaTest123C

    This is the error I get:

    Creating VA @{edsvaTest123A=edsvaTest123B} ...
    Exception calling "SetInfo" with "0" argument(s): "Administrative Policy returned an error.
    'CN=@{edsvaTest123A=edsvaTest123B},CN=Virtual Attributes,CN=Server Configuration,CN=Configuration' is not a valid LDAP distinguished name.
    "
    At C:\Scripts\VA\CreateVA2.ps1:44 char:6
    + $objNewVa.SetInfo()
    + ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI

    Creating VA @{edsvaTest123A=edsvaTest123C} ...
    Exception calling "SetInfo" with "0" argument(s): "Administrative Policy returned an error.
    'CN=@{edsvaTest123A=edsvaTest123C},CN=Virtual Attributes,CN=Server Configuration,CN=Configuration' is not a valid LDAP distinguished name.
    "
    At C:\Scripts\VA\CreateVA2.ps1:44 char:6
    + $objNewVa.SetInfo()
    + ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI

  • Do you have a header row in your file?  If not, then rather than import-csv, I would just use Get-Content.  That way your syntax for iterating through the list should work OK.

  • I notice in the gui you can only delete on VA at a time. What would the command to delete a VA in a script be? I don't see any examples of that in the sample folder. 

  • For that you could use:

    Remove-QADObject -identity $MyVADistinguishedName -proxy

  • i.e. in a loop

    So:

    # Create a persistent session with Active Roles

    $ARSession = Connnect-QADService -proxy

    # List your VAs


    Get-QADObject -SearchRoot "CN=Virtual Attributes,CN=Server Configuration,CN=Configuration" -Connection $ARSession -Name 'SomePattern*' | select -expandproperty distinguishedname | foreach {

    $MyVADistinguishedName = $_

    Remove-QADObject -identity $MyVADistinguishedName -Connection $ARSession -Force

    }