0 Replies Latest reply on Apr 26, 2020 2:46 PM by KAhnemann

    NSX-T Creating Groups based on AD Groups using PowerCLI

    KAhnemann Lurker

      Can someone help me figure out how to use PowerCLI to created groups in NSX-T 3.0 (or 2.5) that are based on AD Groups?  I can do it fine in the gui, but need to script it with powerCLI.

       

      Here is what I have so far.  I think the error is how I specify the DN and Base DN.  I think those are required based on the info I pulled using Postman.

       

         #Create Group - User - AD (IDFW)
         #Variables
         $groupdomain = "default"
         $groupid = "Lab - $UserName - AD Group"
         $dn = "CN=KAhnemann-NSX,OU=NSX Groups,OU=Groups,OU=AccudataLab,DC=AccudataLab,DC=com"
         $basedn = "DC=AccudataLab,DC=com"
         $groupmember_type = "IdentityGroup"
         #Retrieve Group Information
         $groupdata = Get-NsxtPolicyService -Name com.vmware.nsx_policy.infra.domains.groups
         #Set Group Variables
         $groupspecification = $groupdata.Help.patch.group.Create()
         $groupspecification.display_name = $groupid
         $groupspecification.description = $description
         #Add Group Member Variables
         $groupexpspecification = $groupdata.Help.patch.group.extended_expression.Element.condition.Create()
         $groupexpspecification.member_type = $groupmember_type
         $groupexpspecification.key="Tag"
         $groupexpspecification.operator = "EQUALS"
         $groupexpspecification.member_type = $groupmember_type
         $groupexpspecification.domain_base_distinguished_name = $basedn
         $roupexpspecification.distinguished_name = $dn
         $groupspecification.extended_expression.Add($groupexpspecification) | Out-Null
         #Add Powercli TAG to Group
         $grouptag = $groupdata.Help.patch.group.tags.Element.Create()
         $grouptag.tag = $powerclitag
         $groupspecification.tags.Add($grouptag) | Out-Null
         #Add User TAG to Group
         $grouptag = $groupdata.Help.patch.group.tags.Element.Create()
         $grouptag.tag = $usertag
         $groupspecification.tags.Add($grouptag) | Out-Null
         #Create Group
         $groupdata.patch($groupdomain, $groupid, $groupspecification)