Under Community Review

Tridion Docs CMS admin ability to quickly disable/enable multiple selection of users

As a Tridion Docs admin, I recently had to go through and disable a batch of users. I couldn't see any way to do this other than to individual disable each one, which was quite tedious.

Damian Jewett
Parents

  • Not exactly what you asked for, but it might help. Here's an untested PowerShell script I got from one of the friendly Professional Services folks to create explicitly-named users that you could perhaps investigate and modify to read in a CSV and bulk disable users. No warranty, no support from my end. Your mileage may vary. Look both ways before crossing the street. You run it, you own it. (Especially on prod. Stuck out tongue winking eye)
    -------------

    Write-Host "`r`nImport-Module ISHRemote..."
    Import-Module ISHRemote -DisableNameChecking

    Write-Host "`r`nInitializing..."
    $ishSession = ''

    # Set runtime preferences
    $DebugPreference = "SilentlyContinue" # Continue or SilentlyContinue
    $VerbosePreference = "SilentlyContinue" # Continue or SilentlyContinue
    $WarningPreference = "Continue" # Continue or SilentlyContinue or Stop
    $ProgressPreference= "Continue" # Continue or SilentlyContinue

    # Specify Docs web service URL
    $webServicesBaseUrl = 'server.domain.com/.../'

    # Available user roles:
    # VUSERROLEADMINISTRATOR, VUSERROLEAUTHOR

    # Available user groups:
    # VUSERGROUPDEFAULTDEPARTMENT, VUSERGROUPSYSTEMMANAGEMENT

    # Define Author
    $authorUserRoles = "VUSERROLEAUTHOR"
    $authorUserGroups = "VUSERGROUPDEFAULTDEPARTMENT"

    # Define Administrator users
    $adminUserRoles = "VUSERROLEAUTHOR, VUSERROLEADMINISTRATOR"
    $adminUserGroups = "VUSERGROUPDEFAULTDEPARTMENT, VUSERGROUPSYSTEMMANAGEMENT"

    # Specify common user information. Options for usertype are "Internal" for Docs STS auth or "External" for SSO/ADFS
    $userType = "Internal"
    $activeDirectoryDomain = "DOMAINNAME"
    $emailDomain = "@email.com"
    $userLanguage = "en"
    $userPassword = "changeMe1"

    # Specify which users to create.
    $authorUsersToCreate = @("Author1", "Author2")
    $adminUsersToCreate = @("Admin1", "Admin2")

    try
    {
    Write-Host "`r`nConnecting to" $webServicesBaseUrl"..."

    # Create instance and prompt for credentials
    if ($mycreds -eq $Null)
    {
    $mycreds = Get-Credential -Message "Enter credentials for a Tridion Docs administrator."
    }

    # Initializing new IshSession

    $ishSession = New-IshSession -WsBaseUrl $webServicesBaseUrl -psCred $mycreds
    Write-Host "`r`nSuccessfully connected to" $webServicesBaseUrl"."

    Write-Host "`r`nCreating Author user accounts..."
    If ($authorUsersToCreate.count -gt 0 )
    {
    foreach ($user in $authorUsersToCreate)
    {
    $userIshMetadataFilterFields = Set-IshMetadataFilterField -IshSession $ishSession -Name "NAME" -Level "None" -FilterOperator "like" -Value "$user"
    $userIshObjects = Find-IshUser -IshSession $ishSession -ActivityFilter "None" -MetadataFilter $userIshMetadataFilterFields

    if($userIshObjects.Length -eq 0)
    {
    $ishMetadataFieldsAdd = Set-IshMetadataField -IshSession $ishSession -Name "FISHEMAIL" -Level "none" -Value "$user$emailDomain" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERTYPE" -Level "none" -Value "$userType" `
    | Set-IshMetadataField -IshSession $ishSession -Name "PASSWORD" -Level "none" -Value "$userPassword" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHEXTERNALID" -Level "none" -Value "$activeDirectoryDomain\$user" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERLANGUAGE" -Level "none" -Value "$userLanguage" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FUSERGROUP" -Level "none" -Value "$authorUserGroups" -ValueType "Element" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERROLES" -Level "none" -Value "$authorUserRoles" -ValueType "Element"
    $ishobjectsAdd = Add-IshUser -IshSession $ishSession -Name "$user" -Metadata $ishMetadataFieldsAdd
    Write-Host "Created Author account for '$user'."
    }
    else
    {
    Write-Host "'$user' already has an account."
    }
    }
    }
    else
    {
    Write-Host "No Author accounts were created."
    }

    Write-Host "`r`nCreating Administrator user accounts..."
    If ($adminUsersToCreate.count -gt 0 )
    {
    foreach ($user in $adminUsersToCreate)
    {
    $userIshMetadataFilterFields = Set-IshMetadataFilterField -IshSession $ishSession -Name "NAME" -Level "None" -FilterOperator "like" -Value "$user"
    $userIshObjects = Find-IshUser -IshSession $ishSession -ActivityFilter "None" -MetadataFilter $userIshMetadataFilterFields

    if($userIshObjects.Length -eq 0)
    {
    $ishMetadataFieldsAdd = Set-IshMetadataField -IshSession $ishSession -Name "FISHEMAIL" -Level "none" -Value "$user$emailDomain" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERTYPE" -Level "none" -Value "$userType" `
    | Set-IshMetadataField -IshSession $ishSession -Name "PASSWORD" -Level "none" -Value "$userPassword" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHEXTERNALID" -Level "none" -Value "$activeDirectoryDomain\$user" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERLANGUAGE" -Level "none" -Value "$userLanguage" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FUSERGROUP" -Level "none" -Value "$adminUserGroups" -ValueType "Element" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERROLES" -Level "none" -Value "$adminUserRoles" -ValueType "Element"
    $ishobjectsAdd = Add-IshUser -IshSession $ishSession -Name "$user" -Metadata $ishMetadataFieldsAdd
    Write-Host "Created Administrator account for '$user'."
    }
    else
    {
    Write-Host "'$user' already has an account."
    }
    }
    }
    else
    {
    Write-Host "No Administrator accounts were created."
    }

    }
    catch
    {
    Write-Host "`r`nException"
    Write-Host "========="
    $Error[0].Exception.Message # $_.Message;
    Write-Host "========="
    }
    finally
    {
    Write-Host "`r`nRemove-Module ISHRemote..."
    Remove-Module ISHRemote
    }

Comment

  • Not exactly what you asked for, but it might help. Here's an untested PowerShell script I got from one of the friendly Professional Services folks to create explicitly-named users that you could perhaps investigate and modify to read in a CSV and bulk disable users. No warranty, no support from my end. Your mileage may vary. Look both ways before crossing the street. You run it, you own it. (Especially on prod. Stuck out tongue winking eye)
    -------------

    Write-Host "`r`nImport-Module ISHRemote..."
    Import-Module ISHRemote -DisableNameChecking

    Write-Host "`r`nInitializing..."
    $ishSession = ''

    # Set runtime preferences
    $DebugPreference = "SilentlyContinue" # Continue or SilentlyContinue
    $VerbosePreference = "SilentlyContinue" # Continue or SilentlyContinue
    $WarningPreference = "Continue" # Continue or SilentlyContinue or Stop
    $ProgressPreference= "Continue" # Continue or SilentlyContinue

    # Specify Docs web service URL
    $webServicesBaseUrl = 'server.domain.com/.../'

    # Available user roles:
    # VUSERROLEADMINISTRATOR, VUSERROLEAUTHOR

    # Available user groups:
    # VUSERGROUPDEFAULTDEPARTMENT, VUSERGROUPSYSTEMMANAGEMENT

    # Define Author
    $authorUserRoles = "VUSERROLEAUTHOR"
    $authorUserGroups = "VUSERGROUPDEFAULTDEPARTMENT"

    # Define Administrator users
    $adminUserRoles = "VUSERROLEAUTHOR, VUSERROLEADMINISTRATOR"
    $adminUserGroups = "VUSERGROUPDEFAULTDEPARTMENT, VUSERGROUPSYSTEMMANAGEMENT"

    # Specify common user information. Options for usertype are "Internal" for Docs STS auth or "External" for SSO/ADFS
    $userType = "Internal"
    $activeDirectoryDomain = "DOMAINNAME"
    $emailDomain = "@email.com"
    $userLanguage = "en"
    $userPassword = "changeMe1"

    # Specify which users to create.
    $authorUsersToCreate = @("Author1", "Author2")
    $adminUsersToCreate = @("Admin1", "Admin2")

    try
    {
    Write-Host "`r`nConnecting to" $webServicesBaseUrl"..."

    # Create instance and prompt for credentials
    if ($mycreds -eq $Null)
    {
    $mycreds = Get-Credential -Message "Enter credentials for a Tridion Docs administrator."
    }

    # Initializing new IshSession

    $ishSession = New-IshSession -WsBaseUrl $webServicesBaseUrl -psCred $mycreds
    Write-Host "`r`nSuccessfully connected to" $webServicesBaseUrl"."

    Write-Host "`r`nCreating Author user accounts..."
    If ($authorUsersToCreate.count -gt 0 )
    {
    foreach ($user in $authorUsersToCreate)
    {
    $userIshMetadataFilterFields = Set-IshMetadataFilterField -IshSession $ishSession -Name "NAME" -Level "None" -FilterOperator "like" -Value "$user"
    $userIshObjects = Find-IshUser -IshSession $ishSession -ActivityFilter "None" -MetadataFilter $userIshMetadataFilterFields

    if($userIshObjects.Length -eq 0)
    {
    $ishMetadataFieldsAdd = Set-IshMetadataField -IshSession $ishSession -Name "FISHEMAIL" -Level "none" -Value "$user$emailDomain" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERTYPE" -Level "none" -Value "$userType" `
    | Set-IshMetadataField -IshSession $ishSession -Name "PASSWORD" -Level "none" -Value "$userPassword" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHEXTERNALID" -Level "none" -Value "$activeDirectoryDomain\$user" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERLANGUAGE" -Level "none" -Value "$userLanguage" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FUSERGROUP" -Level "none" -Value "$authorUserGroups" -ValueType "Element" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERROLES" -Level "none" -Value "$authorUserRoles" -ValueType "Element"
    $ishobjectsAdd = Add-IshUser -IshSession $ishSession -Name "$user" -Metadata $ishMetadataFieldsAdd
    Write-Host "Created Author account for '$user'."
    }
    else
    {
    Write-Host "'$user' already has an account."
    }
    }
    }
    else
    {
    Write-Host "No Author accounts were created."
    }

    Write-Host "`r`nCreating Administrator user accounts..."
    If ($adminUsersToCreate.count -gt 0 )
    {
    foreach ($user in $adminUsersToCreate)
    {
    $userIshMetadataFilterFields = Set-IshMetadataFilterField -IshSession $ishSession -Name "NAME" -Level "None" -FilterOperator "like" -Value "$user"
    $userIshObjects = Find-IshUser -IshSession $ishSession -ActivityFilter "None" -MetadataFilter $userIshMetadataFilterFields

    if($userIshObjects.Length -eq 0)
    {
    $ishMetadataFieldsAdd = Set-IshMetadataField -IshSession $ishSession -Name "FISHEMAIL" -Level "none" -Value "$user$emailDomain" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERTYPE" -Level "none" -Value "$userType" `
    | Set-IshMetadataField -IshSession $ishSession -Name "PASSWORD" -Level "none" -Value "$userPassword" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHEXTERNALID" -Level "none" -Value "$activeDirectoryDomain\$user" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERLANGUAGE" -Level "none" -Value "$userLanguage" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FUSERGROUP" -Level "none" -Value "$adminUserGroups" -ValueType "Element" `
    | Set-IshMetadataField -IshSession $ishSession -Name "FISHUSERROLES" -Level "none" -Value "$adminUserRoles" -ValueType "Element"
    $ishobjectsAdd = Add-IshUser -IshSession $ishSession -Name "$user" -Metadata $ishMetadataFieldsAdd
    Write-Host "Created Administrator account for '$user'."
    }
    else
    {
    Write-Host "'$user' already has an account."
    }
    }
    }
    else
    {
    Write-Host "No Administrator accounts were created."
    }

    }
    catch
    {
    Write-Host "`r`nException"
    Write-Host "========="
    $Error[0].Exception.Message # $_.Message;
    Write-Host "========="
    }
    finally
    {
    Write-Host "`r`nRemove-Module ISHRemote..."
    Remove-Module ISHRemote
    }

Children
No Data