jkbryan/importgroupfilters.ps1

## importgroupfilters.ps1
if (@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0)
{
 Add-PSSnapIn FIMAutomation
}

function GenerateFilter
{
 PARAM ($xpathFilter)
 END
 {
  return "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">" + $xpathFilter + "</Filter>"
 }
}

function CreateImportChange
{
 PARAM($AttributeName, $AttributeValue, $Operation)
 END
 {
  $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
  $importChange.Operation = $Operation
  $importChange.AttributeName = $AttributeName
  $importChange.AttributeValue = $AttributeValue
  $importChange.FullyResolved = 1
  $importChange.Locale = "Invariant"
  return $importChange
 }
}

function GetAttributeValueFromResource
{
 PARAM ($exportObject, $attributeName)
 END
 {
  foreach ($attribute in $exportObject.ResourceManagementObject.ResourceManagementAttributes)
  {
   if($attribute.AttributeName.Equals($attributeName))
   {
    if ($attribute.IsMultiValue)
    {
     return $attribute.Values
    }
    else
    {
     return $attribute.Value
    }
   }

  }
  return $null
 }
}

$csv = Import-Csv -delimiter `t -header "GroupName","Filter" "C:\FIMScripts\MyFile.csv"

foreach ($entry in $csv)
{
 $myGroupName=$entry.GroupName
 $myFilter = $entry.Filter
 #Write-Host "Name:" $myGroupName
 #Write-Host "Filter:" $myFilter

 $group = Export-FIMConfig -customConfig "/Group[DisplayName='$myGroupName']" -onlyBaseResources
 if ($group -eq $NULL) #if group doesn't exist, continue
 {
 Write-Host "Group does not exist!:" $myGroupName
  continue
 }
 $filter = GenerateFilter -xpathFilter $myFilter

 #Write-Host "xpathFilter:" $filter

 #construct the web service operation
 $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
 #the object type is Group
 $importObject.ObjectType = "Group"
 #we are modify the group we've identified above
 $importObject.SourceObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
 $importObject.TargetObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
  #Put operation is enum 1
 $importObject.State = 1

 #construct the operation to Replace filter, Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "Filter" -attributeValue $filter -operation 1

 #construct the operation to change membership add workflow to None. Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "MembershipAddWorkflow" -attributeValue "None" -operation 1

 #construct the operation to change membership locked to True. Replace attribute operation is enum 1
 $importObject.Changes += CreateImportChange -attributeName "MembershipLocked" -attributeValue "True" -operation 1

 #construct the operations to remove explicit members. Remove attribute operation is enum 2

 $explicitMembers = GetAttributeValueFromResource -exportObject $group -attributeName "ExplicitMember"
 if ($explictMembers -ne $NULL)
 {
  foreach ($explicitMember in $explicitMembers)
  {
   $importObject.Changes += CreateImportChange -attributeName "ExplicitMember" -attributeValue $explicitMember -Operation 2
  }
 }

 $importObject | Import-FIMConfig
 $undone.Count
}
	if (@(get-pssnapin \| where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0)
	{
	Add-PSSnapIn FIMAutomation
	}

	function GenerateFilter
	{
	PARAM ($xpathFilter)
	END
	{
	return "<Filter xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`" xmlns:xsd=`"http://www.w3.org/2001/XMLSchema`" Dialect=`"http://schemas.microsoft.com/2006/11/XPathFilterDialect`" xmlns=`"http://schemas.xmlsoap.org/ws/2004/09/enumeration`">" + $xpathFilter + "</Filter>"
	}
	}

	function CreateImportChange
	{
	PARAM($AttributeName, $AttributeValue, $Operation)
	END
	{
	$importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
	$importChange.Operation = $Operation
	$importChange.AttributeName = $AttributeName
	$importChange.AttributeValue = $AttributeValue
	$importChange.FullyResolved = 1
	$importChange.Locale = "Invariant"
	return $importChange
	}
	}

	function GetAttributeValueFromResource
	{
	PARAM ($exportObject, $attributeName)
	END
	{
	foreach ($attribute in $exportObject.ResourceManagementObject.ResourceManagementAttributes)
	{
	if($attribute.AttributeName.Equals($attributeName))
	{
	if ($attribute.IsMultiValue)
	{
	return $attribute.Values
	}
	else
	{
	return $attribute.Value
	}
	}

	}
	return $null
	}
	}

	$csv = Import-Csv -delimiter `t -header "GroupName","Filter" "C:\FIMScripts\MyFile.csv"

	foreach ($entry in $csv)
	{
	$myGroupName=$entry.GroupName
	$myFilter = $entry.Filter
	#Write-Host "Name:" $myGroupName
	#Write-Host "Filter:" $myFilter

	$group = Export-FIMConfig -customConfig "/Group[DisplayName='$myGroupName']" -onlyBaseResources
	if ($group -eq $NULL) #if group doesn't exist, continue
	{
	Write-Host "Group does not exist!:" $myGroupName
	continue
	}
	$filter = GenerateFilter -xpathFilter $myFilter

	#Write-Host "xpathFilter:" $filter

	#construct the web service operation
	$importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
	#the object type is Group
	$importObject.ObjectType = "Group"
	#we are modify the group we've identified above
	$importObject.SourceObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
	$importObject.TargetObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
	#Put operation is enum 1
	$importObject.State = 1

	#construct the operation to Replace filter, Replace attribute operation is enum 1
	$importObject.Changes += CreateImportChange -attributeName "Filter" -attributeValue $filter -operation 1

	#construct the operation to change membership add workflow to None. Replace attribute operation is enum 1
	$importObject.Changes += CreateImportChange -attributeName "MembershipAddWorkflow" -attributeValue "None" -operation 1

	#construct the operation to change membership locked to True. Replace attribute operation is enum 1
	$importObject.Changes += CreateImportChange -attributeName "MembershipLocked" -attributeValue "True" -operation 1

	#construct the operations to remove explicit members. Remove attribute operation is enum 2

	$explicitMembers = GetAttributeValueFromResource -exportObject $group -attributeName "ExplicitMember"
	if ($explictMembers -ne $NULL)
	{
	foreach ($explicitMember in $explicitMembers)
	{
	$importObject.Changes += CreateImportChange -attributeName "ExplicitMember" -attributeValue $explicitMember -Operation 2
	}
	}

	$importObject \| Import-FIMConfig
	$undone.Count
	}