Skip to main content
This script provisions users to a specific data residency zone within a Multizone Box tenant. It performs the following steps:
  1. It uses admin or co-admin login email address to find the associated enterprise and the zone policy assigned to this enterprise. An assigned zone policy is inherited by all users unless specified otherwise. It is sometimes called the default zone.
  2. It performs zone assignment based on an input .csv file containing user email addresses and zone mappings.
If you would like to use Admin Console for zone assignment, see this guide. For more information about Box Zones, see the official website.

Prerequisites

Windows

Install the latest version of dotnet core.

MacOS & Linux

Install PowerShell. Run the pwsh command to test the installation. 
pwsh
Depending on the directory you are running the command in, the output may differ. For example: 
PowerShell 7.2.5
Copyright (c) Microsoft Corporation.

https://aka.ms/powershell
Type 'help' to get help.

PS /Users/user/repos/boxcli/examples>

Set up application with JWT authentication

To use the script, you will need the Box CLI with JWT authentication installed and configured. When creating the app, use the Configuration tab to configure the following settings:
  • In App Access Level, select App + Enterprise Access.
  • In Application Scopes > Administrative Actions, select Manage Enterprise Properties, Manage Users.
  • In Advanced Features, select Generate user access tokens.

Adjust admin settings

Make sure Box Admin or Co-Admin has at least Manage Users privileges. To check this setting:
  1. Go Users & Groups section in the Admin Console.
  2. Click the user account you want to verify.
  3. Go to Edit User Access permissions section to grant the administrative privileges for users and groups.

Prepare the .csv file

The .csv file must have two columns with the following headers: Email and Region.
  • Email contains the primary email address of a Box user.
  • Region contains the user-friendly name for the zone to which the script will assign the user. This name is provided by the ZonesTable that is a hash table used to define zones. The keys are the zone’s user-friendly names, and the corresponding value is the global ID of the zone. 
    $ZonesTable = @{
    US = "100001"             #US
    GermanyIreland = "100002" #Germany/Ireland with in region uploads/downloads/previews
    Australia = "100003"      #Australia
    Japan = "100004"          #Japan with in region uploads/downloads/previews
    Canada = "100005"         #Canada
    JapanSingapore = "100007" #Japan/Singapore with in region uploads/downloads/previews
    UKGermany = "100008"      #UK/Germany
    UK = "100009"             #UK with in region uploads/downloads/previews
    France = "100012"         #France
}
A sample input .csv file containing emails and zone names is provided with this script. Its content looks as follows:
EmailRegion
[email protected]US
[email protected]France
[email protected]JapanSingapore

Configure the script

Set the UserZonesUpdatePath to point to your .csv file. 
$UserZonesUpdatePath = "./your_file_name.csv"
Update the adminEmail to the admin or co-admin login email address of the account the script will use to make zone assignments. If you don’t specify this value, the script will prompt you for it. 
$adminEmail = "[email protected]"

Run the script

Run the Powershell command. 
pwsh
Run the script. 
./Mass_Update_User_Zones.ps1

Optional flags

To run the script in a simulation mode, add the DryRun boolean flag. Dry run doesn’t mean that API calls won’t be made, but that any create/update/delete calls will be skipped. 
./Mass_Update_User_Zones.ps1 -DryRun

Logging

Logs are stored in a logs folder located in the main folder. You have access to these log files:
  • Mass_Update_User_Zones_all.txt that contains all log entries.
  • Mass_Update_User_Zones_errors.txt that contains only errors.