The attached sample adapter could be used as a starting point for implementing a process such as the following with FlexNet On-Premises:
Jul 04, 2019 08:39 PM
With PowerShell you can easily pull user objects from a group with:
Get-ADGroupMember -Identity <GroupName>
Add some filtering:
Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName
And export it to CSV:
Get-ADGroupMember -Identity <GroupName> | Select-Object name,SamAccountName | Export-Csv <FileName> -NoTypeInformation
Jul 05, 2019 06:44 AM
On related note.. what is the good way to automatically remove operator access?
From what I know there is sp GroupExDeleteGroupMembership that should do it. Anyone used it before in such scenario?
I am already doing some automation for Named User licenses, based on AD groups. There it's safe to remove allocations, directly for allocations table with Custom SQL, but Operator is slightly more complicated.
Jul 08, 2019 04:05 AM
You could just go and disable the operator in the ComplianceOperator table by setting the "IsEnabled" flag to "0".
Or, if you want to completely remove them, you could use the stored procedures
Because you are referring to group memberships, if you plan to change the operator scope/restriction, keep in mind that removing all business units / locations / cost centers will result in global access.
Jul 08, 2019 04:21 AM
Another option would the implementation of Single Sign-on with SAML. This way you can grant access via the Identity Provider on group level. (only if your IP supports authentication on group level)
More information about SAML can be found on the FNMSSystemReference.pdf.
Jul 05, 2019 06:24 AM