One of the options already available using the Horizon REST API‘s is working with Instant Clone Administrators. In total there are 5 API calls available and I will give an explanation for al 5 on how to use them. As you can see you’ll run all of them against /rest/config/v1/ic-domain-accounts.
GET : for all Instant Clone Domain accounts
POST : to create a new Instant Clone Domain accounts
GET : To retreive a specific Instant Clone Domain account with it’s ID
PUT : to update an Instant Clone Domain account.
DELETE : To delete an Instant Clone Domain account
Getting Started
To start showing these I am starting with the same base that I used in my first blog post about the Horizon REST api’s:
$url = "https://CONNECTIONSERVER"
#$url = read-host -prompt "Connection server url"
$username = "username"
#$username = read-host -prompt "Username"
$password = "PASSWORD"
#$password = read-host -prompt "Password" -AsSecureString
$Domain = "DOMAIN"
#$Domain = read-host -Prompt "Domain"
#$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
#$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
function Get-HRHeader(){
param($accessToken)
return @{
'Authorization' = 'Bearer ' + $($accessToken.access_token)
'Content-Type' = "application/json"
}
}
function Open-HRConnection(){
param(
[string] $username,
[string] $password,
[string] $domain,
[string] $url
)
$Credentials = New-Object psobject -Property @{
username = $username
password = $password
domain = $domain
}
return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}
function Close-HRConnection(){
param(
$accessToken,
$url
)
return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}
$accessToken = Open-HRConnection -username $username -password $password -domain $Domain -url $url
GET
The regular get is really straight forward, just invoke a get and you get the results.
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
As you can see I currently have 2 accounts configured.
POST
With post we can configure a new Instant Clone Domain account. Let’s see what we need. According to the API explorer it looks like we need to supply a domain ID, password and account.
To get the domain ID we’ll actually need to do a GET against another url:
$domains=Invoke-RestMethod -Method Get -uri "$url/rest/external/v1/ad-domains" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
Now I will create the json that we’ll need to configure the account. The $data variable is just a regular powershell array that afterwards convert to the actual json
$domainid=$domains |select-object -expandproperty id -first 1 [email protected]{ ad_domain_id= $domainid; password= "password"; username= "username" } $body= $data | ConvertTo-Json
Now let’s use the Post method to apply this
Oops, too slow let’s authenticate and try again
Invoke-RestMethod -Method Post -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body
There are a few remarks about this: no propper error is returned when a wrong username and password is used. Wen you try to create an account that already exists it will return a 409 conflict.
GET with ID
This is straightforward again, just extend the url for the get with the ID of the account you want to get. I grabbed this from the regular pul request and filtered on the user account I just created
$icaccounts= Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
$accountid=($icaccounts | where {$_.username -eq "username"}).id
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
PUT
Put can be used to change a users password. It’s requires a combination of the url with the ID from the get with id and a body like in the Post.
[email protected]{password="Demo-02"} $body = $data | ConvertTo-Json Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -Body $body
DELETE
To delete an account simply use the url with the id in it with the DELETE method
Invoke-RestMethod -Method Delete -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
