Importing Active Directory Groups

In many DSM 2019.1 environments, the concept of software assignment is based on the management of groups in the Active Directory and an additional import of these EXternal Groups into the DSM 2019.1 environment. This section discusses how the PowerShell Extensions for Ivanti DSM can be utilized to import these groups into the DSM 2019.1.

Hint: The execution of these examples requires a connected PowerShell drive.

Before you can import an Active Directory Group object, you have to determine the SID of the group. You have to exploit objects of the .NET framework to retrieve the group object and its security identifier:

$MyADGroup = New-Object System.Security.Principal.NTAccount("Adobe Reader 9.0 Group")

$MySID = $MyADGroup.Translate([System.Security.Principal.SecurityIdentifier]).ToString()

In a second step you can import the external group into DSM 2019.1:

New-EmdbExternalGroup "Adobe Reader 9.0 Group" -UniqueID $MySID -IDProvider "AD"

The creation resp. the import of an External Group requires the parameters group name, unique ID and the so called  ID provider. The latter has to be "AD" for Active Directory Groups. You can choose any group name that is valid in this context, but we suggest to use the same name as in the Active Directory (see Renaming Active Directory Groups).