jkbryan/adou-group-adma-import.vb

## adou-group-adma-import.vb
Case "adOU-Group-ADMA-Import"
                mventry("adOU").Value = Replace(csentry.DN.ToString, csentry.RDN.ToString & ",", "")

## groupdelegation.xml
<?xml version="1.0" encoding="utf-8" ?>
<Lithnet.ResourceManagement.ConfigSync>
  <Variables>
    <Variable name="#domain#" value="%userdomain%"/>
    <Variable name="#PATH#" value ="C:\some-path\" />
  </Variables>

  <Operations>
    <!-- Create a Bunch of References to Recipients -->
    <ResourceOperation operation="None" resourceType="Person" id="user1">
      <AnchorAttributes>
        <AnchorAttribute>AccountName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="none" name="AccountName">user1</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create Reference to Recipient -->
    <ResourceOperation operation="None" resourceType="Person" id="user2">
      <AnchorAttributes>
        <AnchorAttribute>AccountName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="none" name="AccountName">user2</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create Reference to Recipient -->
    <ResourceOperation operation="None" resourceType="Person" id="user3">
      <AnchorAttributes>
        <AnchorAttribute>AccountName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="none" name="AccountName">user3</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create Reference to Recipient -->
    <ResourceOperation operation="None" resourceType="Person" id="FIMServiceAccount">
      <AnchorAttributes>
        <AnchorAttribute>ObjectID</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="none" name="ObjectID">1009a2cb-e7f8-4db9-9f02-04b91b1d966d</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create Reference to Recipient -->
    <ResourceOperation operation="None" resourceType="Person" id="FIMServiceAdmin">
      <AnchorAttributes>
        <AnchorAttribute>ObjectID</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="none" name="ObjectID">7fb2b853-24f0-4498-9534-4e10589723c4</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- MPR's Sets etc: -->
    <!-- GroupValidation Bypass Set -->
    <ResourceOperation operation="Add Update" resourceType="Set" id="GroupValidationBypassSet">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">__Set:GroupValidationBypassSet</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">This set bypasses Group Management Workflow</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user2</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user1</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">FIMServiceAccount</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">FIMServiceAdmin</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user3</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create ABC Manual Groups Set -->
    <ResourceOperation operation="Add Update" resourceType="Set" id="ABCManualGroupsSet">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">__Set:ABC Manual Groups</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Use this set to allow ABC helpdesk staff to administer these groups.</AttributeOperation>
        <AttributeOperation operation="replace" name="Filter" type="filter">/Group[(adOU = 'OU=Manual Groups,OU=ABC,DC=blah,DC=ac,DC=uk') and (MembershipLocked = False)]</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- Create ABC Manual Group Administrators Set -->
    <ResourceOperation operation="Add Update" resourceType="Set" id="ABCManualGroupsAdministratorsSet">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">__Set:ABC Manual Groups Administrators</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Use this set to allow ABC helpdesk staff to administer these groups.</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user1</AttributeOperation>
        <AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user2</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- ABC Manual Group Modify MPR -->
    <ResourceOperation operation="Add Update" resourceType="ManagementPolicyRule" id="ABCManualGroupModifyMPR">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">__MPR:Group management: ABC Manual Group administrators can update ABC Manual group resources</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Allows ##xmlref:ABCManualGroupsAdministratorsSet:DisplayName## members to modify membership of ABC Manual Groups</AttributeOperation>
        <AttributeOperation operation="replace" name="Disabled">false</AttributeOperation>
        <AttributeOperation operation="replace" name="GrantRight">true</AttributeOperation>
        <AttributeOperation operation="replace" name="ManagementPolicyRuleType">Request</AttributeOperation>
        <AttributeOperation operation="replace" name="PrincipalSet" type="xmlref">ABCManualGroupsAdministratorsSet</AttributeOperation>
        <AttributeOperation operation="replace" name="ResourceCurrentSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
        <AttributeOperation operation="replace" name="ResourceFinalSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
        <AttributeOperation operation="add" name="ActionType">Read</AttributeOperation>
        <AttributeOperation operation="add" name="ActionType">Add</AttributeOperation>
        <AttributeOperation operation="add" name="ActionType">Remove</AttributeOperation>
        <AttributeOperation operation="add" name="ActionParameter">ExplicitMember</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
    <!-- ABC Manual Group Create/Delete MPR -->
    <ResourceOperation operation="Add Update" resourceType="ManagementPolicyRule" id="ABCManualGroupCreateDeleteMPR">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">__MPR:Group management: ABC Manual Group administrators can create and delete ABC Manual group resources</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Allows ##xmlref:ABCManualGroupsAdministratorsSet:DisplayName## members to Create and Delete ABC Manual Groups</AttributeOperation>
        <AttributeOperation operation="replace" name="Disabled">false</AttributeOperation>
        <AttributeOperation operation="replace" name="GrantRight">true</AttributeOperation>
        <AttributeOperation operation="replace" name="ManagementPolicyRuleType">Request</AttributeOperation>
        <AttributeOperation operation="replace" name="PrincipalSet" type="xmlref">ABCManualGroupsAdministratorsSet</AttributeOperation>
        <AttributeOperation operation="replace" name="ResourceCurrentSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
        <AttributeOperation operation="replace" name="ResourceFinalSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
        <AttributeOperation operation="add" name="ActionType">Create</AttributeOperation>
        <AttributeOperation operation="add" name="ActionType">Delete</AttributeOperation>
        <AttributeOperation operation="add" name="ActionParameter">*</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
  </Operations>
</Lithnet.ResourceManagement.ConfigSync>
	Case "adOU-Group-ADMA-Import"
	mventry("adOU").Value = Replace(csentry.DN.ToString, csentry.RDN.ToString & ",", "")
	<?xml version="1.0" encoding="utf-8" ?>
	<Lithnet.ResourceManagement.ConfigSync>
	<Variables>
	<Variable name="#domain#" value="%userdomain%"/>
	<Variable name="#PATH#" value ="C:\some-path\" />
	</Variables>

	<Operations>
	<!-- Create a Bunch of References to Recipients -->
	<ResourceOperation operation="None" resourceType="Person" id="user1">
	<AnchorAttributes>
	<AnchorAttribute>AccountName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="none" name="AccountName">user1</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create Reference to Recipient -->
	<ResourceOperation operation="None" resourceType="Person" id="user2">
	<AnchorAttributes>
	<AnchorAttribute>AccountName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="none" name="AccountName">user2</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create Reference to Recipient -->
	<ResourceOperation operation="None" resourceType="Person" id="user3">
	<AnchorAttributes>
	<AnchorAttribute>AccountName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="none" name="AccountName">user3</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create Reference to Recipient -->
	<ResourceOperation operation="None" resourceType="Person" id="FIMServiceAccount">
	<AnchorAttributes>
	<AnchorAttribute>ObjectID</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="none" name="ObjectID">1009a2cb-e7f8-4db9-9f02-04b91b1d966d</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create Reference to Recipient -->
	<ResourceOperation operation="None" resourceType="Person" id="FIMServiceAdmin">
	<AnchorAttributes>
	<AnchorAttribute>ObjectID</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="none" name="ObjectID">7fb2b853-24f0-4498-9534-4e10589723c4</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- MPR's Sets etc: -->
	<!-- GroupValidation Bypass Set -->
	<ResourceOperation operation="Add Update" resourceType="Set" id="GroupValidationBypassSet">
	<AnchorAttributes>
	<AnchorAttribute>DisplayName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="replace" name="DisplayName">__Set:GroupValidationBypassSet</AttributeOperation>
	<AttributeOperation operation="replace" name="Description">This set bypasses Group Management Workflow</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user2</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user1</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">FIMServiceAccount</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">FIMServiceAdmin</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user3</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create ABC Manual Groups Set -->
	<ResourceOperation operation="Add Update" resourceType="Set" id="ABCManualGroupsSet">
	<AnchorAttributes>
	<AnchorAttribute>DisplayName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="replace" name="DisplayName">__Set:ABC Manual Groups</AttributeOperation>
	<AttributeOperation operation="replace" name="Description">Use this set to allow ABC helpdesk staff to administer these groups.</AttributeOperation>
	<AttributeOperation operation="replace" name="Filter" type="filter">/Group[(adOU = 'OU=Manual Groups,OU=ABC,DC=blah,DC=ac,DC=uk') and (MembershipLocked = False)]</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- Create ABC Manual Group Administrators Set -->
	<ResourceOperation operation="Add Update" resourceType="Set" id="ABCManualGroupsAdministratorsSet">
	<AnchorAttributes>
	<AnchorAttribute>DisplayName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="replace" name="DisplayName">__Set:ABC Manual Groups Administrators</AttributeOperation>
	<AttributeOperation operation="replace" name="Description">Use this set to allow ABC helpdesk staff to administer these groups.</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user1</AttributeOperation>
	<AttributeOperation operation="add" name="ExplicitMember" type="xmlref">user2</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- ABC Manual Group Modify MPR -->
	<ResourceOperation operation="Add Update" resourceType="ManagementPolicyRule" id="ABCManualGroupModifyMPR">
	<AnchorAttributes>
	<AnchorAttribute>DisplayName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="replace" name="DisplayName">__MPR:Group management: ABC Manual Group administrators can update ABC Manual group resources</AttributeOperation>
	<AttributeOperation operation="replace" name="Description">Allows ##xmlref:ABCManualGroupsAdministratorsSet:DisplayName## members to modify membership of ABC Manual Groups</AttributeOperation>
	<AttributeOperation operation="replace" name="Disabled">false</AttributeOperation>
	<AttributeOperation operation="replace" name="GrantRight">true</AttributeOperation>
	<AttributeOperation operation="replace" name="ManagementPolicyRuleType">Request</AttributeOperation>
	<AttributeOperation operation="replace" name="PrincipalSet" type="xmlref">ABCManualGroupsAdministratorsSet</AttributeOperation>
	<AttributeOperation operation="replace" name="ResourceCurrentSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
	<AttributeOperation operation="replace" name="ResourceFinalSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
	<AttributeOperation operation="add" name="ActionType">Read</AttributeOperation>
	<AttributeOperation operation="add" name="ActionType">Add</AttributeOperation>
	<AttributeOperation operation="add" name="ActionType">Remove</AttributeOperation>
	<AttributeOperation operation="add" name="ActionParameter">ExplicitMember</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	<!-- ABC Manual Group Create/Delete MPR -->
	<ResourceOperation operation="Add Update" resourceType="ManagementPolicyRule" id="ABCManualGroupCreateDeleteMPR">
	<AnchorAttributes>
	<AnchorAttribute>DisplayName</AnchorAttribute>
	</AnchorAttributes>
	<AttributeOperations>
	<AttributeOperation operation="replace" name="DisplayName">__MPR:Group management: ABC Manual Group administrators can create and delete ABC Manual group resources</AttributeOperation>
	<AttributeOperation operation="replace" name="Description">Allows ##xmlref:ABCManualGroupsAdministratorsSet:DisplayName## members to Create and Delete ABC Manual Groups</AttributeOperation>
	<AttributeOperation operation="replace" name="Disabled">false</AttributeOperation>
	<AttributeOperation operation="replace" name="GrantRight">true</AttributeOperation>
	<AttributeOperation operation="replace" name="ManagementPolicyRuleType">Request</AttributeOperation>
	<AttributeOperation operation="replace" name="PrincipalSet" type="xmlref">ABCManualGroupsAdministratorsSet</AttributeOperation>
	<AttributeOperation operation="replace" name="ResourceCurrentSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
	<AttributeOperation operation="replace" name="ResourceFinalSet" type="xmlref">ABCManualGroupsSet</AttributeOperation>
	<AttributeOperation operation="add" name="ActionType">Create</AttributeOperation>
	<AttributeOperation operation="add" name="ActionType">Delete</AttributeOperation>
	<AttributeOperation operation="add" name="ActionParameter">*</AttributeOperation>
	</AttributeOperations>
	</ResourceOperation>
	</Operations>
	</Lithnet.ResourceManagement.ConfigSync>