Devolutions ForumDevolutions Forum

Manage usergroups with powershell

Resolved

Manage usergroups with powershell

avatar
fjgaspar

Hi,
I have RDM Enterprise and I have users and user groups here:



I can add users from Powershell with New-RDMUser cmdlet, and manage users with GET-RDMUser and Set-RDMUser, and Remove-RDMUser. But I can't find any cmdlet to manage User Groups. I have serveral User Groups created here, and I need to manage hundreds of users and assign them to proper groups, and it will be a pain do that in User interface. There is a GET-RDMSecuritygroup cmdlet but when I run it, it shows no group. And I can't find any suitable cmdlet for this.

Can anyone point me in the right direction?

1f4aac2e-08b0-4f06-9740-0edc0ed1a072.png

All Comments (8)

avatar
Erica Poirier

Hello,

The cmdlets to manage the user groups are Get-RDMRole/Set-RDMRole. To assign users to user groups, the cmdlet Set-RDMRoleGroupRights and Set-RDMUserGroupRights will do the trick.

Let us know if you have further questions about these cmdlets.

Best regards,

Érica Poirier

avatar
fjgaspar

Thanks for the answer.

Set-RDMRoleRights is not a cmdlet available in my environment, I have Set-RDMRoleGroupRights
I have read the help and examples of those cmdlets and I still don't know how to assign users to groups. Lets say get-rdmuser shows:

User1
User2
User3

And Get-RDMRole

Group1
Group2

Which command do I need to use to assign User1 to Group2 and User2 and User3 to Group1?

avatar
Erica Poirier

Hello,

Thank you for your feedback.

I want to apologize that I sent you on the wrong path. Those 2 cmdlets are for Security Groups and not User Groups.

The cmdlet you are looking for is Add-RDMRoleToUser.

Here is how you can use this cmdlet.

$user = Get-RDMUser -Name "User1"
$role = Get-RDMRole -Name "Group2"
Add-RDMRoleToUser -RoleObject $role -UserObject $user
Set-RDMUser $user


There are some other cmdlets to manage the user's role membership, and also access to vaults.

  • Remove-RDMRoleToUser
  • Add-RDMRoleVaultAccess
  • Get-RDMRoleVaultAccess
  • Remove-RDMRoleRepositoryAccess


Let us know if you have further questions.

Best regards,

Érica Poirier

avatar
fjgaspar

Thank you!!

avatar
fjgaspar

One last question: Is it possible to get a list of users in a User group and a list of groups to which a user belongs?

avatar
Erica Poirier

Hello,

No cmdlet is available to get the users within a group or the list of groups a user is a member of.

For custom roles, the IDs of the roles are located in the XML code of the CustomSecurity property of the user object.



Best regards,

Érica Poirier

19cf93d0-81e2-4609-98f6-ede2b3eda3c9.png

avatar
lberchten

For Information, i needed to get User assigned Roles yesterday:

You can get the Groups Names for a User with the follow Code:

$rdm_user = Get-RDMUser | Where {$_.Description -like $user_full_name}
$rdm_user_roles = @()
        [xml]$sec = $rdm_user.CustomSecurity
        foreach ($item in $sec.CustomSecurity.CustomRoles.String)
        {
            $role = Get-RDMRole | where {$_.ID -eq $item}
            $roleName = $role.Name
            if (!([string]::IsNullOrEmpty($roleName)))
            {
                $rdm_user_roles += $roleName
            }
        }
Write-Host $rdm_user_roles

Best Regards Lukas

avatar
Erica Poirier

Hello,

Thank you for sharing your solution with our community.

Best regards,

Érica Poirier