This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FNMS Operators roles from AD Groups

Sergey_V
By
Level 3

Hi, does anybody can share scenario of managing FNMS operators roles by membership in AD groups?

Thx!

‎Jul 04, 2019 08:54 AM

(5) Replies

ChrisG
By Community Manager Community Manager
Community Manager

The attached sample adapter could be used as a starting point for implementing a process such as the following with FlexNet On-Premises:

  1. Arrange to export relevant AD group membership information to a CSV file named C:\Temp\ADOperatorRoles.csv. This file should have the following columns: MemberName, Mail, RoleName (see the details in the adapter to understand which fields in FlexNet these columns map to).
  2. Run the adapter to import the role membership information from the CSV file.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Jul 04, 2019 08:39 PM

Preview file
3 KB

mfranz
By Level 17 Champion
Level 17 Champion
In response to ChrisG

With PowerShell you can easily pull user objects from a group with:

Get-ADGroupMember -Identity <GroupName>

Add some filtering:

Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName

And export it to CSV:

Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName | Export-Csv <FileName> -NoTypeInformation

‎Jul 05, 2019 06:44 AM

JanPie
By
Level 6
In response to mfranz

On related note.. what is the good way to automatically remove operator access?

From what I know there is sp GroupExDeleteGroupMembership that should do it. Anyone used it before in such scenario?

I am already doing some automation for Named User licenses, based on AD groups. There it's safe to remove allocations, directly for allocations table with Custom SQL, but Operator is slightly more complicated.

‎Jul 08, 2019 04:05 AM

0 Kudos

mfranz
By Level 17 Champion
Level 17 Champion
In response to JanPie

Hi Jan,

You could just go and disable the operator in the ComplianceOperator table by setting the "IsEnabled" flag to "0".

Or, if you want to completely remove them, you could use the stored procedures

  • ComplianceOperatorRemoveByID
  • ComplianceOperatorRemoveBatch

Because you are referring to group memberships, if you plan to change the operator scope/restriction, keep in mind that removing all business units / locations / cost centers will result in global access.

Best regards,

Markward

‎Jul 08, 2019 04:21 AM

stefange
By
Level 6

Hi,

Another option would the implementation of Single Sign-on with SAML. This way you can grant access via the Identity Provider on group level. (only if your IP supports authentication on group level)

More information about SAML can be found on the FNMSSystemReference.pdf.

Stefan

‎Jul 05, 2019 06:24 AM