This script demonstrates how to create a Group Membership AutoProvisioning policy. The Group Membership AutoProvisioning policy adds members to groups when member attributes satisfy policy condition.
The script contains the AddGroupMembershipPolicy function. This function accepts these parameters:
- strPolicyObjectDN - The DN of policy object to add Group Membership AutoProvisioning policy to
- strAttributeLDAPName - The LDAP name of attribute to define policy condition of <attribute> <equals> true. For more conditions please refer to the EDS_APE_PARAM_CONDITION article in the Active Roles SDK
- strGroupDN - The DN of a group to add user objects when they match a policy condition.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
Sub AddGroupMembershipPolicy (strPolicyObjectDN, strAttributeLDAPName, strGroupDN)
' Function adds policy entry of type "member of policy" to policy object referenced by strPolicyObjectDN
' Policy condition is set to "strAttributeLDAPName <equals> True"
' Group to add objects to is referenced by strGroupDN
Dim oGroup: Set oGroup = GetArsObject(strGroupDN) ' GetObject("EDMS://" & strGroupDN)
Dim oOctet: Set oOctet = CreateObject("AelitaEDM.EDMOctetString")
oOctet.Set oGroup.GUID
Dim guid: guid = oOctet.GetGuidString()
Dim oPolicy: Set oPolicy = GetArsObject(strPolicyObjectDN) ' GetObject("EDMS://" & strPolicyObjectDN)
Dim oApe: Set oApe = oPolicy.CreatePolicyEntry
oApe.Type = 51 ' 0x33 Group Membership AutoProvisioning
AddPolicySetting oApe, 1, "Provisioning policy failure. The 'Group Membership AutoProvisioning' policy encountered an error."
AddPolicySetting oApe, 50, "user"
AddPolicySetting oApe, 57, "Automatically adds or removes specified objects from specified groups"
AddPolicySetting oApe, 68, 1
AddPolicySetting oApe, 83, guid
AddPolicySetting oApe, 84, 0
AddPolicySetting oApe, 85, "<PolicyCondition Version=""1.0""><Item attrName=""" & _
strAttributeLDAPName & """ operator=""=="" linkID=""and"">True</Item></PolicyCondition>"
AddPolicySetting oApe, 203, 0
oPolicy.AddPolicyEntry oApe
oPolicy.SetInfo
Set oApe = Nothing
Set oPolicy = Nothing
Set oOctet = Nothing
Set oGroup = Nothing
End Sub
Sub AddPolicySetting (oApe, SettingID, Value)
' WScript.Echo("SET: " & SettingID)
Dim apeSet: Set apeSet = oApe.CreatePolicySetting
apeSet.SettingID = SettingID
apeSet.Value = Value
oApe.AddPolicySetting apeSet
Set apeSet = Nothing
End Sub
Function GetArsObject(dn)
Dim server: server = "ME64-ars.ME64.msk.qsft"
Dim login: login = "ME64\Administrator"
Dim password: password = "kuku01"
Dim EDMS: Set EDMS = GetObject("EDMS:")
Dim path: path = "EDMS://" & server & "/" & dn
' WScript.Echo path
Set GetArsObject = EDMS.OpenDSObject(path, login, password, 32768)
Set EDMS = Nothing
End Function
'***** END OF CODE ***************************************************************