This script demonstrates how to programmatically add teams from a new domain to existing Octopus teams. This can be useful when you are migrating from one domain to another.
Usage
Provide values for:
- Octopus URL
- Octopus API Key
- Maximum number of records to update
- Name of new to domain to use
Script
PowerShell (REST API)
$ErrorActionPreference = "Stop"
$octopusURL = "https://your-octopus-url.com" # Replace with your instance URL
$octopusAPIKey = "API-YOUR-KEY" # Replace with a service account API Key
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }
$maxRecordsToUpdate = 2 # The max number of records you want to update in this batch
$newDomainToLookup = "Work" # Change this to the new domain
$skipIndex = 0
$recordsToBringBack = 30
$recordsUpdated = 0
while (1 -eq 1) #Continue until we reach the end of the user list or until we go over the max records to update
{
Write-Host "Pulling teams starting at index $skipIndex and getting a max of $recordsToBringBack records back"
$teamList = Invoke-RestMethod -Method GET -Uri "$OctopusUrl/api/teams?skip=$skipIndex&take=$recordsToBringBack" -Headers $header
#Update to pull back the next batch of users
$skipIndex = $skipIndex + $recordsToBringBack
if ($teamList.Items.Count -eq 0)
{
break
}
foreach ($team in $teamList.Items)
{
if ($team.ExternalSecurityGroups.Count -eq 0)
{
# Skip teams which don't have an external AD group
continue
}
Write-Host "Checking to see if $($team.Name) is tied to an external active directory team."
$activeDirectoryRecordsToAdd = @()
foreach ($externalSecurityGroup in $team.ExternalSecurityGroups)
{
$externalName = $externalSecurityGroup.DisplayName
if ($null -eq $externalName)
{
continue
}
$teamNameToFind = "$newDomainToLookup\$externalName"
$directoryServicesResults = Invoke-RestMethod -Method GET -Uri "$octopusURL/api/externalgroups/directoryServices?partialName=$([System.Web.HTTPUtility]::UrlEncode($teamNameToFind))" -Headers $header
foreach ($result in $directoryServicesResults)
{
if ($result.DisplayName -eq $externalName)
{
Write-Host "Found a matching team name, checking if the SID is already assigned to the team"
$foundMatch = $false
foreach ($group in $team.ExternalSecurityGroups)
{
if ($group.Id -eq $result.Id)
{
$foundMatch = $true
break
}
}
if ($foundMatch -eq $false)
{
$activeDirectoryRecordsToAdd += $result
}
else
{
Write-Host "The active directory group already existed on the team"
}
break
}
}
}
if ($activeDirectoryRecordsToAdd.Length -gt 0)
{
foreach ($teamToAdd in $activeDirectoryRecordsToAdd)
{
$team.ExternalSecurityGroups += $teamToAdd
}
Write-Host "Updating the team $($Team.Name) in Octopus Deploy"
Invoke-RestMethod -Method PUT -Uri "$OctopusUrl/api/teams/$($team.Id)" -Headers $header -Body $($team | ConvertTo-Json -Depth 10)
$recordsUpdated += 1
}
}
if ($recordsUpdated -ge $maxRecordsToUpdate)
{
Write-Host "Reached the maximum number of records to update, stopping"
break
}
}
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Sunday, January 1, 2023