I'm using the follwing statement to create windows users: New-PWUserSimple -UserNames name -Description description -Email email@example.com -Password $secpassword -SecurityProvider GLOBAL
Can someone tell me what do i need to modify to create a windows synchronized user?
i tried to use the old PWPS command "new-pwuse" and this gives me the following error:
new-PWUser : Unable to find an entry point named 'aaApi_CreateUser2' in DLL 'dmscli.dll'.
Unable to find an entry point named 'aaApi_CreateUser2' in DLL 'dmscli.dll'.,Bentley.ProjectWise.PowerShell.Commands.NewPWUser
Looking at the database, there is no distinction between Windows and Windows Synchronized users in the dms_user table (both are W). I have a query that will find users not in a synced group (close but not exactly what you need) - this is as close as I could get. A distinction in dms_user would be preferred. Once the user is found I can go and edit him manually in PWA.
DECLARE @i INT
DECLARE @var2 VARCHAR (max);
SELECT @i = o_groupno
WHERE o_groupname LIKE 'Domain Users'
SET @var2 = 'SELECT o_username, o_userdesc, o_email
WHERE (o_userno NOT IN
(select o_userno from dbo.dms_grpm where o_groupno = ' + CONVERT (VARCHAR (10), @i) + ')) AND
(o_flags = 0) AND
(o_usertype = ''W'') AND
(o_secprovider = ''NA'')
ORDER by o_username'
The dms_identity table will allow you to find Federated user accounts and the ds_maping table (o_itemtype = 1) will identify Windows Synchronised user accounts.
SELECT UserType, COUNT(*) AS Count
FROM (SELECT u.[o_userno],
WHEN i.[o_idname] IS NOT NULL THEN 'Federated Identity'
WHEN u.[o_usertype] = 'D' THEN 'Logical'
WHEN u.[o_usertype] = 'W' AND m.[o_sidno] IS NULL THEN 'Windows'
WHEN u.[o_usertype] = 'W' AND m.[o_itemtype] = 1 AND m.[o_sidno] IS NOT NULL THEN 'Windows Synchronized'
ELSE '' END AS UserType
FROM [dms_user] AS u
LEFT JOIN [dms_identity] AS i
ON i.[o_userno] = u.[o_userno]
LEFT JOIN [ds_mapping] AS m
ON m.[o_itemno] = u.[o_userno]) AS t
GROUP BY UserType
Any progress on this? Will it be added? It would be nice to be able to add windows accounts in pwps_dab.
The example says this should work, but it does not:
e.g example in help:
New-PWUserSimple Win.User -SecurityProvider YourDomain -Email Win.User@YourDomain.com
New-PWUserSimple "aaa.bbb" -SecurityProvider "MyDOMAIN" -Email "firstname.lastname@example.org"
New-PWUserSimple : Error 58004 attempting to create user 'aaa.bbb'At line:1 char:1+ New-PWUserSimple "aaa.bbb" -SecurityProvider "MyDOMAIN" -Email "aaa.b ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [New-PWUserSimple], Exception + FullyQualifiedErrorId : Error creating user,PWPS_DAB.NewPWUserSimple
This would be a nice to have working as then the Update-PWUserSetting Cmdlet could be used to then go on to set the user settings.
I believe error 58004 is "Insufficient information passed to dmsapi"
Unless of course their is another way to achieve this. I want to work in 64 bit, so do not want to rely on pwps.