The attached sample adapter could be used as a starting point for implementing a process such as the following with FlexNet On-Premises:
- Arrange to export relevant AD group membership information to a CSV file named C:\Temp\ADOperatorRoles.csv. This file should have the following columns: Member, Name, Mail, RoleName (see the details in the adapter to understand which fields in FlexNet these columns map to).
- Run the adapter to import the role membership information from the CSV file.
With PowerShell you can easily pull user objects from a group with:
Get-ADGroupMember -Identity <GroupName>
Add some filtering:
Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName
And export it to CSV:
Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName | Export-Csv <FileName> -NoTypeInformation
On related note.. what is the good way to automatically remove operator access?
From what I know there is sp GroupExDeleteGroupMembership that should do it. Anyone used it before in such scenario?
I am already doing some automation for Named User licenses, based on AD groups. There it's safe to remove allocations, directly for allocations table with Custom SQL, but Operator is slightly more complicated.
You could just go and disable the operator in the ComplianceOperator table by setting the "IsEnabled" flag to "0".
Or, if you want to completely remove them, you could use the stored procedures
Because you are referring to group memberships, if you plan to change the operator scope/restriction, keep in mind that removing all business units / locations / cost centers will result in global access.
Another option would the implementation of Single Sign-on with SAML. This way you can grant access via the Identity Provider on group level. (only if your IP supports authentication on group level)
More information about SAML can be found on the FNMSSystemReference.pdf.