Update user zones
Update user zones
This script provisions users to a specific data residency zone within a Multizone Box tenant. It performs the following steps:
- It uses admin or co-admin login email address to find the associated enterprise and the zone policy assigned to this enterprise. An assigned zone policy is inherited by all users unless specified otherwise. It is sometimes called the default zone.
- It performs zone assignment based on an input
.csvfile containing user email addresses and zone mappings.
If you would like to use Admin Console for zone assignment, see this guide. For more information about Box Zones, see the official website.
Prerequisites
Windows
Install the latest version of dotnet core.
MacOS & Linux
Install PowerShell. Run the pwsh command to test the installation.
pwsh
Depending on the directory you are running the command in, the output may differ. For example:
PowerShell 7.2.5
Copyright (c) Microsoft Corporation.
https://aka.ms/powershell
Type 'help' to get help.
PS /Users/user/repos/boxcli/examples>
Set up application with JWT authentication
To use the script, you will need the Box CLI with JWT authentication installed and configured.
When creating the app, use the Configuration tab to configure the following settings:
- In App Access Level, select
App + Enterprise Access. - In Application Scopes > Administrative Actions, select
Manage Enterprise Properties,Manage Users. - In Advanced Features, select
Generate user access tokens.
Adjust admin settings
Make sure Box Admin or Co-Admin has at least Manage Users privileges.
To check this setting:
- Go Users & Groups section in the Admin Console.
- Click the user account you want to verify.
- Go to Edit User Access permissions section to grant the administrative privileges for users and groups.
Prepare the .csv file
The .csv file must have two columns with the following headers: Email and Region.
-
Email contains the primary email address of a Box user.
-
Region contains the user-friendly name for the zone to which the script will assign the user. This name is provided by the ZonesTable that is a hash table used to define zones. The keys are the zone's user-friendly names, and the corresponding value is the global ID of the zone.
$ZonesTable = @{ US = "100001" #US GermanyIreland = "100002" #Germany/Ireland with in region uploads/downloads/previews Australia = "100003" #Australia Japan = "100004" #Japan with in region uploads/downloads/previews Canada = "100005" #Canada JapanSingapore = "100007" #Japan/Singapore with in region uploads/downloads/previews UKGermany = "100008" #UK/Germany UK = "100009" #UK with in region uploads/downloads/previews France = "100012" #France }
A sample input .csv file containing emails and zone names is provided with this script. Its content looks as follows:
| Region | |
|---|---|
betty@company.com | US |
roger@company.com | France |
sally@company.com | JapanSingapore |
Configure the script
Set the UserZonesUpdatePath to point to your .csv file.
$UserZonesUpdatePath = "./your_file_name.csv"
Update the adminEmail to the admin or co-admin login email address of the account the script will use to make zone assignments.
If you don't specify this value, the script will prompt you for it.
$adminEmail = "john@box.com"
Run the script
Run the Powershell command.
pwsh
Run the script.
./Mass_Update_User_Zones.ps1
Optional flags
To run the script in a simulation mode,
add the simulate boolean flag.
./Mass_Update_User_Zones.ps1 -DryRun
Logging
Logs are stored in a logs folder located in the main folder.
You have access to these log files:
Mass_Update_User_Zones_all.txtthat contains all log entries.Mass_Update_User_Zones_errors.txtthat contains only errors.