Community
ProLiant Servers (ML,DL,SL)

Howto delete "Directory Groups " on ILOs via powershell

 
kuehnela
Occasional Collector

‎08-10-2017 12:40 AM

‎08-10-2017 12:40 AM

Howto delete "Directory Groups " on ILOs via powershell

hello community

I have activated ldap authenification on 150 ILOs in our company in addition to the local "admin users". Ldap is activated by "Set-HPiLODirectory" and is ok.

Set-HPiLODirectory -DisableCertificateAuthentication -LDAPDirectoryAuthentication Use_Directory_Default_Schema -LocalUserAccount Yes -Username $ILOUSER -Password $ILOPASSWORD -Server $ILOIP -ServerAddress XXX.local -ServerPort 636 -UserContext1 "CN=YYY,OU=AAA,OU=SSS,DC=GGG,DC=local"

After this I added a AD Group with the permissions we need: Login for AD Users within the AD group "CN=..." works.

Set-HPiLOSchemalessDirectory -DisableCertificateAuthentication -Username $ILOUSER -Password $ILOPASSWORD -Server $ILOIP -GroupAccount 'Enable' -Group1Name "CN=XXX,OU=YYY,DC=ZZZ,DC=local" -Group1Priv "1,2,3,4,5,6" #1 - admin, 2 - settings, 3 - power, 4 - media, 5 - remote console, 6 - login

Now I have the problem, that there are 2 Directory Groups (Administrators and Authenticated Users) I have to delete. The 2 groups are on all ILOs per default...

I cannot find a commandlet to list and delete the Directory Groups via powershell, and I will not login to all 150 ILOs and delete them manually :-(

So my question, is the a commandlet to do this or do you have a workaround to do this?

thx for support

0 Kudos
Reply
5 REPLIES 5
GokulKS
HPE Pro

‎08-28-2017 10:56 PM

‎08-28-2017 10:56 PM

Re: Howto delete "Directory Groups " on ILOs via powershell

Hi,

iLO does not provide any API for listing the directory groups or deleting same.

But they do provide disabling the directory groups which you can try on the directory groups you want to delete.

Disabling directory groups can be achieved using set-hpilodirectory cmdlet with -LDAPDirectoryAuthentication parameter value as "Disable". Refer the cmdlet help  examples which clearly shows how to disable the directory group.

Cmdlet snippet is pasted below.

Set-HPiLODirectory -Server $Server -LDAPDirectoryAuthentication @("Disable","Use_HP_Extended_Schema") -LocalUserAccount @("Y","N")

Thanks,

Gokul

HPE PowerShell Team


I am a HPE Employee

Accept or Kudo

0 Kudos
Reply
K9OL
New Member

‎01-03-2018 04:32 PM

‎01-03-2018 04:32 PM

Re: Howto delete "Directory Groups " on ILOs via powershell

Like you I am trying to clean up an existing iLO Environment. I wanted to add the current three AD Security Groups we are using; an Admin Level, an Operator level, and a Read-Only level. Here's is what I did to Delete Existing AD Security Groups from the iLO configuration:

Set-HPiLOSchemalessDirectory -Server $HOSTNAME -USERNAME $user -Password $pwd -DisableCertificateAuthentication -Group1Name $Admin -Group1Priv $Admin_Priv -Group1SID $Admin_SID -Group2Name $Opt -Group2Priv $Opt_Priv -Group2SID $Opt_SID -Group3Name $RO -Group3Priv $RO_Priv -Group3SID $RO_SID -Group4Name "" -Group5Name "" -Group6Name ""

After setting the values for the variables above for the new groups I'd also listed slots #4, #5, and #6. If you use just the "-Group#Name" and use empty "" it will remove any existing data in the number provide slot.

the following:

Set-HPiLOSchemalessDirectory -Server $HOSTNAME -USERNAME $user -Password $pwd -DisableCertificateAuthentication -Group2Name ""

Will remove the existing Group in the #2 slot, then move the existing #3 Group into the #2 Slot, the #4 Group would move into the #3 slot, ETC.

 

Hope this makes sense....

0 Kudos
Reply
GokulKS
HPE Pro

‎01-04-2018 10:48 PM

‎01-04-2018 10:48 PM

Re: Howto delete "Directory Groups " on ILOs via powershell

Hi,

If you are asking for confirmation then the commands you are trying will work as desired.

Anything else you want to know apart from the previous post confirmation let me know.

Thanks,

Gokul

HPE PowerShell Team


I am a HPE Employee

Accept or Kudo

0 Kudos
Reply
Sceptico
New Member

‎08-14-2018 04:49 AM - edited ‎08-14-2018 04:54 AM

‎08-14-2018 04:49 AM - edited ‎08-14-2018 04:54 AM

Re: Howto delete "Directory Groups " on ILOs via powershell

With the latest HP iLO commandlets, this command is not longer available and the replacement (Set-HPEiLODirectoryGroup) does not accept null entries e.g.

Set-HPEiLODirectoryGroup -GroupName 'GrouptoRemove' -NewGroupName ""

...will not work

Is there a replacement Powershell command to remove directory groups from the user administration section?

0 Kudos
Reply
GokulKS
HPE Pro

‎08-19-2018 11:05 PM

‎08-19-2018 11:05 PM

Re: Howto delete "Directory Groups " on ILOs via powershell

Hi,

Unfortunately there is no RIBCL support from iLO4 for deletion of diretory groups and that is the reason for not allowing empty tags in Set-HPEiLODirectoryGroup cmdlet. You have to use iLO GUI only to delete the groups.

Thanks,

Gokul

 

 

 


I am a HPE Employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.