The following sections provide the scriptable operations you can perform on the root node object and include C# method syntax and samples where applicable.
Initialize the GP Repository script operations.
Wscript.CreateObject("faGPRRoot.faGPRRoot")
The following code allows you to initialize the GP Repository script operations.
Dim oGPRroot
Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot")
IfaGPRRoot oGPRroot = new faGPRRoot();
The following code allows you to initialize the GP Repository script operations.
public static void CreateRootObject()
{
IfaGPRRoot oGPRroot = new faGPRRoot();
Console.WriteLine("Root object created: " + oGPRroot.GetType().ToString());
Console.ReadKey();
}
Use the NqGPARepConfig.exe tool to change the Repository Authorization Code or the GPA Security Account. For more information, see Section 3.2.2, Changing or Updating the GPA Security Account.
NqGpaRepConfig.exe [/Repository:<server>] [/DB:<database name>] [/User:<login_name> /Pass:<password> | *] [/RepAuthCode:<Rep_code>] [/AddSecurityAccount:<domain\account_name>] [/LSecurityAccounts] [/Disconnect] [/? | /Help]
The following table describes the command‑line parameters and variables.
|
Variable Name |
Replace With |
|---|---|
|
/Repository: ServerName |
Name of the Microsoft SQL Server computer. The default value is the local computer. |
|
/DB: DatabaseName |
Name of the GP Repository database. The default value of the GP Repository database name is GPO_REPOSITORY. |
|
/User: LoginName |
The SQL Server account name that can perform the operation. |
|
/Pass: Password |
The SQL Server account password for the account provided in the /User option. |
|
/RepAuthCode: Rep_code |
Sets the Repository Authorization Code. |
|
/AddSecurityAccount: DomainAccountName |
Adds the specified account as a GPA Security account. |
|
/LSecurityAccounts |
Lists all accounts specified as GPA Security accounts. |
|
/Disconnect |
Removes all connections between the GP Repository and the GPA Server. |
Specify a new Repository Authorization Code:
NqGpaRepConfig.exe /RepAuthCode:New Authorization Code
Add a new GPA Security Account:
NqGpaRepConfig.exe /AddSecurityAccount:domain\account
Use the GPAServerConfig.exe tool to modify the Export Only, Untrusted Access, and GPA Security accounts, including updating the account passwords. For more information, see Section 3.2.2, Changing or Updating the GPA Security Account.
IMPORTANT:Execute the GPAServerConfig.exe tool as Administrator.
GPAServerConfig.exe [/D:DomainFQDN] [/SA:ServiceAccount] [/SP:ServiceAccountPassword] [/EA:ExportOnlyAccount] [/EP:ExportOnlyAccountPassword] [/UA:UntrustedAccount] [/UP:UntrustedAccountPassword] [/? | /Help]
The following table describes the command‑line parameters and variables.
|
Variable Name |
Replace With |
|---|---|
|
/D |
FQDN name of the Domain. |
|
/SA |
GPA Security Account Name. |
|
/SP |
Password of the GPA Security Account. |
|
/EA |
Export Only Account Name. |
|
/EP |
Password of the Export Only Account. |
|
/UA |
Untrusted Access Account Name. |
|
/UP |
Password of the Untrusted Access Account. |
Modify a GPA Service account:
GPAServerConfig /D:NetIQLab.com /SA:NetIQUser /SP:NetIQPassword
Set or modify the Export Only Account for a domain:
GPAServerConfig /D:NetIQLab.com /EA:NetIQUser /EP:NetIQPassword
Set or modify an Untrusted Access Account:
GPAServerConfig /D:NetIQLab.com /UA:NetIQUser /UP:NetIQPassword
Every GP Repository script must connect to a GP Repository to obtain data.
Objectname.ConnectTo("ConnectionString")
The following code allows you to connect to the GP Repository.
Dim oGPRroot
Set oGPRroot = WScript.CreateObject("faGPRRoot.faGPRRoot")
oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;")
Objectname.ConnectTo("ConnectionString")
The following code allows you to connect to the GP Repository.
public static void ConnectToGPRepository()
{
IfaGPRRoot oGPRroot = new faGPRRoot();
oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;");
Console.WriteLine("Connected to the Repository");
Console.ReadKey();
}
The connection string is the parameter required to connect to the database.
To obtain this connection string:
Launch the GPA Console from the computer where you are going to execute the script or application.
After connecting to the GP Repository, select the GP Repository node.
On the Action menu, click Properties. The connection string is displayed in the Properties window.
Copy the connection string and paste it into your script or method file.
NOTE:The connection to the GP Repository is also based on security permissions for the user account in whose context the script or application is executed. Hence, if that user does not have permission to connect to the database, the connection command returns an error.
If you connect to the database with SQL Server authentication by providing a SQL Server user name and password, then the Connect String window displays the password as “<Password>”. You need to replace this variable with the actual password.
Add a new domain to GP Repository. This operation requires special permissions in GPR Security to create Container Objects.
RootObject.CreateDomain("DomainName")
or
Set ObjectVariable = RootObject.CreateDomain("DomainName")
The following code creates a new domain in the GP Repository.
Dim oGPRroot
Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot")
oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;")
oGPRroot.CreateDomain("NetIQlabs.com")
RootObject.CreateDomain("DomainName")
The following code allows you to create a new domain in the GP Repository.
public static void CreateDomain()
{
IfaGPRRoot oGPRroot = new faGPRRoot();
oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False");
oGPRroot.CreateDomain("NetIQlabs.com");
Console.WriteLine("Domain created");
Console.ReadKey();
}
Enumerate the list of domains under the root node.
For Each Domain in RootObject [. . . perform operations . . .] Next
The following code prints all existing domain names in the GP Repository.
Dim oGPRroot, oDomain
Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot")
oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;")
For Each oDomain in oGPRroot
Wscript.Echo oDomain.Name
Next
foreach (Domain in RootObject) { [. . . perform operations . . .] }
The following code allows you to display the GP Repository domain names.
public static void EnumerateDomains()
{
IfaGPRRoot oGPRroot = new faGPRRoot();
oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False");
foreach (IfaGPRDomain gprDomain in oGPRroot)
{
Console.WriteLine(gprDomain.Name);
}
Console.ReadKey();
}
Initiate instance of an object, such as a GPO, category, or domain, in the GP Repository. The object should exist in the GP Repository.
Set ObjectVariable = RootObject.GetObject("RepositoryObjectPath")
The following code allows you to initiate an instance of a category.
Dim oGPRroot, oCategory
Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot")
oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;")
Set oCategory = oGPRroot.GetObject("FAGPR://CN=Desktop,DC=NetIQLabs,DC=com")
wscript.echo oCategory.Name
<Data type> ObjectVariable = RootObject.GetObject("Repository Path")
The following code allows you to initiate an instance of a category and a GPO.
public static void GetObject()
{
IfaGPRRoot oGPRroot = new faGPRRoot();
oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False");
IfaGPRCategory oCategory = oGPRroot.GetObject("FAGPR://CN=Desktop,DC=NetIQLabs,DC=com");
IfaGPRGpo oGPO = oGPRroot.GetObject("FAGPR://CN={C104C9C7-9355-4FEC-8824-22D7BF4797A9}, CN=Desktop,DC=NetIQLabs,DC=com");
Console.WriteLine("Category name obtained: " + oCategory.Name + " GPO name obtained: " + oGPO.Name);
Console.ReadKey();
}
The Repository object path is the location of a node for a GPO, category, or domain in the GP Repository. The format for the Repository object path is similar to an LDAP path with the following exceptions:
Use faGPR:// for the GP Repository path instead of LDAP://.
Category names are preceded by CN= and each element of the domain name is preceded by DC=.
The simplest method for viewing the Repository object path is to right‑click the node for the appropriate GPO, category, or domain, and then click Properties. Use the Path property.