Created
November 24, 2021 07:03
-
-
Save Nillth/909490e1bc6e7d81e7a8e46af01a64cf to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .NOTES | |
| =========================================================================== | |
| Created on: 2021-11-24 6:00 PM | |
| Created by: Marc Collins | |
| Title: Senior Principal Technical Architect | |
| Organization: Qlik | |
| Filename: QlikView-ADSync_Assign_Named_CALs.ps1 | |
| =========================================================================== | |
| #> | |
| $ADGroupName = "Qlik*" | |
| #Check for QlikView-CLI | |
| $QVM = Get-Module QlikView-CLI -ListAvailable | |
| #Get Current User Info | |
| $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) | |
| #If QlikView-CLI not installed | |
| #Attempt to install it | |
| if ($null -eq $QVM) | |
| { | |
| $paramInstallModule = @{ | |
| Name = 'QlikView-CLI' | |
| Scope = 'CurrentUser' | |
| } | |
| #if the script is Running "As Administrator" Install for All Users, else just for CurrentUser | |
| if ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) | |
| { | |
| $paramInstallModule.Scope = 'AllUsers' | |
| } | |
| Install-Module @paramInstallModule | |
| } | |
| #Import the QlikView-CLI Module | |
| Import-Module QlikView-CLI | |
| #Check the User is in the QlikView Managment API Group. | |
| if (!($currentPrincipal.IsInRole([System.Security.Principal.NTAccount]::new($env:COMPUTERNAME, "QlikView Management API")))) | |
| { | |
| #If they are not in the Group and are running "As Administrator" | |
| if ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) | |
| { | |
| #Check the group exists | |
| $QVMAPI = Get-LocalGroup -Name "QlikView Management API" -ErrorAction SilentlyContinue | |
| if ($null -eq $QVMAPI) | |
| { | |
| #If it does not exist create it | |
| $QVMAPI = New-LocalGroup -Name "QlikView Management API" -Description "Group for QV API Users" | |
| Write-Warning "QlikView Management API Group Created" | |
| } | |
| #Check if the User is a member of the group | |
| if (!($currentPrincipal.IsInRole([System.Security.Principal.NTAccount]::new($env:COMPUTERNAME, "QlikView Management API")))) | |
| { | |
| #If not a member add the current user to the group | |
| Add-LocalGroupMember -Group $QVMAPI -Member $env:USERNAME | |
| Restart-Service -Name QlikviewManagementService | |
| Write-Warning "Current User Added to QlikView Management API Group`nChanges Require you to logoff and back on" | |
| return | |
| } | |
| } | |
| else | |
| { | |
| Write-Warning "QlikView Management API is Required and current user is not running with Admin rights. Please resolve and try again." | |
| } | |
| } | |
| #Connect QlikView-CLI | |
| $QVConnection = Connect-QlikView -Hostname $env:COMPUTERNAME -verbose | |
| #Searches for a AD Group and gets all active Users & Nested Users | |
| function Get-LDAPGroupMemberFinder | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(ParameterSetName = 'GroupName')] | |
| [string]$Name | |
| ) | |
| $Filter = "(&(objectCategory=group)(cn=$Name))" | |
| $Searcher = New-Object DirectoryServices.DirectorySearcher | |
| $Searcher.Filter = $Filter | |
| $FoundGroup = $Searcher.FindOne() | |
| $Searcher.Filter = "(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$($FoundGroup.Properties.distinguishedname))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" | |
| $FoundUsers = $Searcher.FindAll() | |
| return $FoundUsers | |
| } | |
| $FoundGroupMembers = Get-LDAPGroupMemberFinder -Name $ADGroupName | |
| #Append the Domain to the SamAccountName | |
| $GroupMembers = $FoundGroupMembers.Properties.samaccountname | ForEach-Object{ | |
| "$($env:userdomain)\$($_)" | |
| } | |
| #Get the Current CAL Configuration | |
| $QVCALConfiguration = Get-QVCALConfiguration -Scope NamedCALs -qvsID $QVConnection.QlikViewServer[0].ID | |
| #Get the Assigned CALs | |
| $Licensed = $QVCALConfiguration.NamedCALs.AssignedCALs.UserName | |
| #Filter the Users to Remove And those to add | |
| $ToBeRemoved = $Licensed | Where-Object{ | |
| !($_ -in $GroupMembers) | |
| } | |
| $ToBeAdded = $GroupMembers | Where-Object{ | |
| !($_ -in $Licensed) | |
| } | |
| #Remove - Move the AssignedCALs to RemoveAssignedCALs | |
| $QVCALConfiguration.NamedCALs.RemovedAssignedCALs = $QVCALConfiguration.NamedCALs.AssignedCALs | Where-Object{ | |
| ($_.UserName -in $ToBeRemoved) | |
| } | |
| $QVCALConfiguration.NamedCALs.AssignedCALs = $QVCALConfiguration.NamedCALs.AssignedCALs | Where-Object{ | |
| !($_.UserName -in $ToBeRemoved) | |
| } | |
| #Add - Create a New AssignedNamedCAL object | |
| foreach ($User in $ToBeAdded) | |
| { | |
| $NewQVAssignedNamedCAL = New-QVAssignedNamedCAL | |
| $NewQVAssignedNamedCAL.UserName = $User | |
| Write-Host $NewQVAssignedNamedCAL.UserName | |
| $QVCALConfiguration.NamedCALs.AssignedCALs.Add($NewQVAssignedNamedCAL) | |
| } | |
| #Save the modified configuration back to QlikView | |
| Save-QVCALConfiguration -Calconfiguration $QVCALConfiguration -Verbose |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment