# ------------------------------------------------------------------
# AUTHOR: [LucidLink Support]
# NAME: legacy_sso_admin_script.ps1
# VERSION: 1.0.1
# DESCRIPTION:  Lists users from Filespace instance 1 and imports
# into Filespace instance 2, assigning Admin roles.
#
# THE SCRIPT IS PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT
# WARRANTY OF ANY KIND. PLEASE REVIEW ALL TERMS AND CONDITIONS.
# https://www.lucidlink.com/legal-documents
# ------------------------------------------------------------------

Param(
[string]$FS1ROOTPWD,
[string]$FS2ROOTPWD
)

# --- Ensure password ---
if ([string]::IsNullOrEmpty($FS1ROOTPWD)) {
    Write-Host "Usage: .\legacy_sso_admin_script.ps1 <fs1pwd> <fs1pwd> `r`nRequest failed with: Bad Request `r`nEmpty required parameter 'password' is not allowed!"
    exit 1;
}

# --- Filter Lucid users and roles, exclude root from instance 1 ---
$SOURCEUSERS = lucid --instance 1 user --password ""$FS1ROOTPWD""
$USERS = $SOURCEUSERS.trim() -replace "(?<=\s).*Standard user","" -replace '(?<=\s).+(?=Administrator)', ' ' -replace ('Administrator', 'admin') -replace '\s+', ';' -match "azure\\|okta\\" -notmatch "lucid\\root"
$ADMINS = $USERS -match 'admin'

# --- Assign Admin roles to users within instance 2 ---
foreach ($LINES in $ADMINS) {
$USR, $ROLE = $LINES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 user --set ""$USR"" --add-role $ROLE --password ""$FS2ROOTPWD""" -Wait -RedirectStandardOutput legacy_sso_admin_role_output.txt -RedirectStandardError legacy_sso_admin_role_error_output.txt
Get-Content legacy_sso_admin_role_output.txt, legacy_sso_admin_role_error_output.txt
Get-Content legacy_sso_admin_role_output.txt, legacy_sso_admin_role_error_output.txt | Out-File legacy_sso_admin_role_log.txt -Append
}

exit