Working with sample scripts

There are several sample scripts included with the software to demonstrate a few common administrative tasks. You can copy and modify these sample scripts to use them in your environment or study them as examples for writing your own custom scripts. The sample scripts include detailed comments about the operations performed to accomplish the following tasks.

This script Illustrates this administrative task

backup.ps1

How to create a backup copy of a self-contained Centrify zone.

This script creates an XML file that contains all computer, user, and group profiles, authorization information, and child zone information for a parent Centrify zone. You cannot use this script to backup SFU zones or child zones.

CreateZoneAndDelegate.ps1

How to create a new zone and delegate all zone administrative tasks to a specific trustee.

RemoveAllOrphans.ps1

How to find and delete all user, group, and computer profiles that no longer have a corresponding Active Directory account on all managed computers in each zone.

RemoveEmptyCompRoles.ps1

How to find and remove computer roles that have no members.

This script is only applicable for hierarchical zones.

RemoveEmptyZones.ps1

How to find and remove zones that have no computers, users, or authorization information.

This script will only remove a zone if it contains no user or group profiles, no joined computers, no role assignments, no computer roles, and no child zones. If any of these objects exist for a zone, the zone is not removed.

This script is only applicable for hierarchical zones.

ResetOrphanChildZones.ps1

How to find child zones that no longer have a parent zone and reset them to be independent zones.

restore.ps1

How to restore a self-contained Centrify zone from a backup created using the backup.ps1 sample script.

To run a sample script:

  1. Open the Centrify Access Module for PowerShell.

  2. Verify you have permission to execute scripts.

    Get-ExecutionPolicy

    In most cases, the permission to execute scripts is restricted. You can use the Set‑ExecutionPolicy to allow execution. For example:

    Set-ExecutionPolicy Unrestricted

    For more information about execution policies and the options available, use the get‑help function.

  3. Verify you are in the directory where the scripts are located.

  4. Execute the sample script.

    .\RemoveAllOrphans