ConF

GetShitSorted.ps1

@@ -0,0 +1,2764 @@
+# NetScaler Configuration Extractor
+# Note: This script works on Windows 10, but the regex match group commands fail on Windows 7
+
+param (
+    # Full path to source config file saved from NetScaler (System > Diagnostics > Running Configuration)
+    # If set to "", then the script will prompt for the file.
+    [string]$configFile = "",
+    #$configFile = "$env:userprofile\Downloads\nsrunning.conf"
+
+    # Name of vServer - or VIP - case insensitive
+    # Partial match supported - if more than one match, the script will prompt for a selection. Set it to "" to list all vServers.
+    # If vserver name is exact match for one vserver, that vserver will be used, even if it's a substring match for another vserver
+    [string]$vserver = "",
+
+    # Optional filename to save output - file will be overwritten
+    # If you intend to batch import to NetScaler, then no spaces or capital letters in the file name.
+    # If set to "screen", then output will go to screen.
+    # If set to "", then the script will prompt for a file. Clicking cancel will output to the screen.
+    #[string]$outputFile = "",
+    #[string]$outputFile = "screen",
+    [string]$outputFile = "$env:userprofile\Downloads\nsconfig.conf",
+    #[string]$outputFile = "$env:HOME/Downloads/nsconfig.conf",
+
+    # Optional text editor to open saved output file - text editor should handle UNIX line endings (e.g. Wordpad or Notepad++)
+    [string]$textEditor = "notepad++.exe",
+
+    # Optional get CSW vserver Binds for selected LB and/or VPN virtual server
+    [switch]$cswBind,
+
+    # Max # of nFactor Next Factors to extract
+    [int]$nFactorNestingLevel = 5
+)
+
+# Change Log
+# ----------
+# 2024 Sep 25 - added "add monitor" instead of "add lb monitor"
+# 2023 June 30 - added port numbers to VIP list; bug fixes
+# 2022 Sep 20 - added bot management
+# 2022 July 10 - added support for * in object names (e.g., *.corp.com)
+# 2021 Nov 4 - performance improvements
+# 2021 Oct 15 - output SAML SSO Actions; performance improvements
+# 2021 Jun 1 - added search "policy expressions" for other appexpert objects
+# 2021 May 27 - added messageactions to output
+# 2021 Apr 30 - fixed named expressions
+# 2021 Apr 30 - added: get variables from expressions; get variable assignments from responders
+# 2021 Apr 27 - fixed sorting of Backup vServers
+# 2021 Apr 20 - added DISABLED state to VIP selection screen
+# 2021 Feb 5 - fixed TACACS policies and Local Authentication Policies, including global
+# 2020 Dec 7 - added Captcha action and NoAuth action
+# 2020 Dec 7 - added parameter to set nFactor nesting level
+# 2020 Dec 7 - sorted authentication policylabels so NextFactors are created first
+# 2019 Jun 3 - added RNAT; added OTP Push Service; added partitions; added Azure Keys
+# 2019 Apr 22 - added vServer VIP extraction from other commands (e.g. LDAP Action)
+# 2019 Apr 15 - fixed server enumeration
+# 2019 Apr 7 - reordered Policy Expression output
+# 2019 Apr 1 - new "Sys" option to extract System Settings
+# 2019 Mar 6 - fixed Visualizer substring match, and added emailAction
+# 2018 Dec 27 - fix aaa tm trafficpolicy/action aaa kcdAccount output (BKF)
+# 2018 Dec 2 - added nFactor Visualizer for AAA vServers
+# 2018 Nov 19 - MacOS: added List Dialog to select vServers. fix: dialogfocus (BKF)
+# 2018 Nov 17 - changed vServer selection to Out-GridView (GUI)
+# 2018 Nov 16 - support for MacOS popups for nsconf and saveas. Switch for sort to Sort-object to support MacOs & Powershell core 6
+# 2018 Nov 5 - check text editor existince (h/t Bjørn-Kåre Flister)
+# 2018 Nov 5 - switch to extract CS vServer for selected LB/VPN/AAA vServer (h/t Bjørn-Kåre Flister)
+# 2018 Sep 19 - fixed SAML Policy and SAML Action
+# 2018 Sep 11 - parameterized the script, fixed specified vServer
+# 2018 July 22 - added ICA Parameters to VPN Global Settings
+# 2018 July 18 - added preauthentication policy, added AlwaysOn profile
+# 2018 July 12 - added two levels of nFactor NextFactor extraction
+# 2018 July 8 - added DNS configuration to every extraction
+# 2018 July 7 - added GSLB Sites and rpcNodes
+# 2018 July 4 - extract local LB VIPs from Session Action URLs (e.g. StoreFront URL to local LB VIP)
+# 2018 July 3 - extract DNS vServers from "set vpn parameter" and Session Actions
+# 2018 July 3 - added "*" to select all vServers
+# 2018 July 3 - updated for 12.1 (SSL Log Profile, IP Set, Analytics Profile)
+# 2018 Jan 23 - skip gobal cache settings if cache feature is not enabled
+# 2018 Jan 4 - Sirius' Mark Scott added code to browse to open and save files. Added kcdaccounts to extraction.
+
+
+
+#  Start of script code
+cls
+
+#  Function to prompt the user for a NetScaler config file.
+#  The NetScaler config file can be found in the System > Diagnostics > Running Configuration location in the GUI
+Function Get-InputFile($initialDirectory)
+{
+    if ($IsMacOS){
+        $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set fileName to POSIX path of (choose file with prompt "NetScaler documentation file")'+"`n"+'end tell' | osascript -s s) -split '"')[1]
+        if ([String]::IsNullOrEmpty($filename)){break}else{$filename}
+    }else{
+        [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null
+        $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog
+        $OpenFileDialog.Title = "Open NetScaler Config"
+        $OpenFileDialog.initialDirectory = $initialDirectory
+        $OpenFileDialog.filter = "NetScaler Config (*.conf)| *.conf|All files (*.*)|*.*"
+        $OpenFileDialog.ShowDialog() | Out-Null
+        $OpenFileDialog.filename
+    }
+}
+
+#  Function to prompt the user to save the output file
+Function Get-OutputFile($initialDirectory)
+{
+    if ($IsMacOS){
+        $DefaultName = 'default name "nsconfig.conf"'
+        if ($initialDirectory){
+            $DefaultLocation = 'default location "'+$initialDirectory+'"'
+        }
+        $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set theName to POSIX path of (choose file name '+$($DefaultName)+' '+$($DefaultLocation)+' with prompt "Save NetScaler documentation file as")'+"`n"+'end tell' | osascript -s s) -split '"')[1]
+        $filename
+    }else{
+        [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null
+        $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog
+        $SaveFileDialog.Title = "Save Extracted Config"
+        $SaveFileDialog.initialDirectory = $initialDirectory
+        $SaveFileDialog.filter = "NetScaler Config File (*.conf)| *.conf|All files (*.*)|*.*"
+        $SaveFileDialog.ShowDialog() | Out-Null
+        $SaveFileDialog.filename
+    }
+}
+
+
+# Run the Get-InputFile function to ask the user for the NetScaler config file
+if (!$configFile) { 
+    $configFile = Get-InputFile $inputfile 
+}
+if (!$configFile) { exit }
+
+"Loading config file $configFile ...`n"
+
+$config = ""
+$config = Get-Content $configFile -ErrorAction Stop
+
+function printProgress ($origObjects, $NSObjectType) {
+    # Check if anything was added and display
+    $newObjects = @()
+    if (-not $origObjects) {
+        $newObjects = $nsObjects.$NSObjectType
+    } else {
+        $newObjects = (Compare-Object $origObjects $nsObjects.$NSObjectType).InputObject
+    }
+    if ($newObjects)
+    {
+        foreach ($newObject in $newObjects) { 
+            write-host (("Found {0,-25} " -f $NSObjectType) + $newObject)
+        }
+    }
+    return $newObjects
+}
+
+# returns a regex clause with multiple objects or'd to speed up regex matching
+function getMatchExpression ($Objects) {
+    # returns a regex clause with multiple objects or'd to speed up regex matching
+    $matchExpression = "("
+    foreach ($uniqueObject in $Objects) {
+        $uniqueObjectDots = $uniqueObject -replace "\.", "\."
+        $uniqueObjectDots = $uniqueObjectDots -replace "\*", "\*"
+        $matchExpression += $uniqueObjectDots + "|" 
+    }
+    $matchExpression = $matchExpression.Substring(0,$matchExpression.length - 1) + ")"
+    return $matchExpression
+}
+
+# searches matches for other objects (e.g., pattern set)
+# then adds all matches to the main matches hash table
+function addNSObject ($NSObjectType, $NSObjectName) {
+    if (!$NSObjectName) { return }
+    # write-host $NSObjectType $NSObjectName  #Debug
+    if (!$nsObjects.$NSObjectType) { $nsObjects.$NSObjectType = @()}
+    $origObjects = $nsObjects.$NSObjectType
+    $nsObjects.$NSObjectType += $NSObjectName
+    $nsObjects.$NSObjectType = @($nsObjects.$NSObjectType | Select-Object -Unique)
+
+    $newObjects = printProgress $origObjects $NSObjectType
+    if (!$newObjects) {return}
+    
+    # Get Filtered Config for the object being added to check for policy sub-objects
+    # Don't match "-" to prevent "add serviceGroup -netProfile"
+    # Ensure there's whitespace before match to prevent substring matches (e.g. server matching MyServer)
+    
+    $filteredConfig = ""
+    
+    $matchExpression = getMatchExpression $newObjects 
+    $filteredConfig = $config -match "[^-\S]" + $NSObjectType + " " + $matchExpression + "[^\S]"
+    if (!$filteredConfig) {$filteredConfig = $uniqueObject}
+    
+    # Look in expressions for other objects
+    if ($filteredConfig -match '["|(]' ) {
+        # Look for Pattern Sets
+        $foundObjects = getNSObjects $filteredConfig "policy patset"
+        if ($foundObjects) { 
+            $origObjects = $nsObjects."policy patset"
+            $nsObjects."policy patset" += $foundObjects
+            $nsObjects."policy patset" = @($nsObjects."policy patset" | Select-Object -Unique)
+            $newObjects = printProgress $origObjects "policy patset"
+        }
+
+        # Look for Data Sets
+        $foundObjects = getNSObjects $filteredConfig "policy dataset"
+        if ($foundObjects) { 
+            $nsObjects."policy dataset" += $foundObjects
+            $nsObjects."policy dataset" = @($nsObjects."policy dataset" | Select-Object -Unique) 
+        }
+
+        # Look for String Maps
+        $foundObjects = getNSObjects $filteredConfig "policy stringmap"
+        if ($foundObjects) { 
+            $nsObjects."policy stringmap" += $foundObjects
+            $nsObjects."policy stringmap" = @($nsObjects."policy stringmap" | Select-Object -Unique) 
+        }
+        
+        # Look for URL Sets
+        $foundObjects = getNSObjects $filteredConfig "policy urlset"
+        if ($foundObjects) { 
+            $nsObjects."policy urlset" += $foundObjects
+            $nsObjects."policy urlset" = @($nsObjects."policy urlset" | Select-Object -Unique) 
+        }
+            
+        # Look for Expressions
+        $foundObjects = getNSObjects $filteredConfig "policy expression"
+        if ($foundObjects) { 
+            addNsObject "policy expression" $foundObjects
+            #$nsObjects."policy expression" += $foundObjects
+            #$nsObjects."policy expression" = @($nsObjects."policy expression" | Select-Object -Unique)    
+        }
+
+        # Look for Variables
+        $foundObjects = getNSObjects $filteredConfig "ns variable"
+        if ($foundObjects) { 
+            $nsObjects."ns variable" += $foundObjects
+            $nsObjects."ns variable" = @($nsObjects."ns variable" | Select-Object -Unique) 
+        }
+
+        # Look for Policy Maps
+        $foundObjects = getNSObjects $filteredConfig "policy map"
+        if ($foundObjects) { 
+            $nsObjects."policy map" += $foundObjects
+            $nsObjects."policy map" = @($nsObjects."policy map" | Select-Object -Unique) 
+        }
+
+        # Look for Limit Identifiers
+        $foundObjects = getNSObjects $filteredConfig "ns limitIdentifier"
+        if ($foundObjects) { 
+            $nsObjects."ns limitIdentifier" += $foundObjects
+            $nsObjects."ns limitIdentifier" = @($nsObjects."ns limitIdentifier" | Select-Object -Unique) 
+        }
+
+        # Look for Stream Identifiers
+        $foundObjects = getNSObjects $filteredConfig "stream identifier"
+        if ($foundObjects) { 
+            $nsObjects."stream identifier" += $foundObjects
+            $nsObjects."stream identifier" = @($nsObjects."stream identifier" | Select-Object -Unique) 
+        }
+
+        # Look for Policy Extensions
+        $foundObjects = getNSObjects $filteredConfig "ns extension"
+        if ($foundObjects) { 
+            $origObjects = $nsObjects."ns extension"
+            $nsObjects."ns extension" += $foundObjects
+            $nsObjects."ns extension" = @($nsObjects."ns extension" | Select-Object -Unique)
+            printProgress $origObjects "ns extension"
+        }
+
+        # Look for Callouts
+        if ($filteredConfig -match "CALLOUT") {
+            if (!$nsObjects."policy httpCallout") { $nsObjects."policy httpCallout" = @()}
+            $nsObjects."policy httpCallout" += getNSObjects $filteredConfig "policy httpCallout"
+            $nsObjects."policy httpCallout" = @($nsObjects."policy httpCallout" | Select-Object -Unique)
+        }
+
+        # Look for DNS Records
+        $foundObjects = getNSObjects $filteredConfig "dns addRec"
+        if ($foundObjects) 
+        { 
+            $nsObjects."dns addRec" += $foundObjects
+            $nsObjects."dns addRec" = @($nsObjects."dns addRec" | Select-Object -Unique) 
+        }
+        $foundObjects = getNSObjects $filteredConfig "dns nsRec"
+        if ($foundObjects) 
+        { 
+            $nsObjects."dns nsRec" += $foundObjects
+            $nsObjects."dns nsRec" = @($nsObjects."dns nsRec" | Select-Object -Unique) 
+        }
+        
+        # Look for vServer VIPs
+        if ($filteredConfig -match "\d+\.\d+\.\d+\.\d+" -and $NSObjectType -notmatch " vserver") {
+            $objectsToAdd = getNSObjects $filteredConfig "lb vserver"
+            if ($objectsToAdd) {
+                if (!$nsObjects."lb vserver") { $nsObjects."lb vserver" = @()}
+                $nsObjects."lb vserver" += getNSObjects $filteredConfig "lb vserver"
+                $nsObjects."lb vserver" = @($nsObjects."lb vserver" | Select-Object -Unique)
+                GetLBvServerBindings $objectsToAdd
+            }
+            
+            $objectsToAdd = getNSObjects $filteredConfig "cs vserver"
+            if ($objectsToAdd) {
+                if (!$nsObjects."cs vserver") { $nsObjects."cs vserver" = @()}
+                $nsObjects."cs vserver" += getNSObjects $filteredConfig "cs vserver"
+                $nsObjects."cs vserver" = @($nsObjects."cs vserver" | Select-Object -Unique)
+            }
+
+            $objectsToAdd = getNSObjects $filteredConfig "vpn vserver"
+            if ($objectsToAdd) {
+                if (!$nsObjects."vpn vserver") { $nsObjects."vpn vserver" = @()}
+                $nsObjects."vpn vserver" += getNSObjects $filteredConfig "vpn vserver"
+                $nsObjects."vpn vserver" = @($nsObjects."vpn vserver" | Select-Object -Unique)
+            }
+        }
+    }
+        
+}
+
+
+# Search for objects of type bound to selected vservers
+function getNSObjects ($matchConfig, $NSObjectType, $paramName, $position) {
+    if ($paramName -and !($matchConfig -match $paramName)) {
+        return
+    }
+    
+    # Read all objects of type from from full config
+    # Cache objects to speed up multiple iterations of this function
+    if ($nsObjectsCache.$NSObjectType) {
+        $objectsAll = $nsObjectsCache.$NSObjectType
+    } else {
+        $objectsAll = $config | select-string -Pattern ('^(add|set|bind) ' + $NSObjectType + ' (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value}
+        $objectsAll = $objectsAll | Where-Object { $nsObjects.$NSObjectType -notcontains $_ }
+        $objectsAll = $objectsAll | sort-object -Unique
+        $nsObjectsCache.$NSObjectType = $objectsAll
+    }
+    
+	if ($objectsAll.length -eq 0) {return}
+	
+    # if looking for matching vServers, also match on VIPs
+    if ($NSObjectType -match " vserver") {
+        $VIPsAll = $config | select-string -Pattern ('^add ' + $NSObjectType + ' (".*?"|[^-"]\S+) \S+ (\d+\.\d+\.\d+\.\d+) (\d+)') | ForEach-Object {
+            @{
+                VIP = $_.Matches.Groups[2].value
+                Name = $_.Matches.Groups[1].value
+                Port = $_.Matches.Groups[3].value
+            }
+        }
+        $VIPsAll = $VIPsAll | Where-Object {$_.VIP -ne "0.0.0.0"}
+    }
+
+            # if ($NSObjectType -match "ssl certKey") 
+            # { write-host $objectCandidate}
+
+    # Strip Comments
+    $matchConfig = $matchConfig | ForEach-Object {$_ -replace '-comment ".*?"' }
+    
+    # Build Position matching string - match objectCandidate after the # of positions - avoids Action name matching Policy name
+    if ($position) {
+        $positionString = ""
+        1..($position) | ForEach-Object {
+            $positionString += '(".*?"|[^"]\S+) '
+        }
+        $positionString += ".* "
+    }
+
+    # Match objects to matchConfig
+    # optional searchHint helps prevent too many matches (e.g. "tcp")
+    $objectMatches = @()
+    foreach ($objectCandidate in $objectsAll) {
+        
+        # For regex, replace dots with escaped dots and escaped *
+        $objectCandidateDots = $objectCandidate -replace "\.", "\."
+        $objectCandidateDots = $objectCandidateDots -replace "\*", "\*"
+
+       
+        # Trying to avoid substring matches
+        if ($paramName) { 
+            # Compare candidate to term immediately following parameter name
+            if (($matchConfig -match ($paramName + " " + $objectCandidateDots + "$" )) -or ($matchConfig -match ($paramName + " " + $objectCandidateDots + " "))) { 
+                $objectMatches += $objectCandidate
+            }
+        } elseif ($position) {
+            # Compare candidate to all terms after the specified position # - avoids action name matching policy name
+            if (($matchConfig -match ($positionString + $objectCandidateDots + "$")) -or ($matchConfig -match ($positionString + $objectCandidateDots + " "))) { 
+                $objectMatches += $objectCandidate
+                # if ($objectCandidate -match "storefront") { write-host $objectCandidate;write-host ($matchConfig);read-host}
+            }
+        } elseif (($matchConfig -match (" " + $objectCandidateDots + "$")) -or ($matchConfig -match (" " + $objectCandidateDots + " "))) { 
+            # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches                
+
+            $objectMatches += $objectCandidate
+        } elseif (($matchConfig -match ('"' + $objectCandidateDots + '\\"')) -or ($matchConfig -match ('\(' + $objectCandidateDots + '\)"'))) {
+            # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it
+            
+            $objectMatches += $objectCandidate
+        } elseif (($matchConfig -match ('//' + $objectCandidateDots)) -or ($matchConfig -match ($objectCandidateDots + ':'))) {
+            # Look in URLs for DNS records
+            
+            $objectMatches += $objectCandidate
+        } elseif (($matchConfig -match ('\.' + $objectCandidateDots + '(\.|"|\(| )'))) {
+            # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension 
+            
+            $objectMatches += $objectCandidate
+        } elseif (($NSObjectType -match "variable") -and ($matchConfig -match ('\$' + $objectCandidateDots))) {
+            # Look for variables 
+            
+            $objectMatches += $objectCandidate
+        } elseif (($NSObjectType -match "expression") -and (($matchConfig -match ($objectCandidateDots + "\.") -or ($matchConfig -match ($objectCandidateDots + '\"'))))) {
+            # Look for named expressions that have dot operators after it
+            
+            $objectMatches += $objectCandidate
+        }
+        
+    }
+
+    foreach ($VIP in $VIPsAll) {
+        
+        # For regex, replace dots with escaped dots
+        $VIPDots = $VIP.VIP -replace "\.", "\."
+       
+        # Trying to avoid substring matches
+        if ($paramName) { 
+            # Compare candidate to term immediately following parameter name
+            if (($matchConfig -match ($paramName + " " + $VIPDots + "$" )) -or ($matchConfig -match ($paramName + " " + $VIPDots + " "))) { 
+                if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+            }
+        } elseif ($position) {
+            # Compare candidate to all terms after the specified position # - avoids action name matching policy name
+            if (($matchConfig -match ($positionString + $VIPDots + "$")) -or ($matchConfig -match ($positionString + $VIPDots + " "))) { 
+                if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+            }
+        } elseif (($matchConfig -match (" " + $VIPDots + "$")) -or ($matchConfig -match (" " + $VIPDots + " "))) { 
+            # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches                
+
+            if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+        } elseif (($matchConfig -match ('"' + $VIPDots + '\\"')) -or ($matchConfig -match ('\(' + $VIPDots + '\)"'))) {
+            # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it
+            
+            if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+        } elseif (($matchConfig -match ('//' + $VIPDots)) -or ($matchConfig -match ($VIPDots + ':'))) {
+            # Look in URLs for DNS records
+            
+            if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+        } elseif (($matchConfig -match ('\.' + $VIPDots + '(\.|"|\(| )'))) {
+            # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension 
+            
+            if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name }
+        }
+        
+    }
+
+    return $objectMatches
+}
+
+
+function GetLBvServerBindings ($objectsList) {
+
+    $matchExpression = getMatchExpression $objectsList
+    #foreach ($lbvserver in $objectsList) {
+        $vserverConfig = $config -match " lb vserver $matchExpression "
+        addNSObject "service" (getNSObjects $vserverConfig "service")
+        if ($NSObjects.service) {
+            $serviceMatchExpression = getMatchExpression $NSObjects.service
+            #foreach ($service in $NSObjects.service) { 
+                # wrap config matches in spaces to avoid substring matches
+                $serviceConfig = $config -match " service $serviceMatchExpression "
+                addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName")
+				addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName")
+                addNSObject "server" (getNSObjects $serviceConfig "server")
+                addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile")
+                addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile")
+                addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td")
+                addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName")
+                addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher")
+                addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName")
+                addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert")
+            #}
+        }
+        addNSObject "serviceGroup" (getNSObjects $vserverConfig "serviceGroup")
+        if ($NSObjects.serviceGroup) {
+            $serviceGrouMatchExpression = getMatchExpression $NSObjects.serviceGroup
+            #foreach ($serviceGroup in $NSObjects.serviceGroup) {
+                $serviceConfig = $config -match " serviceGroup $serviceGrouMatchExpression "
+                addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName")
+				addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName")
+                addNSObject "server" (getNSObjects $serviceConfig "server")
+                addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile")
+                addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile")
+                addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td")
+                addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName")
+                addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher")
+                addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName")
+                addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert")
+            #}
+        }
+        addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile")
+        addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td")
+        addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName")
+        addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile")
+        addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel")
+        addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName")
+        addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName")
+        addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName")
+        addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile")
+        addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName")
+        addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert")
+        addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $matchExpression ") "ssl vserver")
+        addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName")
+        addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel")
+        addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName")
+        addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel")
+        addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName")
+        addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel")
+        addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName")
+        addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel")
+        addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName")
+        addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName")
+        addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel")
+        addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName")
+        addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel")
+        addNSObject "filter policy" (getNSObjects $vserverConfig "filter policy" "-policyName")
+        addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy")
+        addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName")
+        addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel")
+        addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName")
+        addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName")
+        addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName")
+        addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName")
+        addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName")
+        addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy")
+        addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName" )
+        addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName")
+        addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName")
+        addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName")
+        addNSObject "lb profile" (getNSObjects $vserverConfig "lb profile" "-lbprofilename")
+        addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset")
+        addNSObject "authentication adfsProxyProfile" (getNSObjects $vserverConfig "authentication adfsProxyProfile" "-adfsProxyProfile")
+    #}
+
+}
+
+function getHttpVServer ($matchConfig) {
+    # Matches local LB/CS vServer VIPs in URLs (e.g. StoreFront URL) - No FQDN support
+
+    # Read all LB/CS objects of protocol HTTP/SSL from from full config. Extract Name, IP, and Port
+    if ($matchConfig -match "http://") 
+    {
+        $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) HTTP (\d+\.\d+.\d+\.\d+) (\d+) ' | ForEach-Object { New-Object PSObject -property @{
+            Name = $_.Matches.Groups[2].value
+            IP = $_.Matches.Groups[3].value
+            Port = $_.Matches.Groups[4].value
+            }
+        }
+    } 
+    elseif ($matchConfig -match "https://")
+    {
+        $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) SSL (\d+\.\d+.\d+\.\d+) (\d+)' | ForEach-Object { New-Object PSObject -property @{
+            Name = $_.Matches.Groups[2].value
+            IP = $_.Matches.Groups[3].value
+            Port = $_.Matches.Groups[4].value
+            }
+        }
+    }
+    
+    # Check URL for matching VIP and/or Port number
+    $objectMatches = @()
+    foreach ($objectCandidate in $objectsAll) 
+    {
+        if ($matchConfig -match $objectCandidate.IP)
+        {
+            if ($matchConfig -match ":\d+/")
+            {
+                if ($matchConfig -match (":" + $objectCandidate.Port + "/"))
+                {
+                    $objectMatches += $objectCandidate.Name
+                }
+            } 
+            elseif ($objectCandidate.Port -eq "80" -or $objectCandidate.Port -eq "443") 
+            {
+                $objectMatches += $objectCandidate.Name
+            }
+        }
+    }
+    
+    return $objectMatches
+}
+
+
+
+function outputnFactorPolicies ($bindingType, $indent) {
+    $matchedConfig = @()
+    $loginSchemaProfile = $config | select-string -Pattern ('^add ' + $bindingType + ' -loginSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+    if ($loginSchemaProfile) {
+        $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema Profile = " + $loginSchemaProfile
+        $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaProfile + " "
+        $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        if ($loginSchemaXML) {
+            $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema XML = " + $loginSchemaXML
+        }
+    }
+    $policies = $config | select-string -Pattern ('^bind ' + $bindingType + ' -(policy|policyName|loginSchema) (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value}
+    foreach ($policy in $policies) {
+        $policyBinding = $config -match ('^bind ' + $bindingType + " -(policy|policyName|loginSchema) " + $policy + " ")
+        $priority = $policyBinding | select-string -Pattern ('-priority (\d+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        $goto = $policyBinding | select-string -Pattern ('-gotoPriorityExpression (\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        $loginSchemaPolicy = $config -match '^add authentication loginSchemaPolicy ' + $policy + " "
+        if ($loginSchemaPolicy) {
+            $loginSchemaAction = $loginSchemaPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+            $rule = $loginSchemaPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value}
+            $matchedConfig += $linePrefix + ($spacing * $indent) + "Login Schema Policy = " + $policy
+            $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority
+            $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule
+            $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaAction + " "
+            if ($loginSchemaProfile) {
+                $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+                $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Login Schema XML = " + $loginSchemaXML
+            }
+        }
+        $authPolicy = $config -match '^add authentication Policy ' + $policy + ' '
+        if ($authPolicy) {
+            $authAction = $authPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+            $authActionConfig = $config -match '^add authentication \w+?Action ' + $authAction + " "
+            $AAAGroup = $authActionConfig | select-string -Pattern ('-defaultAuthenticationGroup (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+            $authType = $authActionConfig | select-string -Pattern ('^add authentication (\w+?Action)') | ForEach-Object {$_.Matches.Groups[1].value}
+            $rule = $authPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value}
+            $nextFactor = $policyBinding | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+            $matchedConfig += $linePrefix + ($spacing * $indent) + "Adv Authn Policy = " + $policy
+            $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority
+            $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule
+            if ($authType) {
+                $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authType + " named " + $authAction
+            } else {
+                $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authAction
+            }
+            if ($AAAGroup) {
+                $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "AAA Group = " + $AAAGroup            
+            }
+            $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Goto if failed = " + $goto
+            if ($nextFactor) {
+                $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Next Factor if Success = " + $nextFactor
+                $matchedConfig += outputnFactorPolicies ('authentication policylabel ' + $nextFactor) ($indent + 2)
+            }
+        }
+    }
+    return $matchedConfig
+}
+
+function outputObjectConfig ($header, $NSObjectKey, $NSObjectType, $explainText) {
+    $uniqueObjects = $NSObjects.$NSObjectKey | Select-Object -Unique
+    
+    # Build header line
+    $output = "# " + $header + "`n# "
+    1..$header.length | ForEach-Object {$output += "-"}
+    $output += "`n"
+    
+    $matchedConfig = @()
+    if ($NSObjectType -eq "raw") { 
+        # Print actual Object Values. Don't get output from filtered config.
+        $matchedConfig = $NSObjects.$NSObjectKey + "`n"
+    } else {    
+        foreach ($uniqueObject in $uniqueObjects) {
+        
+            # For regex, replace dots with escaped dots and escaped *
+            $uniqueObject = $uniqueObject -replace "\.", "\."
+            $uniqueObject = $uniqueObject -replace "\*", "\*"
+            
+            # Don't match "-" to prevent "add serviceGroup -netProfile"
+            # Ensure there's whitespace before match to prevent substring matches (e.g. MyServer matching server)
+            if ($NSObjectType) { 
+                # Optional $NSObjectType overrides $NSObjectKey if they don't match (e.g. CA Cert doesn't match certKey)
+                $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "$"
+                $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "[^\S]"
+            } else { 
+                $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "$"
+                $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "[^\S]" 
+            }
+            # if ($uniqueObject -eq "NO_RW_192\.168\.192\.242") {write-host $uniqueObject $matchedConfig}
+            
+            $matchedConfig += "`n"
+        }
+    }
+
+    if ($explainText) { 
+        $explainText = @($explainText -split "`n")
+        $explainText | ForEach-Object {
+            $matchedConfig += "# *** " + $_
+        }
+        $matchedConfig += "`n"
+    }
+
+    # nFactor Visualizer
+    if ($NSObjectKey -eq "authentication vserver") {
+        $linePrefix = "# ** "
+        $spacing = "   "
+        foreach ($aaavServer in $uniqueObjects) {
+            $indent = 0
+            $matchedConfig += $linePrefix + "nFactor Visualizer "
+            $matchedConfig += $linePrefix + "------------------ "
+            $matchedConfig += $linePrefix + ($spacing * $indent) + "AAA vserver: " + $aaavServer
+            $matchedConfig += outputnFactorPolicies ("authentication vserver " + $aaavServer) 1
+            $matchedConfig += "`n"
+        }
+    }
+    
+    # Add line endings to output
+    $SSLVServerName = ""
+    foreach ($line in $matchedConfig) { 
+        
+        # if binding new cipher group, remove old ciphers first
+        # only add unbind line once per SSL object
+        $SSLvserverNameMatch = $line | select-string -Pattern ('^bind ssl (vserver|service|serviceGroup|monitor) (.*) -cipherName') | ForEach-Object {$_.Matches.Groups[2].value}
+        if ($SSLvserverNameMatch -and ($SSLVServerName -ne $SSLvserverNameMatch)) {
+            $SSLVServerName = $SSLvserverNameMatch
+            $output += ($line -replace "bind (.*) -cipherName .*", "unbind `$1 -cipherName DEFAULT`n")
+        }
+        
+        # handle one blank line between mutliple objects of same type
+        if ($line -ne "`n") { 
+            $output += $line + "`n" 
+        } else {
+            $output += "`n"
+        }
+    }
+    
+    # Output to file or screen
+    if ($outputFile -and ($outputFile -ne "screen")) {
+        $output | out-file $outputFile -Append
+    } else {
+        $output
+    }
+}
+
+## Start main script
+
+# Clear configuration from last run
+$nsObjects = @{}
+$nsObjectsCache = @{}
+
+$selectionDone =$false
+$firstLoop = $true
+
+
+do {
+    # Get matching vServer Names. If more than one, prompt for selection.
+    # This loop allows users to change the vServer filter text
+
+    if ($vserver -match " ") { 
+        $vserver = [char]34 + $vserver + [char]34 
+    }
+    $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+    if (!$vservers) {
+        # Try substring matches without quotes
+        if ($vserver -match " ") { $vserver = $vserver -replace [char]34 }
+        $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+    }
+    
+    # Make sure it's an array, even if only one match
+    $vservers = @($vservers)
+
+    # FirstLoop flag enables running script without prompting. 
+    # If second loop, then user must have changed the filter and wants to see results even if only one (or none).
+    if (($vservers.length -eq 1 -and $firstLoop) -or $vservers -contains $vserver) { 
+        # Get vServer Type
+        $vserverType = $config -match " $vservers " | select-string -Pattern ('^add (\w+) vserver') | ForEach-Object {$_.Matches.Groups[1].value}
+        addNSObject ($vserverType + " vserver") $vservers
+        $selectionDone = $true
+    } else {
+        # Prompt for vServer selection
+        
+        # Prepend System option
+        $vservers = @("System Settings") + $vservers
+
+        # Get vServer Type for each vServer name - later display to user
+        $vserverTypes = @("") * ($vservers.length)
+        $vserverTypes[0] = "sys"
+        
+        if ($vserver) {
+            $vserverConfig = $config -match "$vserver"
+        } else {
+            $vserverConfig = $config -match "add (\w+) vserver"
+        }
+        
+        for ($x = 1; $x -lt $vservers.length; $x++) {
+            $vserverTypes[$x] = $vserverConfig | select-string -Pattern ('^add (\w+) vserver ' + $vservers[$x] + " ") | ForEach-Object {$_.Matches.Groups[1].value}
+        }
+   
+        # Change "authentication" to "aaa" so it fits within 4 char column
+        $vserverTypes = $vserverTypes -replace "authentication", "aaa"
+    
+        # Get VIPs for each vServer so they can be displayed to the user
+        $VIPs = @("") * ($vservers.length)
+        for ($x = 1; $x -lt $vservers.length; $x++) {
+            $VIPs[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ (\d+\.\d+\.\d+\.\d+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        }
+
+        # Get Ports for each vServer so they can be displayed to the user
+        $Ports = @("") * ($vservers.length)
+        for ($x = 1; $x -lt $vservers.length; $x++) {
+            $Ports[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ \d+\.\d+\.\d+\.\d+ (\d+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        }
+		
+		# Get Enabled/Disabled State for each vServer so they can be displayed to the user
+        $States = @("") * ($vservers.length)
+        for ($x = 1; $x -lt $vservers.length; $x++) {
+            $States[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' .*? -state (\w+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        }
+
+        $selected = @("") * ($vservers.length)
+    
+        # Grid View 
+        $vserverObjects = @()
+        $vserverObjects = for ($x = 0; $x -lt $vservers.length; $x++) {
+            [PSCustomObject] @{
+                Type = $vserverTypes[$x]
+                Name = $vservers[$x]
+                VIP = $VIPs[$x]
+                Port = $Ports[$x]
+				State = $States[$x]
+                }
+        }
+        if ($IsMacOS){
+            "Use Listbox window to select Virtual Servers`n"
+            $vserverlist = $vservers | Foreach-object{,($_.trim('"') )}
+            $vserverlist = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set vserver to (choose from list  {"'+($vserverlist -join '","')+'"} with prompt "Command+Select Multiple Virtual Servers to extract" with multiple selections allowed)'+"`n"+'end tell' | osascript -s s) -replace ', ',',')
+            $vserverObjects = @()
+            [regex]::Matches($vserverlist, '(?:([\w\s]+))') | ForEach-Object {
+                if ($_.value -match ' '){$vservername = '"'+$_.value+'"'}
+                else {$vservername = $_.value}
+                $x = $vservers.IndexOf($vservername)
+                $vserverObjects += [PSCustomObject] @{
+                    Type = $vserverTypes[$x]
+                    Name = $vservers[$x]
+                    }
+            }
+        } else {
+            "Use Grid View window to select Virtual Servers`n"
+            $vserverObjects = $vserverObjects | Out-GridView -Title "Ctrl+Select Multiple Virtual Servers to extract" -PassThru
+        }
+        if (!$vserverObjects) { exit }
+        $vservers = @()
+        foreach ($vserverObject in $vserverObjects) {
+            if ($vserverObject.Type -eq "aaa") {
+                $vserverObject.Type = "authentication"
+            }
+            if ($vserverObject.Type -eq "sys") {
+                addNSObject ("sys") $vserverObject.Name
+                $vservers += "System Settings"
+            } else {
+                addNSObject ($vserverObject.Type + " vserver") $vserverObject.Name
+                $vservers += $vserverObject.Name
+            }
+        }
+        $selectionDone = $true
+
+        # CLI Menu Selection
+        <# do {
+            $count = 1
+            cls
+            $promptString = "Select one or more of the following Virtual Servers for configuration extraction:`n`n"
+            $promptString += "Virtual Server Filter = $vserver`n`n"
+            $promptString += "   Num   Type        VIP          Name`n"
+            $maxLength = ($vservers | sort-object length -desc | select -first 1).length
+            $promptString += "  -----  ----  " + ("-" * 15) + "  " + ("-" * $maxLength) + "`n"
+            write-host $promptString
+            foreach ($vserverOption in $vservers) {
+                $promptString = "{0,1} {1,4}:  {2,4}  {3,15}  $vserverOption" -f $selected[$count-1], $count, $vserverTypes[$count-1], $VIPs[$count-1]
+                if ($selected[$count-1] -eq "*") {
+                    write-host -foregroundcolor yellow $promptString
+                } else {
+                    write-host $promptString
+                }
+                $count++
+            }
+            write-host ""
+            $entry = read-host "Enter Number to select/deselect, * for all, 0 for new filter string, or <Enter> to begin extraction"
+            if (!$entry -or $entry -eq "") { $selectionDone = $true; break }
+            if ($entry -eq "*")
+            {
+                for ($x = 0; $x -lt $selected.length; $x++) {
+                    if ($selected[$x] -eq "*") { 
+                        $selected[$x] = "" 
+                    } else
+                    { 
+                        $selected[$x] = "*" 
+                    }
+                }
+            } else
+            {
+                try
+                {
+                    $entry = [int]$entry
+                    if ($entry -lt 0 -or $entry -gt $count) 
+                    {
+                        write-host "`nInvalid entry. Press Enter to try again. ";read-host
+                        $entry = "retry"
+                    } elseif ($entry -ge 1 -and $entry -le $count) 
+                    {
+                        # Swap select status
+                        if ($selected[$entry -1] -eq "*") 
+                        { 
+                            $selected[$entry-1] = "" 
+                        } else
+                        { 
+                            $selected[$entry-1] = "*" 
+                        }
+                    } elseif ($entry -eq 0) 
+                    {
+                        $newFilter = read-host "Enter new filter string"
+                        $vserver = $newFilter
+                        $entry = ""
+                        $selected = ""
+                    }
+                } catch 
+                {
+                    write-host "`nInvalid entry. Press Enter to try again. ";read-host
+                    $entry = "retry"
+                }
+            }
+        } while ($entry -and $entry -ne "")
+
+        $vserversSelected = @()
+        for ($x = 0; $x -lt ($selected.length); $x++) {
+            $vserverTypes = $vserverTypes -replace "aaa", "authentication"
+            if ($selected[$x] -eq "*") {
+                addNSObject ($vserverTypes[$x] + " vserver") $vservers[$x] 
+                $vserversSelected += $vservers[$x]
+                $selectionDone = $true
+            }
+        }
+    
+        $vservers = $vserversSelected #>
+    }
+    $firstLoop = $false
+} while (!$selectionDone)
+
+if (!$vservers) { exit }
+
+
+# Run the Get-Output function to ask the user where to save the NetScaler documentation file
+if (!$outputFile) { $outputFile = Get-OutputFile $outputfile }
+
+
+"`nLooking for objects associated with selected vServers: `n" + ($vservers -join "`n") + "`n"
+
+$Timer = [system.diagnostics.stopwatch]::StartNew()
+
+# Get System Objects
+if ($nsObjects."sys") {
+    addNSObject "ns partition" (getNSObjects ($config -match "add ns partition") "ns partition")
+    addNSObject "dns nameServer" (getNSObjects ($config -match "add dns nameServer") "dns nameServer")
+    if ($nsObjects."dns nameServer") 
+    {
+        foreach ($nameserver in $nsObjects."dns nameServer") {
+            $nameServerConfig = $config -match "lb vserver $nameserver "
+            addNSObject "lb vserver" (getNSObjects $nameServerConfig "lb vserver")
+        }
+    }
+    addNSObject "ns feature" ($config -match "ns feature")
+    addNSObject "ns mode" ($config -match "ns mode")
+    addNSObject "system parameter" ($config -match "system parameter")
+    addNSObject "ns encryptionParams" ($config -match "set ns encryptionParams")
+    addNSObject "ssl cipher" (getNSObjects $config "ssl cipher" "-cipherName")
+    
+    # Get Networking Settings
+    addNSObject "ns config" ($config -match "ns config")
+    addNSObject "ns hostName" ($config -match "ns hostName")
+    addNSObject "interface" ($config -match " interface ")
+    addNSObject "channel" ($config -match " channel ")
+    addNSObject "vlan" (getNSObjects ($config -match " vlan ") "vlan")
+    addNSObject "vrid" (getNSObjects ($config -match "vrid") "vrid")
+    addNSObject "ns ip" (getNSObjects ($config -match "ns ip") "ns ip")
+    addNSObject "route" ($config -match " route ")
+    addNSObject "ns pbr" ($config -match " ns pbr")
+    addNSObject "mgmt ssl service" (getNSObjects ($config -match " ssl service ns(krpcs|https|rpcs|rnatsip)-") "ssl service")
+
+    # Get SNMP
+    addNSObject "snmp community" ($config -match " snmp community")
+    addNSObject "snmp manager" ($config -match " snmp manager")
+    addNSObject "snmp trap" ($config -match " snmp trap")
+    addNSObject "snmp alarm" ($config -match " snmp alarm")
+
+    # Get HA settings
+    addNSObject "ha node" ($config -match "HA node")
+    addNSObject "ha rpcNode" (getNSObjects ($config -match "set ns config") "ns rpcNode")
+    addNSObject "ha rpcNode" (getNSObjects ($config -match "HA node") "ns rpcNode")
+    
+    # Get System Global Bindings - authentication, syslog
+    addNSObject "system global" ($config -match "system global")
+    addNSObject "authentication Policy" (getNSObjects ($config -match "system global") "authentication Policy")
+    addNSObject "authentication ldapPolicy" (getNSObjects ($config -match "system global") "authentication ldapPolicy")
+    addNSObject "authentication radiusPolicy" (getNSObjects ($config -match "system global") "authentication radiusPolicy")
+    addNSObject "authentication tacacsPolicy" (getNSObjects ($config -match "system global") "authentication tacacsPolicy")
+    addNSObject "authentication localPolicy" (getNSObjects ($config -match "system global") "authentication localPolicy")
+    addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind system global") "audit syslogPolicy")
+    addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind audit syslogGlobal") "audit syslogPolicy")
+    addNSObject "audit nslogPolicy" (getNSObjects ($config -match "bind system global") "audit nslogPolicy") 
+    addNSObject "system user" (getNSObjects ($config -match "system user") "system user")
+    addNSObject "system group" (getNSObjects ($config -match "system group") "system group")
+    
+}
+
+# If $cswBind switch is true, look for CS vServers that the LB, AAA, and/or VPN vServers are bound to.
+if ($cswBind){
+    $cswBindType = @{lb='lbvserver';vpn='vserver';authentication='vserver'}
+    foreach ($vsrvType in 'lb','vpn','authentication' ) {
+        if ($nsObjects."$vsrvType vserver") {
+            foreach ($vsrv in $nsObjects."$vsrvType vserver")
+            {
+                # CSW Default virtual server
+                if ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv"){
+                    addNSObject "cs vserver" ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value})
+                }
+                # CSW Policy Bind -targetlbserver
+                if ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv"){
+                    addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value})
+                }
+                # CSW Action -targetlbserver -targetvserver
+                if ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv"){
+                    $csaction = ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^add cs action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value})
+                    #CS Policy for CS Action
+                    $cspolicy = ($config -match "add cs policy .* -action $csaction" | select-string -Pattern ('^add cs policy (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value})
+                    #CS vServer for CS Policy
+                    addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName $cspolicy" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value})
+                }
+            }
+        }
+    }
+}
+
+# Look for Backup CSW vServers and Linked LB vServers
+if ($nsObjects."cs vserver") {
+    if ($config -match "enable ns feature.* CS") 
+    {
+        $NSObjects."cs parameter" = @("enable ns feature CS")
+    } else {
+        $NSObjects."cs parameter" = @("# *** CS feature is not enabled")
+    }
+    
+    foreach ($csvserver in $nsObjects."cs vserver") {
+        $currentVServers = $nsObjects."cs vserver"
+        $nsObjects."cs vserver" = @()   
+        $vserverConfig = $config -match " $csvserver "
+        # Backup VServers should be created before Active VServers
+        $backupVServers = getNSObjects ($vserverConfig) "cs vserver" "-backupVServer"
+        if ($backupVServers) {
+            addNSObject "cs vserver" ($backupVServers)
+            foreach ($vserver in $currentvservers) {
+                if ($backupVServers -notcontains $vserver) {
+                    addNSObject "cs vserver" ($vserver)
+                }
+            }
+        } else {
+            $nsObjects."cs vserver" = $currentVServers
+        }
+        addNSObject "lb vserver" (getNSObjects $vserverconfig "lb vserver" "-targetLBVserver")
+    }
+}
+
+
+# Enumerate CSW vServer config for additional bound objects
+if ($nsObjects."cs vserver") {
+    foreach ($csvserver in $nsObjects."cs vserver") {
+        $vserverConfig = $config -match "vserver $csvserver "
+        addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policyName")
+        addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel")
+        addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver")
+        addNSObject "gslb vserver" (getNSObjects $vserverConfig "gslb vserver" "-vserver")
+        addNSObject "vpn vserver" (getNSObjects $vserverConfig "vpn vserver" "-vserver")
+        addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile")
+        addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td")
+        addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName")
+        addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName")
+        addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName")
+        addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName")
+        addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName")
+        addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile")
+        addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel")
+        addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName")
+        addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName")
+        addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName")
+        addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName")
+        addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName")
+        addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile")
+        addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName")
+        addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $csvserver ") "ssl vserver")
+        addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName")
+        addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel")
+        addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName")
+        addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel")
+        addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName")
+        addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel")
+        addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName")
+        addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel")
+        addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName")
+        addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel")
+        addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName")
+        addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel")
+        addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName")
+        addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel")
+        addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName")
+        addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName")
+        addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName")
+        addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName")
+        addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset")
+        addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile")
+    }
+}
+
+# write-host ("cs objects: " + $timer.elapsed.TotalSeconds)
+
+# Get CSW Policies from CSW Policy Labels
+if ($NSObjects."cs policylabel") {
+    foreach ($policy in $NSObjects."cs policylabel") {
+        addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy")
+    }
+}
+
+
+# Get CSW Actions from CSW Policies
+if ($NSObjects."cs policy") {
+    $matchExpression = getMatchExpression $NSObjects."cs policy" 
+    addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action")
+    addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $matchExpression") "audit messageaction" "-logAction")
+
+    # Get vServers linked to CSW Actions
+    if ($NSObjects."cs action") {
+        $matchExpression = getMatchExpression $NSObjects."cs action"
+        $filteredConfig = $config -match " $matchExpression "
+        addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver")
+        addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver")
+        addNSObject "authentication vserver" (getNSObjects ($filteredConfig) "authentication vserver" "-targetVserver")
+        addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver")
+    }
+}
+
+
+# Look for Backup CR vServers
+if ($nsObjects."cr vserver") {
+    foreach ($crvserver in $nsObjects."cr vserver") {
+        $currentVServers = $nsObjects."cr vserver"
+        $nsObjects."cr vserver" = @()   
+        $vserverConfig = $config -match " $crvserver "
+        # Backup VServers should be created before Active VServers
+        $backupVServers = getNSObjects ($vserverConfig) "cr vserver" "-backupVServer"
+        if ($backupVServers) {
+            addNSObject "cr vserver" ($backupVServers)
+            foreach ($vserver in $currentvservers) {
+                if ($backupVServers -notcontains $vserver) {
+                    addNSObject "cr vserver" ($vserver)
+                }
+            }
+        } else {
+            $nsObjects."cr vserver" = $currentVServers
+        }
+    }
+}
+
+
+# Enumerate CR vServer config for additional bound objects
+if ($nsObjects."cr vserver") {
+    foreach ($crvserver in $nsObjects."cr vserver") {
+        $vserverConfig = $config -match " $crvserver "
+        addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy")
+        addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel")
+        addNSObject "cr policy" (getNSObjects $vserverConfig "cr policy")
+        addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver")
+        addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName")
+        addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile")
+        addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td")
+        addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName")
+        addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName")
+        addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName")
+        addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher")
+        addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile")
+        addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName")
+        addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $crvserver ") "ssl vserver")
+        addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName")
+        addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel")
+        addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName")
+        addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel")
+        addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName")
+        addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel")
+        addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName")
+        addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel")
+        addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName")
+        addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel")
+        addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName")
+        addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel")
+        addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName")
+        addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName")
+        addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName")
+        addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName")
+        addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset")
+        addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile")
+    }
+}
+
+# Get Message Actions from CR Policies
+if ($NSObjects."cr policy") {
+    foreach ($policy in $NSObjects."cr policy") {
+        addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction")
+    }
+}
+
+
+# Get CSW Policies from CSW Policy Labels
+if ($NSObjects."cs policylabel") {
+    foreach ($policy in $NSObjects."cs policylabel") {
+        addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy")
+    }
+}
+
+
+# Get CSW Actions from CSW Policies
+if ($NSObjects."cs policy") {
+    $matchExpression = getMatchExpression $NSObjects."cs policy"
+    addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action")
+    addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction")
+
+    # Get vServers linked to CSW Actions
+    if ($NSObjects."cs action") {
+        $matchExpression = getMatchExpression $NSObjects."cs action"
+        $filteredConfig = $config -match " $matchExpression "
+        foreach ($action in $NSObjects."cs action") {
+        addNSObject "lb vserver" (getNSObjects ( $filteredConfig) "lb vserver" "-targetLBVserver")
+        addNSObject "vpn vserver" (getNSObjects ( $filteredConfig) "vpn vserver" "-targetVserver")
+        addNSObject "gslb vserver" (getNSObjects ( $filteredConfig) "gslb vserver" "-targetVserver")
+        }
+    }
+}
+
+# Look for Backup GSLB vServers
+if ($nsObjects."gslb vserver") {
+    foreach ($gslbvserver in $nsObjects."gslb vserver") {
+#        $currentVServers = $nsObjects."gslb vserver"
+#        $nsObjects."gslb vserver" = @()   
+        $vserverConfig = $config -match " $gslbvserver "
+        # Backup VServers should be created before Active VServers
+        $backupVServers = getNSObjects ($vserverConfig) "gslb vserver" "-backupVServer"
+        if ($backupVServers) {
+            addNSObject "gslb vserver" ($backupVServers)
+#            foreach ($vserver in $currentvservers) {
+#                if ($backupVServers -notcontains $vserver) {
+#                    addNSObject "gslb vserver" ($vserver)
+#                }
+#            }
+#        } else {
+#            $nsObjects."gslb vserver" = $currentVServers
+        }
+    }
+}
+
+
+# Enumerate GSLB vServer config for additional bound objects
+if ($nsObjects."gslb vserver") {
+    if ($config -match "enable ns feature.* GSLB") {
+        $NSObjects."gslb parameter" = @("enable ns feature gslb")
+    } else {
+        $NSObjects."gslb parameter" = @("# *** GSLB feature is not enabled")
+    }
+    foreach ($gslbvserver in $nsObjects."gslb vserver") {
+        $vserverConfig = $config -match " $gslbvserver "
+        addNSObject "gslb service" (getNSObjects $vserverConfig "gslb service" "-serviceName")
+        addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $gslbvserver ") "ssl vserver")
+        addNSObject "dns soaRec" (getNSObjects $vserverConfig "dns soaRec")
+        addNSObject "dns nsRec" (getNSObjects $vserverConfig "dns nsRec")
+    }
+
+    if ($NSObjects."gslb service")
+    {
+        foreach ($service in $NSObjects."gslb service") 
+        { 
+            # wrap config matches in spaces to avoid substring matches
+            $serviceConfig = $config -match " gslb service $service "
+            addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName")
+			addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName")
+            addNSObject "server" (getNSObjects $serviceConfig "server")
+            addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile")
+            addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile")
+            addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td")
+            addNSObject "dns view" (getNSObjects $serviceConfig "dns view" "-viewName")
+            addNSObject "gslb site" (getNSObjects $serviceConfig "gslb site" "-siteName")
+        }
+    }
+    
+    if ($NSObjects."gslb site")
+    {
+        foreach ($site in $NSObjects."gslb site") 
+        { 
+            $siteConfig = $config -match "add gslb site $site "
+            addNSObject "ns rpcNode" (getNSObjects $siteConfig "ns rpcNode")
+        }
+    }
+     
+    addNSObject "dns cnameRec" (getNSObjects ($config -match "^add dns cnameRec ") "dns cnameRec")
+    addNSObject "dns addRec" (getNSObjects ($config | select-string -Pattern "^add dns addRec" | select-string -NotMatch -Pattern ".root-servers.net") "dns addRec")
+    addNSObject "gslb location" ($config -match "^set locationParameter") "gslb location"
+    addNSObject "gslb location" ($config -match " locationFile ") "gslb location"
+    addNSObject "gslb location" ($config -match "^add location ") "gslb location"
+    addNSObject "gslb parameter" ($config -match "^set gslb parameter ") "gslb parameter"
+    addNSObject "gslb parameter" ($config -match "^set dns parameter") "gslb parameter"
+    # Get all global DNS Responder policies in case they affect GSLB DNS traffic
+    addNSObject "responder policy" (getNSObjects ($config -match "^bind responder global .*? -type DNS_REQ_") "responder policy")
+    # Get all global DNS Policy bindings in case they affect ADNS traffic?
+    addNSObject "dns policy" (getNSObjects ($config -match "^bind dns global") "dns policy")
+    addNSObject "adns service" ($config -match '^add service (".*?"|[^-"]\S+) \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} ADNS') "adns service"
+    # Get all DNS LB vServers in case they are used for DNS Queries?
+    addNSObject "lb vserver" (getNSObjects ($config -match '^add lb vserver (".*?"|[^-"]\S+) DNS') "lb vserver")
+}
+
+
+# Get DNS Actions and DNS Polices from DNS Views
+if ($nsObjects."dns view") {
+    foreach ($view in $nsObjects."dns view") {
+        addNSObject "dns action" (getNSObjects ($config -match "dns action .*? -viewName $view") "dns action")
+    }
+    foreach ($action in $nsObjects."dns action") {
+        addNSObject "dns policy" (getNSObjects ($config -match "dns policy .*? $action") "dns policy" )
+    }
+}
+
+
+if ($nsObjects."dns policy") {
+    # Get DNS Actions for global DNS policies discovered earlier
+    foreach ($policy in $nsObjects."dns policy") {
+        addNSObject "dns action" (getNSObjects ($config -match "dns policy $policy") "dns action")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "dns policy $policy") "audit messageaction" "-logAction")
+    }
+    # Get DNS Profiles linked to DNS Actions
+    foreach ($action in $nsObjects."dns action") {
+        addNSObject "dns profile" (getNSObjects ($config -match "dns action $action") "dns profile" "-dnsProfileName" )
+    }
+    # Get DNS Views linked to DNS Actions
+    foreach ($action in $nsObjects."dns action") {
+        addNSObject "dns view" (getNSObjects ($config -match "dns action $action") "dns view" "-viewName" )
+    }
+    addNSObject "dns global" ($config -match "bind dns global ") "dns global"
+}
+
+
+
+# Enumerate VPN vServer config for additional bound objects
+if ($nsObjects."vpn vserver") {
+    if ($config -match "enable ns feature.* SSLVPN") {
+        $NSObjects."vpn parameter" = @("enable ns feature SSLVPN")
+    } else {
+        $NSObjects."vpn parameter" = @("# *** Citrix Gateway feature is not enabled")
+    }
+    addNSObject "vpn parameter" ($config -match "vpn parameter") "vpn parameter"
+    addNSObject "vpn parameter" ($config -match "ica parameter") "vpn parameter"
+    addNSObject "vpn parameter" ($config -match "aaa parameter") "vpn parameter"
+    addNSObject "vpn parameter" ($config -match "dns suffix") "vpn parameter"
+    addNSObject "clientless domains" ($config -match "ns_cvpn_default_inet_domains") "clientless domains"
+    foreach ($vpnvserver in $nsObjects."vpn vserver") {
+        $vserverConfig = $config -match " $vpnvserver "
+        addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel")
+        addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy")
+        addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile")
+        addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile")
+        addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName")
+        addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td")
+        addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile")
+        addNSObject "vpn pcoipVserverProfile" (getNSObjects $vserverConfig "vpn pcoipVserverProfile" "-pcoipVserverProfileName")
+        addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication")
+        addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme")
+        addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula")
+        addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer")
+        addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policy")
+        addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policy")
+        addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy")
+        addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy")
+        addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy")
+        addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy")
+        addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy")
+        addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy")
+        addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy")
+        addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy")
+        addNSObject "aaa preauthenticationpolicy" (getNSObjects $vserverConfig "aaa preauthenticationpolicy" "-policy")
+        addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policy")
+        addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policy")
+        addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policy")
+        addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel")
+        addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policy")
+        addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policy")
+        addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel")
+        addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policy")
+        addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel")
+        addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policy")
+        addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel")
+        addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policy")
+        addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel")
+        addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy")
+        addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy")
+        addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policy")
+        addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy")
+        addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher") 
+        addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile")
+        addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName")
+        addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $vpnvserver ") "ssl vserver")
+        addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName")
+        addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset")
+        addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile")
+    }
+    addNSObject "aaa group" (getNSObjects ($config -match "add aaa group") "aaa group")
+    addNSObject "vpn global" ($config -match "bind vpn global ") "vpn global"
+}
+
+
+# Get CSW Policies from CSW Policy Labels
+if ($NSObjects."cs policylabel") {
+    foreach ($policy in $NSObjects."cs policylabel") {
+        addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy")
+    }
+}
+
+
+# Get CSW Actions from CSW Policies
+if ($NSObjects."cs policy") {
+    $matchExpression = GetMatchExpression $NSObjects."cs policy"
+    addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action")
+    addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction")
+
+    # Get vServers linked to CSW Actions
+    if ($NSObjects."cs action") {
+        $matchExpression = GetMatchExpression $NSObjects."cs action"
+        $filteredConfig = $config -match " $matchExpression "
+        addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver")
+        addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver")
+        addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver")
+    }
+}
+
+
+# Get objects bound to VPN Global
+if ($nsObjects."vpn global") {
+    $vserverConfig = $config -match "bind vpn global "
+    addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication")
+    addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme")
+    addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula")
+    addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer")
+    addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policyName")
+    addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policyName")
+    addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy")
+    addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy")
+    addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy")
+    addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy")
+    addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy")
+    addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy")
+    addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy")
+    addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy")
+    addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policyName")
+    addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policyName")
+    addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policyName")
+    addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel" "policylabel")
+    addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName")
+    addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName")
+    addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel")
+    addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName")
+    addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel")
+    addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName")
+    addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel")
+    addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName")
+    addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName")
+    addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName")
+    addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName")
+    addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName")
+    addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName")
+    addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert")
+    
+    $vserverConfig = $config -match "set vpn parameter "
+    addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName")
+    addNSObject "vpn alwaysONProfile" (getNSObjects $vserverConfig "vpn alwaysONProfile" "-alwaysONProfileName")
+    addNSObject "aaa kcdAccount" (getNSObjects $vserverConfig "aaa kcdAccount" "-kcdAccount")
+    addNSObject "vpn pcoipProfile" (getNSObjects $vserverConfig "vpn pcoipProfile" "-pcoipProfileName")
+    addNSObject "rdp clientprofile" (getNSObjects $vserverConfig "rdp clientprofile" "-rdpClientProfileName")
+}
+
+
+# Look for LB Persistency Groups
+if ($nsObjects."lb vserver") {
+    $matchExpression = getMatchExpression $nsObjects."lb vserver"
+    $vserverConfig = $config -match " $matchExpression$"
+    addNSObject "lb group" (getNSObjects ($vserverConfig) "lb group")
+    if ($nsObjects."lb group") {
+        foreach ($lbgroup in $NSObjects."lb group") { 
+            addNSObject "lb vserver" (getNSObjects ($config -match "lb group " + $lbgroup) "lb vserver")
+        }
+    }
+}
+
+
+# Look for Backup LB vServers
+if ($nsObjects."lb vserver") {
+    $matchExpression = getMatchExpression $nsObjects."lb vserver"
+        $currentVServers = $nsObjects."lb vserver"
+        $nsObjects."lb vserver" = @()   
+        $vserverConfig = $config -match " $matchExpression "
+        # Backup VServers should be created before Active VServers
+        $backupVServers = getNSObjects ($vserverConfig) "lb vserver" "-backupVServer"
+        if ($backupVServers) {
+            addNSObject "lb vserver" ($backupVServers)
+            foreach ($vserver in $currentvservers) {
+                if ($backupVServers -notcontains $vserver) {
+                    addNSObject "lb vserver" ($vserver)
+                }
+            }
+        } else {
+            $nsObjects."lb vserver" = $currentVServers
+        }
+}
+
+
+# Get objects linked to AAA Groups
+if ($nsObjects."aaa group") {
+    foreach ($group in $nsObjects."aaa group") {
+        $groupConfig = $config -match " aaa group $group "
+        addNSObject "vpn intranetApplication" (getNSObjects $groupConfig "vpn intranetApplication" "-intranetApplication")
+        addNSObject "vpn sessionPolicy" (getNSObjects $groupConfig "vpn sessionPolicy" "-policy")
+        addNSObject "vpn trafficPolicy" (getNSObjects $groupConfig "vpn trafficPolicy" "-policy")
+        addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel")
+        addNSObject "authorization policy" (getNSObjects $groupConfig "authorization policy" "-policy")
+        addNSObject "vpn url" (getNSObjects $groupConfig "vpn url" "-urlName")
+    }
+}
+
+
+# Get Preauthentication Actions from Preauthentication Policies
+if ($NSObjects."aaa preauthenticationpolicy") {
+    foreach ($policy in $NSObjects."aaa preauthenticationpolicy") {
+        addNSObject "aaa preauthenticationaction" (getNSObjects ($config -match "aaa preauthenticationpolicy $policy ") "aaa preauthenticationaction" -position 4)
+    }
+}
+
+
+# Get VPN Session Actions from VPN Session Policies
+if ($NSObjects."vpn sessionPolicy") {
+    foreach ($policy in $NSObjects."vpn sessionPolicy") {
+        addNSObject "vpn sessionAction" (getNSObjects ($config -match "vpn sessionPolicy $policy ") "vpn sessionAction" -position 4)
+    }
+}
+
+
+# Get KCD Accounts and DNS LB vServers from VPN Session Actions
+if ($NSObjects."vpn sessionAction") {
+    foreach ($profile in $NSObjects."vpn sessionAction") 
+    {
+        $profileConfig = $config -match "vpn sessionAction $profile "
+        addNSObject "aaa kcdAccount" (getNSObjects $profileConfig "aaa kcdAccount" "-kcdAccount")
+        addNSObject "lb vserver" (getNSObjects $profileConfig "lb vserver" "-dnsVserverName")
+        if ($profileConfig -match "http://" -or $profileConfig -match "https://")
+        {
+            addNSObject "lb vserver" (getHttpVServer $profileConfig)            
+        }
+    }
+}
+
+
+# Enumerate LB vServer config for additional bound objects
+if ($nsObjects."lb vserver" -or $nsObjects."sys") {
+    if ($config -match "enable ns feature.* lb") {
+        $NSObjects."lb parameter" = @("enable ns feature lb")
+    } else {
+        $NSObjects."lb parameter" = @("# *** Load Balancing feature is not enabled")
+    }
+    addNSObject "lb parameter" ($config -match "ns mode") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set lb parameter") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns param") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set dns parameter") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set dns profile default-dns-profile") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns tcpParam") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns tcpProfile nstcp_default") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns httpParam") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns tcpbufParam") "lb parameter"
+    addNSObject "lb parameter" ($config -match "set ns timeout") "lb parameter"
+    GetLBvServerBindings $NSObjects."lb vserver"
+}
+
+
+# Get AAA VServers linked to Authentication Profiles
+if ($NSObjects."authentication authnProfile") {
+    foreach ($profile in $NSObjects."authentication authnProfile") {
+        addNSObject "authentication vserver" (getNSObjects ($config -match "authentication authnProfile $profile ") "authentication vserver" "-authnVsName")
+    }
+}
+
+
+# Get Objects linked to Authentication vServers
+if ($NSObjects."authentication vserver") {
+    if ($config -match "enable ns feature.* rewrite") {
+        $NSObjects."authentication param" = @("enable ns feature AAA")
+    } else {
+        $NSObjects."authentication param" = @("# *** AAA feature is not enabled")
+    }
+    $matchExpression = getMatchExpression $NSObjects."authentication vserver"
+    $vserverConfig = $config -match " $matchExpression "
+    addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td")
+    addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy")
+    addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy")
+    addNSObject "authentication policy" (getNSObjects $vserverConfig "authentication policy")
+    addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy")
+    addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy")
+    addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy")
+    addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy")
+    addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy")
+    addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy")
+    addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy")
+    addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy")
+    addNSObject "tm sessionPolicy" (getNSObjects $vserverConfig "tm sessionPolicy")
+    addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme")
+    addNSObject "authentication loginSchemaPolicy" (getNSObjects $vserverConfig "authentication loginSchemaPolicy")
+    addNSObject "authentication policylabel" (getNSObjects $vserverConfig "authentication policylabel" "-nextFactor")
+    addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy")
+    addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy")
+    addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policy")
+    addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy")
+    addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName")
+    addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile")
+    addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName")
+    addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert")
+    addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $authVServer ") "ssl vserver")
+}
+
+
+# Get CSW Actions from CSW Policies
+if ($NSObjects."cs policy") {
+    $matchExpression = getMatchExpression $NSObjects."cs policy"
+    addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action")
+    addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction")
+
+    # Get vServers linked to CSW Actions
+    if ($NSObjects."cs action") {
+        $matchExpression = getMatchExpression $NSObjects."cs action"
+        $filteredConfig = $config -match " $matchExpression "
+        addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver")
+        addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver")
+        addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver")
+    }
+}
+
+
+
+# Get Next Factors, Authentication Policies and Login Schemas from Authentication Policy Labels
+if ($NSObjects."authentication policylabel") {
+    # Get Next Factors; repeat multiple times for Next Factor nesting level
+    for ($i=0;$i -le $nFactorNestingLevel; $i++) {
+        foreach ($policy in $NSObjects."authentication policylabel") {
+            addNSObject "authentication policylabel" (getNSObjects ($config -match " $policy ") "authentication policylabel" "-nextFactor")
+        }
+    }
+
+    foreach ($policy in $NSObjects."authentication policylabel") {
+        addNSObject "authentication policy" (getNSObjects ($config -match " $policy ") "authentication policy")
+        addNSObject "authentication loginSchema" (getNSObjects ($config -match " $policy ") "authentication loginSchema")
+    }
+}
+
+
+# Sort the Policy Labels so Next Factors are created prior to policy bindings in earlier factors
+if ($NSObjects."authentication policylabel") {
+    $policyLabelsSorted = @()
+    foreach ($policyLabel in $NSObjects."authentication policylabel") {
+        $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ")
+        $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+        if (-not $nextFactors) {
+            $policyLabelsSorted = ,$policyLabel + $policyLabelsSorted
+        } else {
+            foreach ($nextFactor in $nextFactors) {
+                if ($policyLabelsSorted -contains $nextFactor) {
+                    $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel
+                }
+            }
+        }
+    }
+    for ($i=0; $i -lt $nFactorNestingLevel; $i++) {
+        foreach ($policyLabel in $NSObjects."authentication policylabel") {
+            $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ")
+            $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}
+            foreach ($nextFactor in $nextFactors) {
+                if ($policyLabelsSorted -contains $nextFactor) {
+                    $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel
+                }
+            }
+        }
+    }
+    $NSObjects."authentication policylabel" = $policyLabelsSorted
+}
+
+
+# Get Authentication Actions from Advanced Authentication Policies
+if ($NSObjects."authentication policy") {
+    $matchExpression = getMatchExpression $NSObjects."authentication policy"
+    $filteredConfig = $config -match "authentication policy $matchExpression "
+    addNSObject "authentication ldapAction" (getNSObjects ($filteredConfig) "authentication ldapAction")
+    addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction")
+    addNSObject "authentication radiusAction" (getNSObjects ($filteredConfig) "authentication radiusAction")
+    addNSObject "authentication samlAction" (getNSObjects ($filteredConfig) "authentication samlAction" -position 4)
+    addNSObject "authentication certAction" (getNSObjects ($filteredConfig) "authentication certAction")
+    addNSObject "authentication dfaAction" (getNSObjects ($filteredConfig) "authentication dfaAction")
+    addNSObject "authentication epaAction" (getNSObjects ($filteredConfig) "authentication epaAction")
+    addNSObject "authentication negotiateAction" (getNSObjects ($filteredConfig) "authentication negotiateAction")
+    addNSObject "authentication OAuthAction" (getNSObjects ($filteredConfig) "authentication OAuthAction")
+    addNSObject "authentication storefrontAuthAction" (getNSObjects ($filteredConfig) "authentication storefrontAuthAction")
+    addNSObject "authentication tacacsAction" (getNSObjects ($filteredConfig) "authentication tacacsAction")
+    addNSObject "authentication webAuthAction" (getNSObjects ($filteredConfig) "authentication webAuthAction")
+    addNSObject "authentication emailAction" (getNSObjects ($filteredConfig) "authentication emailAction")
+    addNSObject "authentication noAuthAction" (getNSObjects ($filteredConfig) "authentication noAuthAction")
+    addNSObject "authentication captchaAction" (getNSObjects ($filteredConfig) "authentication captchaAction")
+}
+
+
+# Get LDAP Actions from LDAP Policies
+if ($NSObjects."authentication ldapPolicy") {
+    foreach ($policy in $NSObjects."authentication ldapPolicy") {
+        addNSObject "authentication ldapAction" (getNSObjects ($config -match "authentication ldapPolicy $policy ") "authentication ldapAction")
+    }
+}
+
+
+# Get RADIUS Actions from RADIUS Policies
+if ($NSObjects."authentication radiusPolicy") {
+    foreach ($policy in $NSObjects."authentication radiusPolicy") {
+        addNSObject "authentication radiusAction" (getNSObjects ($config -match "authentication radiusPolicy $policy ") "authentication radiusAction" -position 4)
+    }
+}
+
+
+# Get Cert Actions from Cert Policies
+if ($NSObjects."authentication certPolicy") {
+    foreach ($policy in $NSObjects."authentication certPolicy") {
+        addNSObject "authentication certAction" (getNSObjects ($config -match "authentication certPolicy $policy ") "authentication certAction" -position 4)
+    }
+}
+
+
+# Get DFA Actions from DFA Policies
+if ($NSObjects."authentication dfaPolicy") {
+    foreach ($policy in $NSObjects."authentication dfaPolicy") {
+        addNSObject "authentication dfaAction" (getNSObjects ($config -match "authentication dfaPolicy $policy ") "authentication dfaAction")
+    }
+}
+
+
+# Get Negotiate Actions from Negotiate Policies
+if ($NSObjects."authentication negotiatePolicy") {
+    foreach ($policy in $NSObjects."authentication negotiatePolicy") {
+        addNSObject "authentication negotiateAction" (getNSObjects ($config -match "authentication negotiatePolicy $policy ") "authentication negotiateAction")
+    }
+}
+
+
+# Get TACACS Actions from TACACS Policies
+if ($NSObjects."authentication tacacsPolicy") {
+    foreach ($policy in $NSObjects."authentication tacacsPolicy") {
+        addNSObject "authentication tacacsAction" (getNSObjects ($config -match "authentication tacacsPolicy $policy ") "authentication tacacsAction")
+    }
+}
+
+
+# Get Web Auth Actions from Web Auth Policies
+if ($NSObjects."authentication webAuthPolicy") {
+    foreach ($policy in $NSObjects."authentication webAuthPolicy") {
+        addNSObject "authentication webAuthAction" (getNSObjects ($config -match "authentication webAuthPolicy $policy ") "authentication webAuthAction")
+    }
+}
+
+
+# Get SAML iDP Profiles from SAML iDP Policies
+if ($NSObjects."authentication samlIdPPolicy") {
+    foreach ($policy in $NSObjects."authentication samlIdPPolicy") {
+        addNSObject "authentication samlIdPProfile" (getNSObjects ($config -match "authentication samlIdPPolicy $policy ") "authentication samlIdPProfile" -position 4)
+        addNSObject "audit messageaction" (getNSObjects ($config -match "authentication samlIdPPolicy $policy") "audit messageaction" "-logAction")
+    }
+ 
+}
+
+
+# Get SAML Actions from SAML Authentication Policies
+if ($NSObjects."authentication samlPolicy") {
+    $matchExpression = GetMatchExpression $NSObjects."authentication samlPolicy"
+    addNSObject "authentication samlAction" (getNSObjects ($config -match "authentication samlPolicy $matchExpression ") "authentication samlAction" -position 4)
+}
+
+
+# Get SSL Certificates from SAML Actions, SAML Profiles, and ADFS Proxy Profiles
+if ($NSObjects."authentication samlAction") {
+    $matchExpression = GetMatchExpression $NSObjects."authentication samlAction"
+    $filteredConfig = $config -match "authentication samlAction $matchExpression "
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName")
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSigningCertName")
+}
+
+if ($NSObjects."authentication samlIdPProfile") {
+    $matchExpression = GetMatchExpression $NSObjects."authentication samlIdPProfile"
+    $filteredConfig = $config -match "authentication samlIdPProfile $matchExpression "
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName")
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSPCertName")
+}
+
+foreach ($action in $NSObjects."authentication adfsProxyProfile") {
+    addNSObject "ssl certKey" (getNSObjects ($config -match "authentication adfsProxyProfile $action ") "ssl certKey" "-certKeyName")
+}
+
+
+
+# Get Push Service from LDAP Actions
+foreach ($action in $NSObjects."authentication ldapAction") {
+    addNSObject "authentication pushService" (getNSObjects ($config -match "authentication ldapAction $action ") "authentication pushService" "-pushService")
+}
+
+
+# Get Default AAA Groups from Authentication Actions
+foreach ($action in $NSObjects."authentication certAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication certAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication dfaAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication dfaAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication epaAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-defaultEPAGroup")
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-quarantineGroup")
+}
+foreach ($action in $NSObjects."authentication ldapAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication ldapAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication negotiateAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication negotiateAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication OAuthAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication OAuthAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication radiusAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication radiusAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication samlAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication samlAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+foreach ($action in $NSObjects."authentication webAuthAction") {
+    addNSObject "aaa group" (getNSObjects ($config -match "authentication webAuthAction $action ") "aaa group" "-defaultAuthenticationGroup")
+}
+
+
+# Get SSL Objects from SSL vServers
+if ($NSObjects."ssl vserver") {
+    $matchExpression = getMatchExpression $NSObjects."ssl vserver"
+    $filteredConfig = $config -match " ssl vserver $matchExpression "
+    addNSObject "ssl cipher" (getNSObjects ($filteredConfig) "ssl cipher" "-cipherName")
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-certkeyName")
+    addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-cacert")
+    addNSObject "ssl logprofile" (getNSObjects ($filteredConfig) "ssl logprofile" "-ssllogprofile")
+    addNSObject "ssl profile" (getNSObjects ($filteredConfig) "ssl profile" "-sslProfile")
+}
+
+
+# Get objects linked to certKeys
+if ($NSObjects."ssl certKey") {
+    foreach ($certKey in $NSObjects."ssl certKey") {
+        $certKey = $certKey -replace "\.", "\."
+        $certKey = $certKey -replace "\*", "\*"
+        
+        # Get FIPS Keys from SSL Certs
+        addNSObject "ssl fipsKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl fipsKey" "-fipsKey")
+        
+        # Get HSM Keys from SSL Certs
+        addNSObject "ssl hsmKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl hsmKey" "-hsmKey")
+        
+        # Put Server Cerficates in different bucket than CA Certificates
+        addNSObject "ssl cert" ($config -match "add ssl certKey $certKey") "ssl certKey"
+        
+        # CA Certs are seperate section so they can be outputted before server certs
+        $CACert = getNSObjects ($config -match "link ssl certKey $certKey ") "ssl certKey"
+        foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} }
+        if ($CACert) {
+            addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey"
+            addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey"
+            $certKey = $CACert
+        }
+        
+        # Intermediate certs are sometimes linked to other intermediates
+        $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey"
+        foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} }
+        if ($CACert) {
+            addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey"
+            addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey"
+            $certKey = $CACert
+        }
+        
+        
+        # Intermedicate certs are sometimes linked to root certs
+        $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey"
+        foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} }
+        if ($CACert) {
+            addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey"
+            addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey"
+        }
+        
+    }
+}
+
+
+# Get Azure Key Vaults from HSM Keys
+if ($NSObjects."ssl hmsKey") {
+    foreach ($hmsKey in $NSObjects."ssl hmsKey") {
+        addNSObject "azure keyvault" (getNSObjects ($config -match "add ssl hsmKey $hsmKey ") "azure keyvault" "-keystore")
+    }
+
+    # Get callout root certificates
+    addNSObject "ssl cert" ($config -match "bind ssl cacertGroup ns_callout_certs ") "ssl certKey"
+}
+
+
+# Get Azure Applications from Azure Key Vaults
+if ($NSObjects."azure keyvault") {
+    foreach ($vault in $NSObjects."azure keyVault") {
+        addNSObject "azure application" (getNSObjects ($config -match "add azure keyVault $vault ") "azure application" "-azureApplication")
+    }
+}
+
+
+# Get Objects linked to Monitors
+if ($NSObjects.monitor) {
+    foreach ($monitor in $NSObjects.monitor) {
+        $monitorConfig = $config -match " monitor $monitor "
+        addNSObject "netProfile" (getNSObjects $monitorConfig "netProfile" "-netProfile")
+        addNSObject "ns trafficDomain" (getNSObjects $monitorConfig "ns trafficDomain" "-td")
+        addNSObject "aaa kcdAccount" (getNSObjects $monitorConfig "aaa kcdAccount" "-kcdAccount")
+        addNSObject "ssl profile" (getNSObjects $monitorConfig "ssl profile" "-sslProfile")
+        addNSObject "lb metricTable" (getNSObjects $monitorConfig "lb metricTable" "-metricTable")
+    }
+}
+
+
+# Get VPN Clientless Profiles from VPN Clientless Policies
+if ($NSObjects."vpn clientlessAccessPolicy") {
+    foreach ($policy in $NSObjects."vpn clientlessAccessPolicy") {
+        addNSObject "vpn clientlessAccessProfile" (getNSObjects ($config -match " vpn clientlessAccessPolicy $policy ") "vpn clientlessAccessProfile" -position 4)
+    }
+}
+
+
+# Get Rewrite PolicyLabels from VPN Clientless Profiles
+if ($NSObjects."vpn clientlessAccessProfile") {
+    foreach ($Profile in $NSObjects."vpn clientlessAccessProfile") {
+        addNSObject "rewrite policylabel" (getNSObjects ($config -match " vpn clientlessAccessProfile $Profile ") "rewrite policylabel" -position 4)
+    }
+}
+
+
+# Get global filter bindings, filter actions, and forwarding services
+
+if ($config -match "enable ns feature.* CF") {
+    addNSObject "filter policy" (getNSObjects ($config -match "bind filter global ") "filter policy")
+    if ($NSObjects."filter policy") {
+        # Get Filter Actions from Filter Policies
+        foreach ($policy in $NSObjects."filter policy") {
+            addNSObject "filter action" (getNSObjects ($config -match "filter policy $policy ") "filter action")
+        }
+        # Get Forwarding Services from Filter Actions
+        foreach ($action in $NSObjects."filter action") {
+            addNSObject "service" (getNSObjects ($config -match "filter action $action ") "service" "forward")
+        }
+    }
+}
+
+ if ($config -match "enable ns feature.* IC") {
+    $NSObjects."cache parameter" = @("enable ns feature IC")
+    # Get Cache Policies from Global Cache Bindings
+    addNSObject "cache policylabel" (getNSObjects ($config -match "bind cache global ") "cache policylabel")
+    addNSObject "cache Policy" (getNSObjects ($config -match "bind cache global ") "cache Policy")
+    addNSObject "cache parameter" ($config -match "set cache parameter ") "cache parameter"
+    addNSObject "cache global" ($config -match "bind cache global ") "cache global"
+} else {
+    $NSObjects."cache parameter" = @("# *** Integrated Caching feature is not enabled. Cache Global bindings skipped.")
+}
+
+
+
+# Get Cache Policies from Cache Policy Labels
+if ($NSObjects."cache policylabel") {
+    foreach ($policy in $NSObjects."cache policylabel") {
+        addNSObject "cache Policy" (getNSObjects ($config -match " $policy ") "cache Policy")
+    }
+}
+
+
+# Get Cache Content Groups from Cache Policies
+if ($NSObjects."cache policy") {
+    foreach ($policy in $NSObjects."cache policy") {
+        addNSObject "cache contentGroup" (getNSObjects ($config -match " $policy ") "cache contentGroup")
+    }
+}
+
+
+# Get Cache Selectors from Cache Content Groups
+if ($NSObjects."cache contentGroup") {
+    foreach ($policy in $NSObjects."cache contentGroup") {
+        addNSObject "cache selector" (getNSObjects ($config -match " $policy ") "cache selector")
+    }
+}
+
+
+# Get Global Responder Bindings
+addNSObject "responder policy" (getNSObjects ($config -match "bind responder global ") "responder policy")
+addNSObject "responder policylabel" (getNSObjects ($config -match "bind responder global ") "responder policylabel")
+
+
+# Get Responder Policies from Responder Policy Labels
+if ($NSObjects."responder policylabel") {
+    foreach ($policy in $NSObjects."responder policylabel") {
+        addNSObject "responder Policy" (getNSObjects ($config -match " $policy ") "responder Policy")
+    }
+}
+
+
+# Get Responder Actions and Responder Global Settings
+if ($NSObjects."responder policy") {
+    $matchExpression = getMatchExpression $NSObjects."responder policy"
+    $filteredConfig = $config -match " responder policy $matchExpression "
+    addNSObject "responder action" (getNSObjects ($filteredConfig) "responder action")
+    addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction")
+    addNSObject "ns assignment" (getNSObjects ($filteredConfig) "ns assignment")
+    if ($config -match "enable ns feature.* RESPONDER") {
+        $NSObjects."responder param" = @("enable ns feature RESPONDER")
+    } else {
+        $NSObjects."responder param" = @("# *** Responder feature is not enabled")
+    }
+    addNSObject "responder param" ($config -match "set responder param ") "responder param"
+    addNSObject "responder global" ($config -match "bind responder global ") "responder global"
+
+}
+
+
+# Get Rewrite Policies from Global Rewrite Bindings
+addNSObject "rewrite policy" (getNSObjects ($config -match "bind rewrite global ") "rewrite policy")
+addNSObject "rewrite policylabel" (getNSObjects ($config -match "bind rewrite global ") "rewrite policylabel")
+
+
+# Get Rewrite Policies from Rewrite Policy Labels
+if ($NSObjects."rewrite policylabel") {
+    $matchExpression = getMatchExpression $NSObjects."rewrite policylabel"
+    addNSObject "rewrite Policy" (getNSObjects ($config -match " $matchExpression ") "rewrite Policy")
+}
+
+
+# Get Rewrite Actions and Rewrite Global Settings
+if ($NSObjects."rewrite policy") {
+    $matchExpression = getMatchExpression $NSObjects."rewrite policy"
+    $filteredConfig = $config -match "rewrite policy $matchExpression "
+    addNSObject "rewrite action" (getNSObjects ($filteredConfig) "rewrite action")
+    addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction")
+
+    if ($config -match "enable ns feature.* rewrite") {
+        $NSObjects."rewrite param" = @("enable ns feature rewrite")
+    } else {
+        $NSObjects."rewrite param" = @("# *** Rewrite feature is not enabled")
+    }
+    addNSObject "rewrite param" ($config -match "set rewrite param ") "rewrite param"
+    addNSObject "rewrite global" ($config -match "bind rewrite global ") "rewrite global"
+}
+
+
+# Get Compression Policies from Global Compression Bindings
+addNSObject "cmp policy" (getNSObjects ($config -match "bind cmp global ") "cmp policy")
+addNSObject "cmp policylabel" (getNSObjects ($config -match "bind cmp global ") "cmp policylabel")
+
+
+# Get Compression Policies from Compression Policy Labels
+if ($NSObjects."cmp policylabel") {
+    foreach ($policy in $NSObjects."cmp policylabel") {
+        addNSObject "cmp policy" (getNSObjects ($config -match "cmp policylabel $policy ") "cmp policy")
+    }
+}
+
+
+# Get Compression Actions and Compression Global Settings
+if ($NSObjects."cmp policy") {
+    foreach ($policy in $NSObjects."cmp policy") {
+        addNSObject "cmp action" (getNSObjects ($config -match "cmp policy $Pplicy ") "cmp action")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "cmp policy $policy") "audit messageaction" "-logAction")
+    }
+    if ($config -match "enable ns feature.* cmp") {
+        $NSObjects."cmp parameter" = @("enable ns feature cmp")
+    } else {
+        $NSObjects."cmp parameter" = @("# *** Compression feature is not enabled")
+    }
+    addNSObject "cmp parameter" ($config -match "set cmp parameter ") "cmp parameter"
+    addNSObject "cmp global" ($config -match "bind cmp global ") "cmp global"
+}
+
+
+# Get global bound Traffic Management Policies
+$filteredConfig = $config -match "bind tm global"
+addNSObject "tm trafficPolicy" (getNSObjects ($filteredConfig) "tm trafficPolicy")
+addNSObject "tm sessionPolicy" (getNSObjects ($filteredConfig) "tm sessionPolicy")
+addNSObject "audit syslogPolicy" (getNSObjects ($filteredConfig) "audit syslogPolicy")
+addNSObject "audit nslogPolicy" (getNSObjects ($filteredConfig) "audit nslogPolicy")
+addNSObject "tm global" ($filteredConfig) "tm global"
+
+
+# Get AAA Traffic Actions from AAA Traffic Policies
+if ($NSObjects."tm trafficPolicy") {
+    $matchExpression = getMatchExpression $NSObjects."tm trafficPolicy"
+    addNSObject "tm trafficAction" (getNSObjects ($config -match " $matchExpression ") "tm trafficAction" -position 4)
+}
+
+
+# Get KCD Accounts and SSO Profiles from AAA Traffic Actions
+if ($NSObjects."tm trafficAction") {
+    $matchExpression = getMatchExpression $NSObjects."tm trafficAction"
+    $filteredConfig = $config -match "tm trafficAction $matchExpression "
+    addNSObject "aaa kcdAccount" (getNSObjects ($filteredConfig) "aaa kcdAccount" "-kcdAccount")
+    addNSObject "tm formSSOAction" (getNSObjects ($filteredConfig) "tm formSSOAction" "-formSSOAction")
+    addNSObject "tm samlSSOProfile" (getNSObjects ($filteredConfig) "tm samlSSOProfile" "-samlSSOProfile")
+}
+
+
+# Get Authorization Policies from Authorization Policy Labels
+if ($NSObjects."authorization policylabel") {
+    foreach ($policy in $NSObjects."authorization policylabel") {
+        addNSObject "authorization policy" (getNSObjects ($config -match "authorization policy $policy ") "authorization policy")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "authorization policy $policy") "audit messageaction" "-logAction")
+    }
+}
+
+
+# Get SmartControl Actions from SmartControl Policies
+if ($NSObjects."ica policy") {
+    foreach ($policy in $NSObjects."ica policy") {
+        addNSObject "ica action" (getNSObjects ($config -match "ica policy $policy ") "ica action" -position 4)
+        addNSObject "audit messageaction" (getNSObjects ($config -match "ica policy $policy") "audit messageaction" "-logAction")
+
+    }
+    
+    # Get SmartControl Access Profiles from SmartControl Actions
+    if ($NSObjects."ica action") {
+        foreach ($policy in $NSObjects."ica action") {
+            addNSObject "ica accessprofile" (getNSObjects ($config -match " $policy ") "ica accessprofile" -position 4)
+        }
+    }
+}
+
+
+# Get VPN Traffic Actions from VPN Traffic Policies
+if ($NSObjects."vpn trafficPolicy") {
+    foreach ($policy in $NSObjects."vpn trafficPolicy") {
+        addNSObject "vpn trafficAction" (getNSObjects ($config -match " $policy ") "vpn trafficAction" -position 4)
+    }
+}
+
+
+# Get KCD Accounts and SSO Profiles from VPN Traffic Actions
+if ($NSObjects."vpn trafficAction") {
+    foreach ($profile in $NSObjects."vpn trafficAction") {
+        addNSObject "aaa kcdAccount" (getNSObjects ($config -match "vpn trafficAction $profile ") "aaa kcdAccount" "-kcdAccount")
+        addNSObject "vpn formSSOAction" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn formSSOAction" "-formSSOAction")
+        addNSObject "vpn samlSSOProfile" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn samlSSOProfile" "-samlSSOProfile")
+    }
+}
+
+
+# Get PCoIP and RDP Profiles, and AlwaysOn Profiles from VPN Session Actions
+if ($NSObjects."vpn sessionAction") {
+    foreach ($policy in $NSObjects."vpn sessionAction") {
+        addNSObject "vpn pcoipProfile" (getNSObjects ($config -match " $policy ") "vpn pcoipProfile" -position 4)
+        addNSObject "rdp clientprofile" (getNSObjects ($config -match " $policy ") "rdp clientprofile" -position 4)
+        addNSObject "vpn alwaysONProfile" (getNSObjects ($config -match " $policy ") "vpn alwaysONProfile" "-alwaysONProfileName")
+    }
+}
+
+
+# Get AAA Session Actions
+if ($NSObjects."tm sessionPolicy") {
+    foreach ($policy in $NSObjects."tm sessionPolicy") {
+        addNSObject "tm sessionAction" (getNSObjects ($config -match " $policy ") "tm sessionAction")
+    }
+}
+
+
+# Get KCD Accounts from AAA Session Actions
+if ($NSObjects."tm sessionAction") {
+    foreach ($profile in $NSObjects."tm sessionAction") {
+        addNSObject "aaa kcdAccount" (getNSObjects ($config -match "tm sessionAction $profile ") "aaa kcdAccount" "-kcdAccount")
+    }
+}
+
+
+# Get Appflow Policies from Global Appflow Bindings
+addNSObject "appflow policy" (getNSObjects ($config -match "bind appflow global ") "appflow policy")
+addNSObject "appflow policylabel" (getNSObjects ($config -match "bind appflow global ") "appflow policylabel")
+
+
+# Get Appflow Policies from Appflow Policy Labels
+if ($NSObjects."appflow policylabel") {
+    foreach ($policy in $NSObjects."appflow policylabel") {
+        addNSObject "appflow Policy" (getNSObjects ($config -match " $policy ") "appflow Policy")
+    }
+}
+
+
+# Get Appflow Actions from AppFlow Policies
+# Get AppFlow Global Settings
+if ($NSObjects."appflow policy") {
+    foreach ($policy in $NSObjects."appflow policy") {
+        addNSObject "appflow action" (getNSObjects ($config -match " $policy ") "appflow action")
+    }
+    # Get AppFlow Collector
+    if ($NSObjects."appflow action") {
+        foreach ($action in $NSObjects."appflow action") {
+            addNSObject "appflow collector" (getNSObjects ($config -match " $action ") "appflow collector" "-collectors")
+        }
+    }
+    if ($config -match "enable ns feature.* appflow") {
+        $NSObjects."appflow param" = @("enable ns feature appflow")
+    } else {
+        $NSObjects."appflow param" = @("# *** AppFlow feature is not enabled")
+    }
+    addNSObject "appflow param" ($config -match "set appflow param ")
+    addNSObject "appflow global" ($config -match "bind appflow global ") "appflow global"
+}
+
+
+# Get AppQoE Actions from AppQoE Policies
+# Get AppQoE Global Settings
+if ($NSObjects."appqoe policy") {
+    foreach ($policy in $NSObjects."appqoe policy") {
+        addNSObject "appqoe action" (getNSObjects ($config -match " $policy ") "appqoe action")
+    }
+    if ($config -match "enable ns feature.* appqoe") {
+        $NSObjects."appqoe parameter" = @("enable ns feature appqoe")
+    } else {
+        $NSObjects."appqoe parameter" = @("# *** AppQoE feature is not enabled")
+    }
+    addNSObject "appqoe parameter" ($config -match "appqoe parameter") "appqoe parameter"
+    addNSObject "appqoe parameter" ($config -match "set qos parameters") "appqoe parameter"
+}
+
+
+# Get AppFW Policies from Global AppFW Bindings
+addNSObject "appfw policy" (getNSObjects ($config -match "bind appfw global ") "appfw Policy")
+addNSObject "appfw policylabel" (getNSObjects ($config -match "bind appfw global ") "appfw policylabel")
+
+
+# Get AppFW Policies from AppFW Policy Labels
+if ($NSObjects."appfw policylabel") {
+    foreach ($policy in $NSObjects."appfw policylabel") {
+        addNSObject "appfw policy" (getNSObjects ($config -match " $policy ") "appfw policy")
+    }
+}
+
+
+# Get AppFW Profiles from AppFW Policies
+if ($NSObjects."appfw policy") {
+    foreach ($policy in $NSObjects."appfw policy") {
+        addNSObject "appfw profile" (getNSObjects ($config -match "appfw policy $policy ") "appfw profile")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "appfw policy $policy") "audit messageaction" "-logAction")
+
+    }
+    if ($config -match "enable ns feature.* appfw") {
+        $NSObjects."appfw parameter" = @("enable ns feature appfw")
+    } else {
+        $NSObjects."appfw parameter" = @("# *** AppFW feature is not enabled")
+    }
+    addNSObject "appfw parameter" ($config -match "set appfw settings") "appfw parameter"
+    addNSObject "appfw global" ($config -match "bind appfw global ") "appfw global"
+}
+
+
+# Get Bot Policies from Global Bot Bindings
+addNSObject "bot policy" (getNSObjects ($config -match "bind bot global ") "bot Policy")
+addNSObject "bot policylabel" (getNSObjects ($config -match "bind bot global ") "bot policylabel")
+
+
+# Get Bot Policies from Bot Policy Labels
+if ($NSObjects."bot policylabel") {
+    foreach ($policy in $NSObjects."bot policylabel") {
+        addNSObject "bot policy" (getNSObjects ($config -match " $policy ") "bot policy")
+    }
+}
+
+
+# Get Bot Profiles from Bot Policies
+if ($NSObjects."bot policy") {
+    foreach ($policy in $NSObjects."bot policy") {
+        addNSObject "bot profile" (getNSObjects ($config -match "bot policy $policy ") "bot profile")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "bot policy $policy") "audit messageaction" "-logAction")
+
+    }
+    if ($config -match "enable ns feature.* Bot") {
+        $NSObjects."bot parameter" = @("enable ns feature Bot")
+    } else {
+        $NSObjects."bot parameter" = @("# *** Bot Management feature is not enabled")
+    }
+    addNSObject "bot parameter" ($config -match "set appfw settings") "bot parameter"
+    addNSObject "bot global" ($config -match "bind appfw global ") "bot global"
+}
+
+
+# Get Login Schemas from Login Schema Policies
+if ($NSObjects."authentication loginSchemaPolicy") {
+    foreach ($policy in $NSObjects."authentication loginSchemaPolicy") {
+        addNSObject "authentication loginSchema" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy ") "authentication loginSchema")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy") "audit messageaction" "-logAction")
+
+    }
+}
+
+
+# Get KCD Accounts from Database Profiles
+if ($NSObjects."db dbProfile") {
+    foreach ($profile in $NSObjects."db dbProfile") {
+        addNSObject "aaa kcdAccount" (getNSObjects ($config -match " db dbProfile $profile ") "aaa kcdAccount")
+    }
+}
+
+
+# Get Transform Policies from Global Transform Bindings
+addNSObject "transform policy" (getNSObjects ($config -match "bind transform global ") "transform policy")
+addNSObject "transform policylabel" (getNSObjects ($config -match "bind transform global ") "transform policylabel")
+
+
+# Get Transform Policies from Transform Policy Labels
+if ($NSObjects."transform policylabel") {
+    foreach ($policy in $NSObjects."transform policylabel") {
+        addNSObject "transform policy" (getNSObjects ($config -match " $policy ") "transform policy")
+    }
+}
+
+
+# Get Transform Actions and Profiles from Transform Policies
+if ($NSObjects."transform policy") {
+    foreach ($policy in $NSObjects."transform policy") {
+        addNSObject "transform action" (getNSObjects ($config -match " transform policy $policy ") "transform action")
+        addNSObject "audit messageaction" (getNSObjects ($config -match "transform policy $policy") "audit messageaction" "-logAction")
+    }
+    foreach ($action in $NSObjects."transform action") {
+        addNSObject "transform profile" (getNSObjects ($config -match " transform action $action ") "transform profile")
+    }
+    addNSObject "transform global" ($config -match "bind transform global ") "transform global"
+}
+
+
+# If FEO feature is enabled, get global FEO settings
+addNSObject "feo policy" (getNSObjects ($config -match "bind feo global ") "feo Policy")
+
+
+# Get FEO Actions from FEO Policies
+# Get FEO Global Settings
+if ($NSObjects."feo policy") {
+    foreach ($policy in $NSObjects."feo policy") {
+        addNSObject "feo action" (getNSObjects ($config -match " feo policy $policy ") "feo action")
+    }
+    if ($config -match "enable ns feature.* feo") {
+        $NSObjects."feo parameter" = @("enable ns feature feo")
+    } else {
+        $NSObjects."feo parameter" = @("# feo feature is not enabled")
+    }
+    addNSObject "feo parameter" ($config -match "set feo param ") "feo parameter"
+    addNSObject "feo global" ($config -match "bind feo global ") "feo global"
+}
+
+
+# Get Spillover Actions from Spillover Policies
+if ($NSObjects."spillover policy") {
+    foreach ($policy in $NSObjects."spillover policy") {
+        addNSObject "spillover action" (getNSObjects ($config -match " spillover policy $policy ") "spillover action")
+    }
+}
+
+
+
+# Get Audit Syslog Actions from Audit Syslog Policies
+if ($NSObjects."audit syslogpolicy") {
+    foreach ($policy in $NSObjects."audit syslogpolicy") {
+        addNSObject "audit syslogaction" (getNSObjects ($config -match " audit syslogpolicy $policy ") "audit syslogaction")
+    }
+    addNSObject "audit syslogactionglobal" ($config -match "audit syslogParams ") "audit syslogactionglobal"
+    addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit syslogactionglobal"
+    addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogGlobal ") "audit syslogactionglobal"
+}
+
+
+# Get Audit Nslog Policies from Global Audit Nslog Bindings
+addNSObject "audit nslogpolicy" (getNSObjects ($config -match "bind audit nslogglobal ") "audit nslogpolicy")
+
+
+# Get Audit Nslog Actions from Audit Nslog Policies
+if ($NSObjects."audit nslogpolicy") {
+    foreach ($policy in $NSObjects."audit nslogpolicy") {
+        addNSObject "audit nslogaction" (getNSObjects ($config -match " audit nslogpolicy $policy ") "audit nslogaction")
+    }
+    addNSObject "audit nslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit nslogactionglobal"
+}
+
+
+# Get SSL Policies from Global SSL Bindings
+addNSObject "ssl policy" (getNSObjects ($config -match "bind ssl global ") "ssl policy")
+addNSObject "ssl policylabel" (getNSObjects ($config -match "bind ssl global ") "ssl policylabel")
+
+
+# Get SSL Policies from SSL Policy Labels
+if ($NSObjects."ssl policylabel") {
+    foreach ($policy in $NSObjects."ssl policylabel") {
+        addNSObject "ssl policy" (getNSObjects ($config -match " $policy ") "ssl policy")
+    }
+}
+
+
+# Get SSL Actions from SSL Policies
+if ($NSObjects."ssl policy") {
+    foreach ($ssl in $NSObjects."ssl policy") {
+        addNSObject "ssl action" (getNSObjects ($config -match " $ssl ") "ssl action")
+    }
+    addNSObject "ssl global" ($config -match "bind ssl global ") "ssl global"
+}
+
+
+# Get SSL Log Profiles from SSL Actions
+if ($NSObjects."ssl action") {
+    foreach ($ssl in $NSObjects."ssl action") {
+        addNSObject "ssl logprofile" (getNSObjects ($config -match " $ssl ") "ssl logprofile" "-ssllogprofile")
+    }
+}
+
+
+# Get SSL Global Settings
+if ($config -match "enable ns feature.* ssl") {
+    $NSObjects."ssl parameter" = @("enable ns feature ssl")
+} else {
+    $NSObjects."ssl parameter" = @("# ssl feature is not enabled")
+}
+addNSObject "ssl parameter" ($config -match "set ssl parameter") "ssl parameter"
+addNSObject "ssl parameter" ($config -match "set ssl fips") "ssl parameter"
+addNSObject "ssl parameter" ($config -match "set ssl profile ns_default_ssl_profile_backend") "ssl parameter"
+
+
+# Get Ciphers from SSL profiles
+if ($NSObjects."ssl profile") {
+    foreach ($ssl in $NSObjects."ssl profile") {
+        addNSObject "ssl cipher" (getNSObjects ($config -match "bind ssl profile $ssl ") "ssl cipher" "-cipherName")
+    }
+}
+
+# Get Global Policy Parameters
+addNSObject "policy param" ($config -match "set policy param") "policy param"
+
+
+# Get ACLs and RNAT
+addNSObject "ns acl" ($config -match "ns acl") "ns acl"
+addNSObject "ns acl" ($config -match "ns simpleacl") "ns acl"
+addNSObject "rnat" (getNSObjects ($config -match "rnat ") "rnat")
+
+
+# Get Limit Selectors from Limit Identifiers
+if ($NSObjects."ns limitIdentifier") {
+    foreach ($identifier in $NSObjects."ns limitIdentifier") {
+        addNSObject "ns limitSelector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "ns limitSelector" "-selectorName")
+        addNSObject "stream selector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "stream selector")
+    }
+}
+
+
+# Get Stream Selectors from Stream Identifiers
+if ($NSObjects."stream identifier") {
+    foreach ($identifier in $NSObjects."ns limitIdentifier") {
+        addNSObject "ns limitSelector" (getNSObjects ($config -match "stream identifier $identifier ") "ns limitSelector")
+        addNSObject "stream selector" (getNSObjects ($config -match "stream identifier $identifier ") "stream selector")
+    }
+}
+
+
+# Output Extracted Config
+
+
+#cls
+"`nExtracted Objects"
+$NSObjects.GetEnumerator() | sort-object -Property Name
+
+write-host "`nBuilding Config...`n
+"
+if ($outputFile -and ($outputFile -ne "screen")) {
+    "# Extracted Config for: " + ($vservers -join ", ") + "`n`n" | out-file $outputFile
+} else {
+    "# Extracted Config for: " + ($vservers -join ", ") + "`n`n"
+}
+
+
+# System Settings
+if ($NSObjects."ns config" ) { outputObjectConfig "NSIP" "ns config" "raw"}
+if ($NSObjects."ns hostName" ) { outputObjectConfig "Hostname" "ns hostName" "raw"}
+if ($NSObjects."ha node" ) { outputObjectConfig "High Availability Nodes" "HA node" "raw"}
+if ($NSObjects."ha rpcNode" ) { outputObjectConfig "High Availability RPC Nodes" "ha rpcNode" "ns rpcNode"}
+if ($NSObjects."ns feature" ) { outputObjectConfig "Enabled Features" "ns feature" "raw"}
+if ($NSObjects."ns mode" ) { outputObjectConfig "Enabled Modes" "ns mode" "raw"}
+if ($NSObjects."system parameter" ) { outputObjectConfig "CEIP" "system parameter" "raw"}
+if ($NSObjects."ns encryptionParams" ) { outputObjectConfig "System Encryption Parameters" "ns encryptionParams" "raw"}
+if ($NSObjects."system user" ) { outputObjectConfig "System Users" "system user"}
+if ($NSObjects."system group" ) { outputObjectConfig "System Groups" "system group"}
+if ($NSObjects."interface" ) { outputObjectConfig "Interfaces" "interface" "raw"}
+if ($NSObjects."channel" ) { outputObjectConfig "Channels" "channel" "raw"}
+if ($NSObjects."ns ip" ) { outputObjectConfig "IP Addresses" "ns ip"}
+if ($NSObjects."vlan" ) { outputObjectConfig "VLANs" "vlan"}
+if ($NSObjects."vrid" ) { outputObjectConfig "VMACs" "vrid"}
+if ($NSObjects."ns partition" ) { outputObjectConfig "Partitions" "ns partition" -explainText "Partition configs are in /nsconfig/partitions" }
+if ($NSObjects."ns pbr" ) { outputObjectConfig "Policy Based Routes (PBRs)" "ns pbr" "raw"}
+if ($NSObjects."route" ) { outputObjectConfig "Routes" "route" "raw"}
+if ($NSObjects."mgmt ssl service" ) { outputObjectConfig "Internal Management Services SSL Settings" "mgmt ssl service" "ssl service"}
+if ($NSObjects."snmp trap" ) { outputObjectConfig "SNMP Traps" "snmp trap" "raw"}
+if ($NSObjects."snmp community" ) { outputObjectConfig "SNMP Communities" "snmp community" "raw"}
+if ($NSObjects."snmp manager" ) { outputObjectConfig "SNMP Managers" "snmp manager" "raw"}
+if ($NSObjects."snmp alarm" ) { outputObjectConfig "SNMP Alarms" "snmp alarm" "raw"}
+
+
+# Policy Expression Components and Profiles Output
+if ($NSObjects."ns acl" ) { outputObjectConfig "Global ACLs" "ns acl" "raw" }
+if ($NSObjects."rnat" ) { outputObjectConfig "Global RNAT" "rnat" }
+if ($NSObjects."ns variable" ) { outputObjectConfig "Variables" "ns variable" }
+if ($NSObjects."ns assignment" ) { outputObjectConfig "Variable Assignments" "ns assignment" }
+if ($NSObjects."ns limitSelector" ) { outputObjectConfig "Rate Limiting Selectors" "ns limitSelector" }
+if ($NSObjects."ns limitIdentifier" ) { outputObjectConfig "Rate Limiting Identifiers" "ns limitIdentifier" }
+if ($NSObjects."stream selector" ) { outputObjectConfig "Action Analytics Selectors" "stream selector" }
+if ($NSObjects."stream identifier" ) { outputObjectConfig "Action Analytics Identifiers" "stream identifier" }
+if ($NSObjects."policy param" ) { outputObjectConfig "Policy Global Params" "policy param" "raw" }
+if ($NSObjects."policy patset" ) { outputObjectConfig "Policy Pattern Sets" "policy patset" }
+if ($NSObjects."policy dataset" ) { outputObjectConfig "Policy Data Sets" "policy dataset" }
+if ($NSObjects."policy map" ) { outputObjectConfig "Policy Maps" "policy map" }
+if ($NSObjects."policy stringmap" ) { outputObjectConfig "Policy String Maps" "policy stringmap" }
+if ($NSObjects."policy urlset" ) { outputObjectConfig "Policy URL Sets" "policy urlset" }
+if ($NSObjects."policy httpCallout" ) { outputObjectConfig "HTTP Callouts" "policy httpCallout" }
+if ($NSObjects."policy expression" ) { outputObjectConfig "Policy Expressions" "policy expression" }
+if ($NSObjects."dns addRec" ) { outputObjectConfig "DNS Address Records" "dns addRec" }
+if ($NSObjects."dns nsRec" ) { outputObjectConfig "DNS Name Server Records" "dns nsRec"}
+if ($NSObjects."dns cnameRec" ) { outputObjectConfig "DNS CNAME Records" "dns cnameRec"}
+if ($NSObjects."dns soaRec" ) { outputObjectConfig "DNS SOA Records" "dns soaRec"}
+if ($NSObjects."ns tcpProfile" ) { outputObjectConfig "TCP Profiles" "ns tcpProfile" }
+if ($NSObjects."ns httpProfile" ) { outputObjectConfig "HTTP Profiles" "ns httpProfile" }
+if ($NSObjects."db dbProfile" ) { outputObjectConfig "Database Profiles" "db dbProfile" }
+if ($NSObjects."netProfile" ) { outputObjectConfig "Net Profiles" "netProfile" }
+if ($NSObjects."ns trafficDomain" ) { outputObjectConfig "Traffic Domains" "ns trafficDomain" }
+if ($NSObjects."ipset" ) { outputObjectConfig "IP Sets" "ipset" }
+if ($NSObjects."analytics profile" ) { outputObjectConfig "Analytics Profiles" "analytics profile" }
+if ($NSObjects."audit messageaction" ) { outputObjectConfig "Log Messages" "audit messageaction" }
+
+
+# Policies Output
+if ($NSObjects."appflow param" ) { outputObjectConfig "Appflow Global Params" "appflow param" "raw" }
+if ($NSObjects."appflow collector" ) { outputObjectConfig "Appflow Collectors" "appflow collector" }
+if ($NSObjects."appflow action" ) { outputObjectConfig "Appflow Actions" "appflow action" }
+if ($NSObjects."appflow policy" ) { outputObjectConfig "Appflow Policies" "appflow policy" }
+if ($NSObjects."appflow policylabel" ) { outputObjectConfig "Appflow Policy Labels" "appflow policylabel" }
+if ($NSObjects."appflow global" ) { outputObjectConfig "Appflow Global Bindings" "appflow global" "raw" }
+
+if ($NSObjects."rewrite param" ) { outputObjectConfig "Rewrite Global Parameters" "rewrite param" "raw" }
+if ($NSObjects."rewrite action" ) { outputObjectConfig "Rewrite Actions" "rewrite action" }
+if ($NSObjects."rewrite policy" ) { outputObjectConfig "Rewrite Policies" "rewrite policy" }
+if ($NSObjects."rewrite policylabel" ) { outputObjectConfig "Rewrite Policy Labels" "rewrite policylabel" }
+if ($NSObjects."rewrite global" ) { outputObjectConfig "Rewrite Global Bindings" "rewrite global" "raw" }
+
+if ($NSObjects."responder param" ) { outputObjectConfig "Responder Global Parameters" "responder param" "raw" }
+if ($NSObjects."responder action" ) { outputObjectConfig "Responder Actions" "responder action" }
+if ($NSObjects."responder policy" ) { outputObjectConfig "Responder Policies" "responder policy" }
+if ($NSObjects."responder policylabel" ) { outputObjectConfig "Responder Policy Labels" "responder policylabel" }
+if ($NSObjects."responder global" ) { outputObjectConfig "Responder Global Bindings" "responder global" "raw" }
+
+if ($NSObjects."appqoe parameter" ) { outputObjectConfig "AppQoE Global Parameters" "appqoe parameter" "raw"}
+if ($NSObjects."appqoe action" ) { outputObjectConfig "AppQoE Actions" "appqoe action" }
+if ($NSObjects."appqoe policy" ) { outputObjectConfig "AppQoE Policies" "appqoe policy" }
+
+if ($NSObjects."feo parameter" ) { outputObjectConfig "Front-End Optimization Global Parameters" "feo parameter" "raw"}
+if ($NSObjects."feo action" ) { outputObjectConfig "Front-End Optimization Actions" "feo action" }
+if ($NSObjects."feo policy" ) { outputObjectConfig "Front-End Optimization Policies" "feo policy" }
+if ($NSObjects."feo global" ) { outputObjectConfig "Front-End Optimization Global Bindings" "feo global" }
+
+if ($NSObjects."cache parameter" ) { outputObjectConfig "Cache Global Parameters" "cache parameter" "raw" }
+if ($NSObjects."cache selector" ) { outputObjectConfig "Cache Selectors" "cache selector" }
+if ($NSObjects."cache contentGroup" ) { outputObjectConfig "Cache Content Groups" "cache contentGroup" }
+if ($NSObjects."cache policy" ) { outputObjectConfig "Cache Policies" "cache policy" }
+if ($NSObjects."cache policylabel" ) { outputObjectConfig "Cache Policy Labels" "cache policylabel" }
+if ($NSObjects."cache global" ) { outputObjectConfig "Cache Global Bindings" "cache global" "raw" }
+
+if ($NSObjects."cmp parameter" ) { outputObjectConfig "Compression Global Parameters" "cmp parameter" "raw" }
+if ($NSObjects."cmp policy" ) { outputObjectConfig "Compression Policies" "cmp policy" }
+if ($NSObjects."cmp policylabel" ) { outputObjectConfig "Compression Policy Labels" "cmp policylabel" }
+if ($NSObjects."cmp global" ) { outputObjectConfig "Compression Global Bindings" "cmp global" "raw" }
+
+if ($NSObjects."appfw parameter" ) { outputObjectConfig "AppFW Global Settings" "appfw parameter" "raw" }
+if ($NSObjects."appfw profile" ) { outputObjectConfig "AppFW Profiles" "appfw profile" `
+    -explainText ("Some portions of AppFw Profile are not in the config file.`nManually export/import Signatures Object" + `
+    "`nManually export/import the AppFW Import Objects (e.g. HTML Error, XML Schema)") }
+if ($NSObjects."appfw policy" ) { outputObjectConfig "AppFW Policies" "appfw policy" }
+if ($NSObjects."appfw policylabel" ) { outputObjectConfig "AppFW Policy Labels" "appfw policylabel" }
+if ($NSObjects."appfw global" ) { outputObjectConfig "AppFW Global Bindings" "appfw global" "raw" }
+
+if ($NSObjects."bot parameter" ) { outputObjectConfig "Bot Management Global Settings" "bot parameter" "raw" }
+if ($NSObjects."bot profile" ) { outputObjectConfig "Bot Management Profiles" "bot profile" `
+    -explainText ("Some portions of Bot Profiles are not in the config file.`nManually export/import Signatures Object") }
+if ($NSObjects."bot policy" ) { outputObjectConfig "Bot Management Policies" "bot policy" }
+if ($NSObjects."bot policylabel" ) { outputObjectConfig "Bot Management Policy Labels" "bot policylabel" }
+if ($NSObjects."bot global" ) { outputObjectConfig "Bot Management Global Bindings" "bot global" "raw" }
+
+if ($NSObjects."transform profile" ) { outputObjectConfig "Transform Profiles" "transform profile" }
+if ($NSObjects."transform action" ) { outputObjectConfig "Transform Actions" "transform action" }
+if ($NSObjects."transform policy" ) { outputObjectConfig "Transform Policies" "transform policy" }
+if ($NSObjects."transform policylabel" ) { outputObjectConfig "Transform Policy Labels" "transform policylabel" }
+if ($NSObjects."transform global" ) { outputObjectConfig "Transform Global Bindings" "transform global" "raw" }
+
+if ($NSObjects."filter action" ) { outputObjectConfig "Filter Actions" "filter action" }
+if ($NSObjects."filter policy" ) { outputObjectConfig "Filter Policies" "filter policy" }
+if ($NSObjects."filter global" ) { outputObjectConfig "Filter Global Bindings" "filter global" "raw" }
+
+if ($NSObjects."audit syslogaction" ) { outputObjectConfig "Audit Syslog Actions" "audit syslogaction" }
+if ($NSObjects."audit syslogpolicy" ) { outputObjectConfig "Audit Syslog Policies" "audit syslogpolicy" }
+
+if ($NSObjects."audit nslogaction" ) { outputObjectConfig "Audit NSLog Actions" "audit nslogaction" }
+if ($NSObjects."audit nslogpolicy" ) { outputObjectConfig "Audit NSLog Policies" "audit nslogpolicy" }
+
+if ($NSObjects."audit syslogactionglobal" ) { outputObjectConfig "Global Audit Syslog Bindings" "audit syslogactionglobal" "raw" }
+
+
+# SSL Output
+if ($NSObjects."ssl parameter" ) { outputObjectConfig "SSL Global Parameters" "ssl parameter" "raw" }
+if ($NSObjects."ssl cipher" ) { outputObjectConfig "SSL Cipher Groups" "ssl cipher" }
+if ($NSObjects."ssl fipsKey" ) { outputObjectConfig "SSL FIPS Keys" "ssl fipsKey" }
+if ($NSObjects."ssl cert" ) { outputObjectConfig "Certs" "ssl cert" "raw" `
+    -explainText "Get certificate files from /nsconfig/ssl" }
+if ($NSObjects."ssl link" ) { outputObjectConfig "Cert Links" "ssl link" "raw" }
+if ($NSObjects."ssl profile" ) { outputObjectConfig "SSL Profiles" "ssl profile" }
+if ($NSObjects."ssl logprofile" ) { outputObjectConfig "SSL Log Profiles" "ssl logprofile" }
+if ($NSObjects."ssl action" ) { outputObjectConfig "SSL Actions" "ssl action" }
+if ($NSObjects."ssl policy" ) { outputObjectConfig "SSL Policies" "ssl policy" }
+
+
+# AAA Output
+if ($NSObjects."vpn portaltheme" ) { outputObjectConfig "Portal Themes" "vpn portaltheme" `
+    -explainText "Portal Theme customizations are not in the NetScaler config file and instead are stored in /var/netscaler/logon/themes/{ThemeName}" }
+if ($NSObjects."authentication param" ) { outputObjectConfig "AAA Global Settings" "authentication param" "raw" }
+if ($NSObjects."authorization policy" ) { outputObjectConfig "Authorization Policies" "authorization policy" }
+if ($NSObjects."authorization policylabel" ) { outputObjectConfig "Authorization Policies" "authorization policylabel" }
+if ($NSObjects."authentication pushService" ) { outputObjectConfig "OTP Push Service" "authentication pushService" }
+if ($NSObjects."aaa kcdAccount" ) { outputObjectConfig "KCD Accounts" "aaa kcdAccount" }
+if ($NSObjects."authentication ldapAction" ) { outputObjectConfig "LDAP Actions" "authentication ldapAction" `
+	-explainText "LDAP certificate verification Root certificates are in /nsconfig/truststore" }
+if ($NSObjects."authentication ldapPolicy" ) { outputObjectConfig "LDAP Policies" "authentication ldapPolicy" }
+if ($NSObjects."authentication radiusAction" ) { outputObjectConfig "RADIUS Actions" "authentication radiusAction" }
+if ($NSObjects."authentication radiusPolicy" ) { outputObjectConfig "RADIUS Policies" "authentication radiusPolicy" }
+if ($NSObjects."authentication OAuthAction" ) { outputObjectConfig "OAuth Actions" "authentication OAuthAction" }
+if ($NSObjects."authentication samlAction" ) { outputObjectConfig "SAML Actions" "authentication samlAction" }
+if ($NSObjects."authentication samlIdPProfile" ) { outputObjectConfig "SAML IdP Profiles" "authentication samlIdPProfile" }
+if ($NSObjects."authentication certAction" ) { outputObjectConfig "Cert Actions" "authentication certAction" }
+if ($NSObjects."authentication dfaAction" ) { outputObjectConfig "Delegaged Forms Authentication Actions" "authentication dfaAction" }
+if ($NSObjects."authentication epaAction" ) { outputObjectConfig "Endpoint Analysis Actions" "authentication epaAction" }
+if ($NSObjects."authentication negotiateAction" ) { outputObjectConfig "Negotiate (Kerberos) Actions" "authentication negotiateAction" }
+if ($NSObjects."authentication storefrontAuthAction" ) { outputObjectConfig "StorefrontAuth Actions" "authentication storefrontAuthAction" }
+if ($NSObjects."authentication tacacsAction" ) { outputObjectConfig "TACACS Actions" "authentication tacacsAction" }
+if ($NSObjects."authentication tacacsPolicy" ) { outputObjectConfig "TACACS Policies" "authentication tacacsPolicy" }
+if ($NSObjects."authentication localPolicy" ) { outputObjectConfig "Local Authentication Policies" "authentication localPolicy" }
+if ($NSObjects."authentication webAuthAction" ) { outputObjectConfig "Web Auth Actions" "authentication webAuthAction" }
+if ($NSObjects."authentication emailAction" ) { outputObjectConfig "Email (SSPR) Actions" "authentication emailAction" }
+if ($NSObjects."authentication noAuthAction" ) { outputObjectConfig "NoAuth Actions" "authentication noAuthAction" }
+if ($NSObjects."authentication captchaAction" ) { outputObjectConfig "Captcha Actions" "authentication captchaAction" }
+if ($NSObjects."authentication adfsProxyProfile" ) { outputObjectConfig "ADFS Proxy Profile" "authentication adfsProxyProfile" }
+if ($NSObjects."authentication samlPolicy" ) { outputObjectConfig "SAML Authentication Policies" "authentication samlPolicy" }
+if ($NSObjects."authentication policy" ) { outputObjectConfig "Advanced Authentication Policies" "authentication policy" }
+if ($NSObjects."authentication loginSchema" ) { outputObjectConfig "Login Schemas" "authentication loginSchema" }
+if ($NSObjects."authentication loginSchemaPolicy" ) { outputObjectConfig "Login Schema Policies" "authentication loginSchemaPolicy" }
+if ($NSObjects."authentication policylabel" ) { outputObjectConfig "Authentication Policy Labels" "authentication policylabel" }
+if ($NSObjects."tm sessionAction" ) { outputObjectConfig "AAA Session Profiles" "tm sessionAction" }
+if ($NSObjects."tm sessionPolicy" ) { outputObjectConfig "AAA Session Policies" "tm sessionPolicy" }
+if ($NSObjects."authentication vserver" ) { outputObjectConfig "Authentication Virtual Servers" "authentication vserver" }
+if ($NSObjects."authentication authnProfile" ) { outputObjectConfig "Authentication Profiles" "authentication authnProfile" }
+if ($NSObjects."tm formSSOAction" ) { outputObjectConfig "AAA Form SSO Profiles" "tm formSSOAction" }
+if ($NSObjects."tm samlSSOProfile" ) { outputObjectConfig "AAA SAML SSO Profiles" "tm samlSSOProfile" }
+if ($NSObjects."tm trafficAction" ) { outputObjectConfig "AAA Traffic Profiles" "tm trafficAction" }
+if ($NSObjects."tm trafficPolicy" ) { outputObjectConfig "AAA Traffic Policies" "tm trafficPolicy" }
+if ($NSObjects."tm global" ) { outputObjectConfig "AAA Global Bindings" "tm global" "raw" }
+
+# Load Balancing output
+if ($NSObjects."lb parameter" ) { outputObjectConfig "Load Balancing Global Parameters" "lb parameter" "raw" }
+if ($NSObjects."lb metricTable" ) { outputObjectConfig "Metric Tables" "lb metricTable" }
+if ($NSObjects."lb profile" ) { outputObjectConfig "Load Balancing Profiles" "lb profile" }
+if ($NSObjects."monitor" ) { outputObjectConfig "Monitors" "monitor" }
+if ($NSObjects."server" ) { outputObjectConfig "Servers" "server" }
+if ($NSObjects."service" ) { outputObjectConfig "Services" "service" }
+if ($NSObjects."serviceGroup" ) { outputObjectConfig "Service Groups" "serviceGroup" }
+if ($NSObjects."lb vserver" ) { outputObjectConfig "Load Balancing Virtual Servers" "lb vserver" }
+if ($NSObjects."lb group" ) { outputObjectConfig "Persistency Group" "lb group" }
+
+
+# Content Switching Output
+if ($NSObjects."cs parameter" ) { outputObjectConfig "Content Switching Parameters" "cs parameter" "raw" }
+if ($NSObjects."cs action" ) { outputObjectConfig "Content Switching Actions" "cs action" }
+if ($NSObjects."cs policy" ) { outputObjectConfig "Content Switching Policies" "cs policy" }
+if ($NSObjects."cs policylabel" ) { outputObjectConfig "Content Switching Policy Labels" "cs policylabel" }
+
+
+# Citrix Gateway Output
+if ($NSObjects."vpn intranetApplication" ) { outputObjectConfig "Citrix Gateway Intranet Applications" "vpn intranetApplication" }
+if ($NSObjects."aaa preauthenticationaction" ) { outputObjectConfig "Preauthentication Profiles" "aaa preauthenticationaction" }
+if ($NSObjects."aaa preauthenticationpolicy" ) { outputObjectConfig "Preauthentication Policies" "aaa preauthenticationpolicy" }
+if ($NSObjects."vpn eula" ) { outputObjectConfig "Citrix Gateway EULA" "vpn eula" }
+if ($NSObjects."vpn clientlessAccessProfile" ) { outputObjectConfig "Citrix Gateway Clientless Access Profiles" "vpn clientlessAccessProfile" }
+if ($NSObjects."vpn clientlessAccessPolicy" ) { outputObjectConfig "Citrix Gateway Clientless Access Policies" "vpn clientlessAccessPolicy" }
+if ($NSObjects."rdp clientprofile" ) { outputObjectConfig "Citrix Gateway RDP Profiles" "rdp clientprofile" }
+if ($NSObjects."vpn pcoipProfile" ) { outputObjectConfig "Citrix Gateway PCoIP Profiles" "vpn pcoipProfile" }
+if ($NSObjects."vpn pcoipVserverProfile" ) { outputObjectConfig "Citrix Gateway VServer PCoIP Profiles" "vpn pcoipVserverProfile" }
+if ($NSObjects."vpn formSSOAction" ) { outputObjectConfig "Citrix Gateway Form SSO Profiles" "vpn formSSOAction" }
+if ($NSObjects."vpn samlSSOProfile" ) { outputObjectConfig "Citrix Gateway SAML SSO Profiles" "vpn samlSSOProfile" }
+if ($NSObjects."vpn trafficAction" ) { outputObjectConfig "Citrix Gateway Traffic Profiles" "vpn trafficAction" }
+if ($NSObjects."vpn trafficPolicy" ) { outputObjectConfig "Citrix Gateway Traffic Policies" "vpn trafficPolicy" }
+if ($NSObjects."vpn alwaysONProfile" ) { outputObjectConfig "Citrix Gateway AlwaysON Profiles" "vpn alwaysONProfile" }
+if ($NSObjects."vpn sessionAction" ) { outputObjectConfig "Citrix Gateway Session Profiles" "vpn sessionAction" }
+if ($NSObjects."vpn sessionPolicy" ) { outputObjectConfig "Citrix Gateway Session Policies" "vpn sessionPolicy" }
+if ($NSObjects."ica accessprofile" ) { outputObjectConfig "Citrix Gateway SmartControl Access Profiles" "ica accessprofile" }
+if ($NSObjects."ica action" ) { outputObjectConfig "Citrix Gateway SmartControl Actions" "ica action" }
+if ($NSObjects."ica policy" ) { outputObjectConfig "Citrix Gateway SmartControl Policies" "ica policy" }
+if ($NSObjects."vpn url" ) { outputObjectConfig "Citrix Gateway Bookmarks" "vpn url" }
+if ($NSObjects."vpn parameter" ) { outputObjectConfig "Citrix Gateway Global Settings" "vpn parameter" "raw" }
+if ($NSObjects."clientless domains" ) { outputObjectConfig "Citrix Gateway Clientless Domains" "clientless domains" "raw" }
+if ($NSObjects."vpn nextHopServer" ) { outputObjectConfig "Citrix Gateway Next Hop Servers" "vpn nextHopServer" }
+if ($NSObjects."vpn vserver" ) { outputObjectConfig "Citrix Gateway Virtual Servers" "vpn vserver" }
+if ($NSObjects."vpn global" ) { outputObjectConfig "Citrix Gateway Global Bindings" "vpn global" "raw" }
+if ($NSObjects."aaa group" ) { outputObjectConfig "AAA Groups" "aaa group" }
+
+
+# GSLB Output
+if ($NSObjects."adns service" ) { outputObjectConfig "ADNS Services" "adns service" "raw" }
+if ($NSObjects."gslb site" ) { outputObjectConfig "GSLB Sites" "gslb site" }
+if ($NSObjects."ns rpcNode" ) { outputObjectConfig "GSLB RPC Nodes" "ns rpcNode" }
+if ($NSObjects."dns view" ) { outputObjectConfig "DNS Views" "dns view" }
+if ($NSObjects."dns action" ) { outputObjectConfig "DNS Actions" "dns action" }
+if ($NSObjects."dns policy" ) { outputObjectConfig "DNS Policies" "dns policy" }
+if ($NSObjects."dns global" ) { outputObjectConfig "DNS Global Bindings" "dns global" "raw"}
+if ($NSObjects."gslb location" ) { outputObjectConfig "GSLB Locations (Static Proximity)" "gslb location" "raw" }
+if ($NSObjects."gslb parameter" ) { outputObjectConfig "GSLB Parameters" "gslb parameter" "raw" }
+if ($NSObjects."gslb service" ) { outputObjectConfig "GSLB Services" "gslb service" }
+if ($NSObjects."gslb vserver" ) { outputObjectConfig "GSLB Virtual Servers" "gslb vserver" }
+
+if ($NSObjects."cr policy" ) { outputObjectConfig "Cache Redirection Policies" "cr policy" }
+if ($NSObjects."cr vserver" ) { outputObjectConfig "Cache Redirection Virtual Servers" "cr vserver" }
+
+if ($NSObjects."cs vserver" ) { outputObjectConfig "Content Switching Virtual Servers" "cs vserver" }
+
+if ($NSObjects."ssl vserver" ) { outputObjectConfig "SSL Virtual Servers" "ssl vserver" }
+
+# Global System Bindings - can't bind until objects are created
+if ($NSObjects."system global" ) { outputObjectConfig "System Global Bindings" "system global" "raw"}
+if ($NSObjects."dns nameServer" ) { outputObjectConfig "DNS Name Servers" "dns nameServer" }
+
+
+if ($outputFile -and ($outputFile -ne "screen")) {
+    # Convert file EOLs to UNIX format so file can be batch imported to NetScaler
+    $text = [IO.File]::ReadAllText($outputFile) -replace "`r`n", "`n"
+    [IO.File]::WriteAllText($outputFile, $text)
+}
+
+if ($textEditor -and ($outputFile -and ($outputFile -ne "screen"))) {    
+
+    # Open Text Editor
+
+    #if (Test-Path $textEditor -PathType Leaf){
+
+        write-host "`nOpening Output file `"$outputFile`" using `"$textEditor`" ..."
+
+        start-process -FilePath $textEditor -ArgumentList "`"$outputFile`""
+
+    <#} else { 
+        write-host "`nText Editor not found: `"$textEditor`"" 
+        write-host "`nCan't open output file: `"$outputFile`""
+    }#>
+
+}