Script to retrieve and export group data from Atlassian Crowd via REST API.

Export-CrowdGroupData.ps1

<#
.SYNOPSIS
Retrieves and exports group data from Atlassian Crowd via REST API.

.DESCRIPTION
The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory. 

It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory.

Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/

.PARAMETER CrowdBaseURL
The base URL of your Atlassian Crowd instance. It must be in HTTP or HTTPS format.

.PARAMETER DirectoryID
The numeric ID of the directory in Crowd from which you want to retrieve data.

.PARAMETER OutputPath
(Optional) The file system path where the output CSV files will be saved. Defaults to the user's profile directory if not specified.

.EXAMPLE
Get-CrowdData -CrowdBaseURL "http://crowd.example.com:8095/crowd" -DirectoryID 12345 -OutputPath "C:\Temp\CrowdExport"

This example retrieves group data from the specified Crowd instance and Directory and saves the output to "C:\Temp\CrowdExport".

.NOTES
This function requires that you have the necessary permissions to access the Crowd REST API and the specified Directory.
#>

function Get-CrowdData {
    param (
        [Parameter(Mandatory=$true)]
        [ValidatePattern("^(http|https)://")]
        [string]$CrowdBaseURL,

        [Parameter(Mandatory=$true)]
        [int]$DirectoryID,

        [Parameter(Mandatory=$false)]
        [string]$OutputPath = $env:USERPROFILE
    )

    # Prompt the user for credentials that will be used to authenticate to Crowd via basic auth
    $crowdCredentials = Get-Credential -Message "Enter credentials for basic authentication to Crowd server at $CrowdBaseURL"

    # Throw an error if no credentials were entered
    if (-not $crowdCredentials) { throw "This script requires credentials to be able to function" }

    Write-Output "Proceeding with username '$($crowdCredentials.UserName)'"

    # Set up the output folder
    $csvOutputPath = Join-Path -Path $OutputPath -ChildPath "CrowdGroupData"
    if (-not (Test-Path $csvOutputPath)) {
        New-Item -Path $csvOutputPath -ItemType Directory -Force
    }

    # Converts a PSCredential object to a Basic Authorization header suitable for use in HTTP requests.
    function ConvertTo-BasicAuthHeader {
        param (
            [Parameter(Mandatory=$true)]
            [System.Management.Automation.PSCredential]$Credential
        )

        process {
            try {
                # Concatenate username and password separated by a colon
                $combinedCredentials = "{0}:{1}" -f $Credential.UserName,$Credential.GetNetworkCredential().Password

                # Convert to Base64
                $encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($combinedCredentials))

                # Create and return the Authorization header
                return @{"Authorization" = "Basic $encodedCredentials"}
            }
            catch {
                Write-Error "An error occurred while generating the authorization header: $_"
            }
        }
    }

    # A function to calculate a group ID based on how Crowd generates group IDs
    # Not currently used as my version of Crowd (5.2.1) outputs the Group ID for each group when using /rest/admin/1.0/group/search
    function Get-AtlassianCrowdGroupID([int]$DirectoryID, [string]$GroupName) {

        # Convert the Group Name to a Base64 string
        $encodedGroupName = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($GroupName))

        # Construct and return the Group ID
        "{0}-{1}" -f $DirectoryID, $encodedGroupName
    }

    # Retrieve the list of groups from Crowd
    try {
        $groupData = Invoke-RestMethod -Method Get -Uri "$($crowdBaseURL)/rest/admin/1.0/group/search/$($directoryID)?limit=2500" -Headers (ConvertTo-BasicAuthHeader -Credential $crowdCredentials) -ContentType "application/json"
        }
    catch {
        throw "An error occurred while trying to retrieve group data from Crowd: $($_.Exception.Message)"
    }

    # Throw an error if no group data is retrieved from Crowd
    if ($groupData.size -lt 1) {
        throw "No group data was found in Crowd"
    }

    # Save the list of groups into a CSV file
    $crowdGroups = $groupData.values
    $crowdGroups | Export-Csv -Path (Join-Path -Path $csvOutputPath -ChildPath "directory-$directoryID-groups.csv") -Force -NoTypeInformation -Encoding UTF8
    Write-Host "Group names saved to $((Join-Path -Path $csvOutputPath -ChildPath "directory-$directoryID-groups.csv"))"

    # Retrieve the group memberships for each of the groups
    foreach ($group in $crowdGroups) {

        # Request each group's membership from the API
        try {
            $thisGroup = Invoke-RestMethod -Method Get -Uri "$($crowdBaseURL)/rest/admin/1.0/groups/$($group.id)/users?limit=2000" -Headers (ConvertTo-BasicAuthHeader -Credential $crowdCredentials) -ContentType "application/json"
        }
        catch {
            throw "An error occurred while trying to retrieve group membership data from Crowd group $($group.name): $($_.Exception.Message)"
        }

        # Write each group's membership to a CSV file in the output folder
        $thisGroupCSVPath = (Join-Path -Path $csvOutputPath -ChildPath "$($group.name).csv")
        $thisGroup.values | Export-Csv -Path $thisGroupCSVPath -NoTypeInformation -Force -Encoding UTF8
        Write-Host "Group data for $($group.name) saved to $thisGroupCSVPath"
    }
}

# Example usage
Get-CrowdData -CrowdBaseURL "http://crowd.example.com:8095/crowd" -DirectoryID 655361