Scripts/Groups/New-CohesityUserGroup.ps1

function New-CohesityUserGroup {
    <#
        .SYNOPSIS
        Creates new user group.
        .DESCRIPTION
        If an Active Directory domain is specified, a new group is added to the
        Cohesity Cluster for the specified Active Directory group principal.
        If the LOCAL domain is specified, a new group is created directly in
        the default LOCAL domain on the Cohesity Cluster.
        Returns the created or added group.
 
        .NOTES
        Published by Cohesity
        .LINK
        https://cohesity.github.io/cohesity-powershell-module/#/README
        .EXAMPLE
        New-CohesityUserGroup -Name user-group1
        .EXAMPLE
        New-CohesityUserGroup -Name user-group4 -Roles COHESITY_ADMIN -UserNames user1,user2
    #>

    [OutputType('System.Array')]
    [CmdletBinding(SupportsShouldProcess = $True, ConfirmImpact = "High")]
    Param(
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        # Specifies the name of the group.
        [string]$Name,
        [Parameter(Mandatory = $false)]
        # Specifies the domain of the group.
        [string]$Domain = "LOCAL",
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        # Specifies the Cohesity roles to associate with the group such as 'Admin', 'Ops' or 'View'.
        # The Cohesity roles determine privileges on the Cohesity Cluster for all the users in this group.
        [string[]]$Roles,
        [Parameter(Mandatory = $false)]
        # Specifies a description of the group.
        [string]$Description,
        [Parameter(Mandatory = $false)]
        # Specifies the name of users who are members of the group. This field is used only for local groups.
        [string[]]$UserNames
    )

    Begin {
        $cohesitySession = CohesityUserProfile
        $cohesityCluster = $cohesitySession.ClusterUri
        $cohesityToken = $cohesitySession.Accesstoken.Accesstoken
    }

    Process {

        if (Get-CohesityUserGroup | where-object { $_.name -eq $Name }) {
            Write-Output "The user group name '$Name' already exists, try another name"
            return
        }
        foreach ($role in $Roles) {
            if (-not (Get-CohesityRole -Name $role)) {
                Write-Output "Could not find the given role '$role', please use the cmdlet 'Get-CohesityRole' to find the desired one."
                return
            }
        }
        $userSIDs = $null
        foreach ($userName in $UserNames) {
            $userDetail = Get-CohesityUser -Names $userName
            if (-not $userDetail) {
                Write-Output "Could not find the given user '$userName', please use the cmdlet 'Get-CohesityUser' to find the desired one."
                return
            }
            if (-not $userSIDs) {
                $userSIDs = @()
            }
            $userSIDs += $userDetail.Sid
        }

        if ($PSCmdlet.ShouldProcess($Name)) {
            $cohesityClusterURL = $cohesityCluster + '/irisservices/api/v1/public/groups'
            $cohesityHeaders = @{'Authorization' = 'Bearer ' + $cohesityToken }
            $payload = @{
                description = $Description
                domain      = $Domain
                name        = $Name
                restricted  = $true
                roles       = $Roles
                users       = $userSIDs
            }
            $payloadJson = $payload | ConvertTo-Json -Depth 100
            $resp = Invoke-RestApi -Method Post -Uri $cohesityClusterURL -Headers $cohesityHeaders -Body $payloadJson
            if ($resp) {
                # tagging reponse for display format ( configured in Cohesity.format.ps1xml )
                @($resp | Add-Member -TypeName 'System.Object#UserGroup' -PassThru)
            }
            else {
                $errorMsg = "User group : Failed to create"
                Write-Output $errorMsg
                CSLog -Message $errorMsg
            }
        }
    }

    End {
    }
}