Feature Request : API required for adding groups to Windows Admin Center
In order to offer Windows Admin Center ( WAC ) as a product internally at our company, we are investigating whether it is possible to add groups programmatically ( e.g. via a script ) instead of manually as the case now where one has to go via the route Settings > Access > Allowed Groups. We did not find any script or API as part of the WAC installation or any documentation about it anywhere.
On investigating the calls being made by WAC via the browser console, we discovered the following :
The call being made to add an allowed group in WAC is to the SecurityGroup endpoint. The URI of the call contains a UUID which is derived from the group name and seems to be tied locally to the machine. Thus for example adding a group Users on machine A and machine B will generate 2 different UUIDs. The formula or function call to generate these IDs is not provided anywhere and is being generated internally by the product. On a Win 2016 machine hostA, the call URI is :
But on the IPC machine hostB, the corresponding URI is :
The method for generating the IDs : VXNlcnM or hGKwAer from the group Users is unknown. It is possible that the hostname/IP/AD connection details are also involved. On Azure machines where a local AD connection does not exist, the SecurityGroup call never happens, this fact supports the theory that the AD is polled before the SecurityGroup call is made. It is also possible that AD details, maybe the bind DN of the group is used to construct the ID.
This particular API is essential in order to automate the provisioning of WAC for various clients internal to our company, without it, we will need a manual step in the provisioning pipeline where someone has to manually log onto the WAC instance and add all the required groups. Any request for allowing additional groups access or denying existing groups will also require manual work.