Solved

How to add new AD group to have certain permission to clients in buik using CLI.


Badge +4

Hi,

 

I have a list of 100+ clients in commvault. I will need to add new AD groups to existing permission role for these clients in security tab at both client level and file system level.

 

Does anyone know how to use CLI to do it instead of going through GUI one by one?

Once I have this CLI command I can put together something in Excel and run them in bulk.

 

I know I can create a client group and add permission in this way but in our environment we have to do the change on clients.

 

Kind regards,

Boyi

icon

Best answer by Damian Andre 19 May 2023, 06:58

View original

2 replies

Badge +4

@Damian Andre Thank you for the advice. I was able make the change in bulk with xml file I created using this “save as script” feature and use command “qoperation execute -af xx.xml -clientName xxx”.

 

When the xml file was generated, the association part is at the bottom and I didnt need to put in at the top to make it work. Maybe it is because I used a different command?

Userlevel 7
Badge +23

Hi @Boyi,

Yes you can try this method although it is a bit hacky and will take some fiddling to get right. Might be quicker to do it manually unless you do this all the time.

In the commcell console, go to the security tab and adjust the change you need to make for one example client. Before clicking OK, use the save as script option. This creates an XML of all the setting on the client. Obviously you don't want them all, so you are going to have to trim down the XML just to the settings that you need - most of it is self explanatory. Using an XML aware editor is probably recommended as its hard to see the levels in a regular text editor.

 

Make sure you keep the association at the top of the XML - this tells Commvault which client to apply the settings to.

  <association>
    <entity>
      <clientName>ClientName</clientName>
    </entity>
  </association>

The tricky bit here (once you have perfected the XML to only update the settings that you need) is to update the association and generate an XML for every client. You could create a powershell script or other scripting language that reads a list of clients from a text file and then generates the XML - then you need a batch file to go execute them using the commserve commandline tool https://documentation.commvault.com/11.24/expert/45269_qoperation_execscript.html

qoperation execscript -sn yourscript.xml

 

This might not be the only way, but I have approached something similar in the past this way.

Reply