neogroupmanager/az
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
neogroupmanager - a web-based service to manage Active Directory groups
6 Commits 1 Branch 0 Tags 34 KiB
PowerShell 100%
main
Go to file
n@work 307bad5b46 Added some further links to docs & cjwdev's GroupManager 
Signed-off-by: n@work <xy916229@git.do-not-reply@sys.wnd.sh>
2025-02-14 19:23:17 +00:00
groupmanager-v1-aa.parameters.json Initial commit of template files, and a (brief) README.md 2024-11-21 14:37:28 +00:00
groupmanager-v1-aa.template.json Updated update-membership.ps1 to query the queue 2024-11-21 14:52:30 +00:00
groupmanager-v1.parameters.json Initial commit of template files, and a (brief) README.md 2024-11-21 14:37:28 +00:00
groupmanager-v1.template.json Initial commit of template files, and a (brief) README.md 2024-11-21 14:37:28 +00:00
README.md Added some further links to docs & cjwdev's GroupManager 2025-02-14 19:23:17 +00:00
update-membership.ps1 Updated mock functions to only be installed when the real functions are not available, and updated variables to use AutomationVariables instead (via splatting) 2024-11-21 16:49:13 +00:00

README.md

neogroupmanager

what?

neogroupmanager is a web-based application for managing on-premise Active Directory groups, similar to Group Manager by cjwdev.

how?

pre-requisites: an Azure tenant, an Azure Automation Account with a Windows-based hybrid worker connected (via PowerShell or a UNIX equivelant)

  1. git clone https://git.wnd.sh/neogroupmanager/az neogroupmanager
  2. cd neogroupmanager
  3. Connect-AzAccount
  4. New-AzResourceGroup -ResourceGroupName groupmanager-p-v1-rg -Location <uksouth>
  5. New-AzResourceGroupDeployment -ResourceGroupName groupmanager-p-v1-rg -TemplateFile ./groupmanager-v1.template.json -TemplateParameterFile ./groupmanager-v1.parameters.json
  6. New-AzResourceGroupDeployment -ResourceGroupName groupmanager-p-v1-rg -TemplateFile ./groupmanager-v1-aa.template.json -TemplateParameterFile ./groupmanager-v1-aa.parameters.json

why?

TODO: explain why cjwdev may not be good for a modern environment (cost, security, limited mobility/accessibility)

flowchart?

TODO: a flowchart explaining the process end to end, however the basic idea is:

  • azure static web app (SWA) hosts a frontend with access to perform c# code as restful api calls with the built-in function app (FA)
  • FA populate and query a table with a list of users who have access to the program, and the groups they manage, along with a queue of members to add/remove
  • azure automation account (AA) run a script every X minutes queries the table & queue for changes and acts on them, either updating the user's list of managed groups to be correct, or adding/removing users
  • (optional) a logic app polls the queue/table for changes and triggers a webhook which causes the AA script to run, bypassing the need to run the AA script needlessly evert X minutes