I'm using the follwing statement to create windows users: New-PWUserSimple -UserNames name -Description description -Email firstname.lastname@example.org -Password $secpassword -SecurityProvider GLOBAL
Can someone tell me what do i need to modify to create a windows synchronized user?
i tried to use the old PWPS command "new-pwuse" and this gives me the following error:
new-PWUser : Unable to find an entry point named 'aaApi_CreateUser2' in DLL 'dmscli.dll'.
Unable to find an entry point named 'aaApi_CreateUser2' in DLL 'dmscli.dll'.,Bentley.ProjectWise.PowerShell.Commands.NewPWUser
Looking at the database, there is no distinction between Windows and Windows Synchronized users in the dms_user table (both are W). I have a query that will find users not in a synced group (close but not exactly what you need) - this is as close as I could get. A distinction in dms_user would be preferred. Once the user is found I can go and edit him manually in PWA.
DECLARE @i INT
DECLARE @var2 VARCHAR (max);
SELECT @i = o_groupno
WHERE o_groupname LIKE 'Domain Users'
SET @var2 = 'SELECT o_username, o_userdesc, o_email
WHERE (o_userno NOT IN
(select o_userno from dbo.dms_grpm where o_groupno = ' + CONVERT (VARCHAR (10), @i) + ')) AND
(o_flags = 0) AND
(o_usertype = ''W'') AND
(o_secprovider = ''NA'')
ORDER by o_username'
It would be nice if this functionality were there so creating synced accounts would not have to rely on the sync service or manually setting them in administrator, but the documentation has always stated "Currently, changing a User's Type from Windows to WinSync (or vice-versa) will have no effect" even when trying to change the settings of a user using PowerShell.
I changed the DOMAIN on accounts with the API a few years ago. I had to set the account to Logical, then back to Windows (synced). So that the SID was updated in the account. There is only L and W for type when using aaApi_ModifyUserExt from the API. I do not see a way to set the user an synchronized this from the current c++ api.
The dms_identity table will allow you to find Federated user accounts and the ds_maping table (o_itemtype = 1) will identify Windows Synchronised user accounts.
SELECT UserType, COUNT(*) AS Count
FROM (SELECT u.[o_userno],
WHEN i.[o_idname] IS NOT NULL THEN 'Federated Identity'
WHEN u.[o_usertype] = 'D' THEN 'Logical'
WHEN u.[o_usertype] = 'W' AND m.[o_sidno] IS NULL THEN 'Windows'
WHEN u.[o_usertype] = 'W' AND m.[o_itemtype] = 1 AND m.[o_sidno] IS NOT NULL THEN 'Windows Synchronized'
ELSE '' END AS UserType
FROM [dms_user] AS u
LEFT JOIN [dms_identity] AS i
ON i.[o_userno] = u.[o_userno]
LEFT JOIN [ds_mapping] AS m
ON m.[o_itemno] = u.[o_userno]) AS t
GROUP BY UserType
Any progress on this? Will it be added? It would be nice to be able to add windows accounts in pwps_dab.
The example says this should work, but it does not:
e.g example in help:
New-PWUserSimple Win.User -SecurityProvider YourDomain -Email Win.User@YourDomain.com
New-PWUserSimple "aaa.bbb" -SecurityProvider "MyDOMAIN" -Email "email@example.com"
New-PWUserSimple : Error 58004 attempting to create user 'aaa.bbb'At line:1 char:1+ New-PWUserSimple "aaa.bbb" -SecurityProvider "MyDOMAIN" -Email "aaa.b ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [New-PWUserSimple], Exception + FullyQualifiedErrorId : Error creating user,PWPS_DAB.NewPWUserSimple
This would be a nice to have working as then the Update-PWUserSetting Cmdlet could be used to then go on to set the user settings.
I believe error 58004 is "Insufficient information passed to dmsapi"
Unless of course their is another way to achieve this. I want to work in 64 bit, so do not want to rely on pwps.