Can someone help me figure out how to use PowerCLI to created groups in NSX-T 3.0 (or 2.5) that are based on AD Groups? I can do it fine in the gui, but need to script it with powerCLI.
Here is what I have so far. I think the error is how I specify the DN and Base DN. I think those are required based on the info I pulled using Postman.
| | #Create Group - User - AD (IDFW) |
| | #Variables |
| | $groupdomain = "default" |
| | $groupid = "Lab - $UserName - AD Group" |
| | $dn = "CN=KAhnemann-NSX,OU=NSX Groups,OU=Groups,OU=AccudataLab,DC=AccudataLab,DC=com" |
| | $basedn = "DC=AccudataLab,DC=com" |
| | $groupmember_type = "IdentityGroup" |
| | #Retrieve Group Information |
| | $groupdata = Get-NsxtPolicyService -Name com.vmware.nsx_policy.infra.domains.groups |
| | #Set Group Variables |
| | $groupspecification = $groupdata.Help.patch.group.Create() |
| | $groupspecification.display_name = $groupid |
| | $groupspecification.description = $description |
| | #Add Group Member Variables |
| | $groupexpspecification = $groupdata.Help.patch.group.extended_expression.Element.condition.Create() |
| | $groupexpspecification.member_type = $groupmember_type |
| | $groupexpspecification.key="Tag" |
| | $groupexpspecification.operator = "EQUALS" |
| | $groupexpspecification.member_type = $groupmember_type |
| | $groupexpspecification.domain_base_distinguished_name = $basedn |
| | $roupexpspecification.distinguished_name = $dn |
| | $groupspecification.extended_expression.Add($groupexpspecification) | Out-Null |
| | #Add Powercli TAG to Group |
| | $grouptag = $groupdata.Help.patch.group.tags.Element.Create() |
| | $grouptag.tag = $powerclitag |
| | $groupspecification.tags.Add($grouptag) | Out-Null |
| | #Add User TAG to Group |
| | $grouptag = $groupdata.Help.patch.group.tags.Element.Create() |
| | $grouptag.tag = $usertag |
| | $groupspecification.tags.Add($grouptag) | Out-Null |
| | #Create Group |
| | $groupdata.patch($groupdomain, $groupid, $groupspecification) |