Closed jonnadulasudhakar closed 4 years ago
Hello @jonnadulasudhakar ,
To be able to associate Logon and Reconcile Accounts see the Accounts Onboarding Utility README file - was updated a few days ago to include this information
To set the account name you can simply add to the CSV input file a column named 'name' and set there the name you want/need for the account
For the update function issue - could you please open a new issue and I will investigate there?
Thanks, Assaf
One more comment, @jonnadulasudhakar By LimitDomainAccessTo do you mean "restrictmachineaccesstolist"? (accessRestrictedToRemoteMachines) If so, maybe you got the property name wrong
Yes. The list is not updating if I use update command. However, can use the same file to create with restrictmachineaccesstolist
I will check other solutions you have provided: if you want me to open new case for this, I will raise .
Thank you sir
Hello @jonnadulasudhakar ,
To be able to associate Logon and Reconcile Accounts see the Accounts Onboarding Utility README file - was updated a few days ago to include this information
To set the account name you can simply add to the CSV input file a column named 'name' and set there the name you want/need for the account
For the update function issue - could you please open a new issue and I will investigate there?
Thanks, Assaf
Hi,
can you upload this file? i have the same request.
Regards
Hello @ramocha ,
You can take the latest script from here: https://github.com/cyberark/epv-api-scripts/blob/master/Account%20Onboard%20Utility/Accounts_Onboard_Utility.ps1 And view the Solution that is relevant for adding linked accounts here: https://cyberark-customers.force.com/s/article/Add-Reconcile-and-Login-Accounts-to-an-Account-using-V10-REST-API
If you have any issues, please reopen this issue thread or open a new issue
Thanks, Assaf
Thanks for helping in resolving my earlier problem. The script working as expected. However, I am not able to associate Logon and Reconcile Accounts.
Also, the account name is configured as "Operating System-PlatformID-Address-Username" Due to this, duplicate accounts will be created. Is it possible to customize the name IPAddress-Username or Hostname-Username?
Also, the update function is not updating the properties of LimitDomainAccessTo is not adding the values to an existing account.
PS C:\Temp> .\Untitled2.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -CsvPath .\test1.csv -update -Debug -Verbose -DisableSSLVerify -NoSafeCreation
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: Njc4NmJkMTktYTYyMC00MzMwLThhYjAtNzY2YTE1NTBjZmVlOzU4MUY3REZCMjZBOTRBREQ7MDAwMDAwMDJFMzZBRjE0N0U1QTND
NjhENjM0MjBBM0NBRTc2NDFCMTFFMjI1N0U3RTc5MUNGNjhEQTQyMzA2RkNDMjA5QTNBMDAwMDAwMDA7
Starting to Onboard 1 accounts
4
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinread1 10.216.39.21
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nread1+10.216.39.21 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicat
ion/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinread1+10.216.39.21
with 0-byte payload
VERBOSE: received 460-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinread1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinread1 10.216.39.21
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nread1+10.216.39.21 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicat
ion/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinread1+10.216.39.21
with 0-byte payload
VERBOSE: received 460-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property LogonDomain
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is on, removing the Manual management reason
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_90 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_90 with -1-byte payload
VERBOSE: received 438-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_90; name=Operating System-WinDomain-10.216.39.21-pamwinread1; address=10.216.39.21; userName
=pamwinread1; platformId=WinDomain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement
=; createdTime=1593072294}
Account properties Updated Successfully
[1/1] Updated pamwinread1@10.216.39.21 successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp> .\Untitled2.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -CsvPath .\test1.csv -update -Debug -Verbose -DisableSSLVerify -NoSafeCreation
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification