Adding an AD group to a team using Octopus library


I need some help adding an AD secutiryt group to the ExternalSecurityGroups property of a team using the Octopus Library

This is how ExternalSecurityGroups looks like for a team that already has an AD group added

Name : MyTeam
MemberUserIds : {}
ExternalSecurityGroups : {S-1-5-21-329068152-1454471165-1417001333-1347583}

I can see the that following method exists:


I can get the group SID from AD. But how can i insert it into the method?


Hi Dalmiro,

It really should just be a case of calling:


Then saving the team. What error are you getting when you try to do this?


Hi Paul!

  1. I have 2 ways to get $team


$team = Invoke-RestMethod -Uri $OctopusURI/api/teams/teams-291 -Headers $headers -Method GET -ContentType "application/json"

PS C:\> $team

Id                     : teams-291
Name                   : Dalmiro_1111_Administrators
MemberUserIds          : {}
ExternalSecurityGroups : {}
UserRoleIds            : {}
ProjectIds             : {projects-458, projects-455}
EnvironmentIds         : {}
CanBeDeleted           : True
CanBeRenamed           : True
CanChangeRoles         : True
CanChangeMembers       : True
LastModifiedOn         : 2014-08-19T03:31:20.901+00:00
LastModifiedBy         :
Links                  : @{Self=/api/teams/teams-291}


$team = $repository.teams.FindByName("Dalmiro_1111_Administrators") 

PS C:\> $team

Name             : Dalmiro_1111_Administrators
MemberUserIds    : {}
UserRoleIds      : {}
ProjectIds       : {projects-458, projects-455}
EnvironmentIds   : {}
CanBeDeleted     : True
CanBeRenamed     : True
CanChangeRoles   : True
CanChangeMembers : True
Id               : teams-291
LastModifiedOn   : 8/19/2014 12:31:20 AM -03:00
LastModifiedBy   :
Links            : {[Self, /api/teams/teams-291]}

I can only see “ExternalSecurityGroups” using REST. Is this ok?

  1. I get the following error when using the method you proposed
$group = Get-ADGroup -Filter {name -eq "My.Awesome.Group"}

#$team.ExternalSecurityGroups.Add("$($group.SID.value)") #I get the same error with this expression
#$team.ExternalSecurityGroups.Add("the-actual-sid") #I get the same error with this expression

Exception calling "Add" with "1" argument(s): "Collection was of a fixed size."
At line:1 char:1
+ $team.ExternalSecurityGroups.Add($group)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : NotSupportedException

Seems like .Add is expecting more values.


  1. How should i save the team after making the change?

Again, thx for the great support as always.

Hi Dalmiro,

It looks as though perhaps the Octopus.Client.dll you’re using for the second method may be out of date; it you’re able to get the latest Octopus.Client package from NuGet it should have the TeamResource.ExternalSecurityGroups property. Both methods (REST API and Octopus.Client.dll should be exactly equivalent in what can be achieved with them.

If you’re able to, I’d recommend using the DLL approach, it should give a better overall experience, so I’ve used that below.

The object passed to Add() is not a simple string - instead it is a list of NamedReferenceItem structures.

$nr = new-object -typename Octopus.Platform.Model.NamedReferenceItem
$nr.Id = "$($group.SID)"
$nr.DisplayName = "Some group name"

The team is then saved using $repository.Teams.Modify($team).

Hope this helps, let me know if you need more info.

All the best,

Works like a charm, Nick!

I’ve noticed the same AD group can be added twice to a team

ExternalSecurityGroups : {S-1-5-21-329068152-1454471165-1417001333-897581, S-1-5-21-329068152-1454471165-1417001333-897581}

From what i can see it doesnt break anything, but it would be good if the dll could check if the SID was already added to the team and then refrain from doing so again.

Thx for the support. You guys rock.


Thanks for letting me know about the possibility of adding twice - I think it’s harmless but will see what we might do to filter out duplicates.