Logon and Reconcile Account

jonnadulasudhakar commented 4 years ago

Thanks for helping in resolving my earlier problem. The script working as expected. However, I am not able to associate Logon and Reconcile Accounts.

Also, the account name is configured as "Operating System-PlatformID-Address-Username" Due to this, duplicate accounts will be created. Is it possible to customize the name IPAddress-Username or Hostname-Username?

Also, the update function is not updating the properties of LimitDomainAccessTo is not adding the values to an existing account.

PS C:\Temp> .\Untitled2.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -CsvPath .\test1.csv -update -Debug -Verbose -DisableSSLVerify -NoSafeCreation

=======================================

Welcome to Accounts Onboard Utility

WARNING: It is not Recommended to disable SSL verification

DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault

VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload

Getting PVWA Credentials to start Onboarding Accounts

VERBOSE: {

"password":  "Cyberark1",

"username":  "sudhakar"

}

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl

ication/json" -Body {

"password":  "****",

"username":  "sudhakar"

} -TimeoutSec 36000

VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload

VERBOSE: received 182-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: Njc4NmJkMTktYTYyMC00MzMwLThhYjAtNzY2YTE1NTBjZmVlOzU4MUY3REZCMjZBOTRBREQ7MDAwMDAwMDJFMzZBRjE0N0U1QTND

NjhENjM0MjBBM0NBRTc2NDFCMTFFMjI1N0U3RTc5MUNGNjhEQTQyMzA2RkNDMjA5QTNBMDAwMDAwMDA7

Starting to Onboard 1 accounts

4

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge

t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000

VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload

VERBOSE: received 180-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: @{GetSafeResult=}

Safe DC1-Prod-Win-Bucket exists

DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket

DEBUG: Returning URL Encode of pamwinread1 10.216.39.21

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi

nread1+10.216.39.21 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicat

ion/json" -TimeoutSec 36000

VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinread1+10.216.39.21

with 0-byte payload

VERBOSE: received 460-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}

Account pamwinread1 exist

DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket

DEBUG: Returning URL Encode of pamwinread1 10.216.39.21

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi

nread1+10.216.39.21 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicat

ion/json" -TimeoutSec 36000

VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinread1+10.216.39.21

with 0-byte payload

VERBOSE: received 460-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}

VERBOSE: Inspecting Account Property id

VERBOSE: Inspecting Account Property name

VERBOSE: Inspecting Account Property address

VERBOSE: Inspecting Account Property userName

VERBOSE: Inspecting Account Property platformId

VERBOSE: Inspecting Account Property safeName

VERBOSE: Inspecting Account Property secretType

VERBOSE: Inspecting Account Property platformAccountProperties

VERBOSE: Inspecting Account Property LogonDomain

VERBOSE: Inspecting Account Property Location

VERBOSE: Inspecting Account Property Hostname

VERBOSE: Inspecting Account Property Environment

VERBOSE: Inspecting Account Property secretManagement

VERBOSE: Inspecting Account Property automaticManagementEnabled

VERBOSE: Since Account Automatic management is on, removing the Manual management reason

VERBOSE: Inspecting Account Property lastModifiedTime

VERBOSE: Inspecting Account Property createdTime

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_90 -Method PATCH -Header System.Collections.Gene

ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [

{

    "op":  "remove",

    "path":  "/secretManagement/manualManagementReason",

    "value":  ""

}

] -TimeoutSec 36000

VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_90 with -1-byte payload

VERBOSE: received 438-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: @{id=51_90; name=Operating System-WinDomain-10.216.39.21-pamwinread1; address=10.216.39.21; userName

=pamwinread1; platformId=WinDomain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement

=; createdTime=1593072294}

Account properties Updated Successfully

[1/1] Updated pamwinread1@10.216.39.21 successfully.

Logoff Session...

VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.

Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000

VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload

VERBOSE: received 16-byte response of content type application/json; charset=utf-8

VERBOSE: Invoke-REST Response: @{LogoffUrl=}

Vaulted 1 out of 1 accounts successfully.

=======================================

LogoffUrl

PS C:\Temp> .\Untitled2.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -CsvPath .\test1.csv -update -Debug -Verbose -DisableSSLVerify -NoSafeCreation

=======================================

Welcome to Accounts Onboard Utility

WARNING: It is not Recommended to disable SSL verification

AssafMiron commented 4 years ago

Hello @jonnadulasudhakar ,

To be able to associate Logon and Reconcile Accounts see the Accounts Onboarding Utility README file - was updated a few days ago to include this information

To set the account name you can simply add to the CSV input file a column named 'name' and set there the name you want/need for the account

For the update function issue - could you please open a new issue and I will investigate there?

Thanks, Assaf

AssafMiron commented 4 years ago

One more comment, @jonnadulasudhakar By LimitDomainAccessTo do you mean "restrictmachineaccesstolist"? (accessRestrictedToRemoteMachines) If so, maybe you got the property name wrong

jonnadulasudhakar commented 4 years ago

Yes. The list is not updating if I use update command. However, can use the same file to create with restrictmachineaccesstolist

I will check other solutions you have provided: if you want me to open new case for this, I will raise .

Thank you sir

ramocha commented 4 years ago

Hello @jonnadulasudhakar ,

To be able to associate Logon and Reconcile Accounts see the Accounts Onboarding Utility README file - was updated a few days ago to include this information

To set the account name you can simply add to the CSV input file a column named 'name' and set there the name you want/need for the account

For the update function issue - could you please open a new issue and I will investigate there?

Thanks, Assaf

Hi,

can you upload this file? i have the same request.

Regards

AssafMiron commented 4 years ago

Hello @ramocha ,

You can take the latest script from here: https://github.com/cyberark/epv-api-scripts/blob/master/Account%20Onboard%20Utility/Accounts_Onboard_Utility.ps1 And view the Solution that is relevant for adding linked accounts here: https://cyberark-customers.force.com/s/article/Add-Reconcile-and-Login-Accounts-to-an-Account-using-V10-REST-API

If you have any issues, please reopen this issue thread or open a new issue

Thanks, Assaf

cyberark / epv-api-scripts

Logon and Reconcile Account #77