Closed jonnadulasudhakar closed 4 years ago
AssafMiron
commented
4 years ago Thanks for the very detailed issue report @jonnadulasudhakar It helped me a lot finding the issue and I think I fixed it I updated the script and would be great if you could check the new update with all the above scenarios you detailed
Thanks, Assaf
jonnadulasudhakar
commented
4 years ago Thanks for helping with the problem. Here are the updates:
Script need to update on Line 977 got extra ) need to remove
If($sProp.Name -in ("remotemachineaddresses","restrictmachineaccesstolist", "remoteMachines", "accessRestrictedToRemoteMachines"**_)))_**After changing as below, able to execute the script but failed all 3 scenarios.
If($sProp.Name -in ("remotemachineaddresses","restrictmachineaccesstolist", "remoteMachines", "accessRestrictedToRemoteMachines"))The earlier script is able to update if we have a dummy value (Scenario 3). After modification getting the below error message for all 3 scenarios and not updating the account. The old script is able to update scenario 3 but the new script is not. included the CSV file for reference. Please advise.
PS C:\Temp> .\Accounts_Onboard_Utilityv1.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -DisableSSLVerify -CsvPath .\test4.csv -NoSafeCreation -Update -Verbose -Debug
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType
"application/json" -Body {
"password": "****",
"username": "sudhakar"} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: MmYxMzgzODktYzAwNC00MzI4LWIwYWEtYmYzY2NjNmM5NjM1OzI4MjYwQjU1RDJDODM4MUQ7MDAwMDAwMDJBREI1NTJGNj
Y1QkE2Mjg1OEQzNTFBNDZCMTJCRjgzQTg2QjJBQkE2QkQwMkE4OEU4OEM0MjUxQ0VEODYzNERFMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Met
hod Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Timeout
Sec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search
=pamwinadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType
"application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.0
7.07 with 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search
=pamwinadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType
"application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.0
7.07 with 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1
584959645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Property secret value to: ''
VERBOSE: Updating Account Property remoteMachinesAccess value to: '@{remoteMachines=FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com; accessRestrictedToRemoteMachines=True}'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collection
s.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/platformAccountProperties/secret",
"value": ""
},
{
"op": "replace",
"path": "/platformAccountProperties/remoteMachinesAccess",
"value": {
"remoteMachines": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinance.com\nFINAPP06.exFinance.com",
"accessRestrictedToRemoteMachines": true
}
}] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
Error Message: {"ErrorCode":"PASWS164E","ErrorMessage":"Invalid Input Request. Reason: The target location specified by path
segment 'secret' was not found."}
Exception Message: The remote server returned an error: (400) Bad Request.
Status Code: 400
Status Description: Bad Request
VERBOSE: Invoke-REST Response:
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Ge
neric.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 0 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp>
AssafMiron
commented
4 years ago Thanks for the comment and test @jonnadulasudhakar I have fixed the issue with the extra bracket and gave another shot at the update method
jonnadulasudhakar
commented
4 years ago Thanks for the update. Now, the errors are cleared. but the limit domain access to not updated.
PS C:\Temp> .\Accounts_Onboard_Utility.V2.PS1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -DisableSSLVerify -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: MTM1NTE3ZGEtZGI0OS00MDE5LWFiYjktN2YxOTBjYzFkNzU5O0M1OEZGRTBBQkJDRTJDREI7MDAwMDAwMDI4MjUyNEIzMTBCRDEx
Njg2QkYzMEQ4NTZERDFBM0M4RTQyNTIxQ0E5RDA2MDAwNDJBMTNDOTk5RTc3M0YwMjEwMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
}] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 426-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; createdTime=1584959645}
Account properties Updated Successfully
[1/1] Updated pamwinadm1@07.07.07.07 successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp>
AssafMiron
commented
4 years ago Thanks for the swift check @jonnadulasudhakar Hope this update will fix the issue
jonnadulasudhakar
commented
4 years ago Thanks for swift response. The udpated script is giving error 500
PS C:\Temp> .\Accounts_Onboard_Utility.V3.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: OTlmOTNhNDctZGNhYy00MmI1LWFhZDMtMGRiZDkyZmU3NzM2OzA1NzY5OUVGMEVENjMyRDg7MDAwMDAwMDJDMDY1RjIwNEY4RjYw
QzNBQzU4MkRCRjhFNjE2MDU3MDE4MTNFMjJDRURFRTdBQkY3Rjc2RTBCREI0NEMxRkQxMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": null,
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinance.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": null,
"value": true
}] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"Object reference not set to an instance of an object."}
Exception Message: The remote server returned an error: (500) Internal Server Error.
Status Code: 500
Status Description: Internal Server Error
VERBOSE: Invoke-REST Response:
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 0 out of 1 accounts successfully.
=======================================
LogoffUrl
Please check and advise.
AssafMiron
commented
4 years ago Thanks @jonnadulasudhakar for the swift testings I found a parameter name that was wrong - sorry for the inconvenience
jonnadulasudhakar
commented
4 years ago Thanks a lotttttt @AssafMiron. Now the script is working as expected. I am happy to help in doing testing as many times as required. Now i am able to update with limitto domain access to field. i have tested twice and it is working as expected. Thanks once again @AssafMiron . Sorry if i trouble you by keep sending msgs.
here are the logs and we can close the case:
PS C:\Temp> .\Accounts_Onboard_Utility.V4.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: N2JiZDEyZTUtMjAxNC00N2MyLThhYmItYTZlMDRlZTE3MmVlO0Y2QzkwQUU0QzZBRjc4RUY7MDAwMDAwMDJGQzc2RUJEOEVCQjVG
RkFFM0VDODRGMEU2QUEzQTVDMTAzRTkwMEJDMzg1NEY3MzhBMDM1MDhEMjYyNzFGQzhFMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/remoteMachinesAccess/remoteMachines",
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinance.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": "/remoteMachinesAccess/accessRestrictedToRemoteMachines",
"value": "True"
}] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 653-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; remoteMachinesAccess=; creat
edTime=1584959645}
Account properties Updated Successfully
[1/1] Updated pamwinadm1@07.07.07.07 successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp> .\Accounts_Onboard_Utility.V4.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: M2M3ZDBkNjktZmQyNy00YmQxLWFhMmYtMTk5NDY5Yjk1YzA3O0MwMzlEMDhCNDhDNTcyNzU7MDAwMDAwMDI3MEFFNUQ3M0FDMDJE
RjdBQTNGNzI5RUU5RDhGMzQyMzNBOEUwNENEQjk3RTZBNEFGNTMwMzFBMDJENkU5NkM0MDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/remoteMachinesAccess/remoteMachines",
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinance.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": "/remoteMachinesAccess/accessRestrictedToRemoteMachines",
"value": "True"
}] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 653-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; remoteMachinesAccess=; creat
edTime=1584959645}
Account properties Updated Successfully
[1/1] Updated pamwinadm1@07.07.07.07 successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
AssafMiron
commented
4 years ago Great news! Thanks again @jonnadulasudhakar for helping improve the script for the community!
I am having a problem with Update Limit Domain Access To property.
Scenario 1:
Account onboarded to CyberArk with Windomain Platform but didn't check the BOX limit domain access to
By running an update command, I am unable to activate the parameter Limit Domain Access to and also unable to add IP address
Scenario 2:
Account onboarded to CyberArk with Windomain Platform and enabled checkbox limit domain access to without any addresses in the limit domain access to.
By running an update command, I am unable to update IP address
Scenario 3:
Account onboarded to CyberArk with Windomain Platform but didn't include any addresses in the limit domain access to. But enabled the option Limit Domain Access To and added dummy value
By running an update command, I am ABLE to UPDATE the Limit Domain Access to with UPDATED IP ADDRESSES
In the last scenario, the value update but showing an error message as below:
PS C:\Temp> .\Untitled2.ps1 -PVWAURL https://10.247.54.28/PasswordVault -CsvPath .\test-3.csv -DisableSSLVerify -NoSafeCreation -AuthType cyberark -Update -Verbose -Debug
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: YWNiZWE2NmQtY2NjYy00NWI5LWI5ZTAtNzM0NmVkZDVjNzhhOzc4NTE2QkNCNTM0OEZERTI7MDAwMDAwMDJFNUExRjg5Qjc3ODc5
RTgzMzEyMUIxNkFEMjEyRjc5RDgyRjQ4Qjc5MzZBQTZEREM0OTJDRjY2REY0NTg5RDIxMDAwMDAwMDA7
Starting to Onboard 1 accounts
4
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 538-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 538-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property remoteMachinesAccess
VERBOSE: Inspecting Account Property remoteMachines
VERBOSE: Updating Account Property @{remoteMachines=dummy; accessRestrictedToRemoteMachines=True} value from: 'dummy' to: 'FINAPP02
.exFinance.com;FINAPP03.exFinance.com;FINAPP04.exFinance.com;FINAPP05.exFinance.com;FINAPP06.exFinance.com'
VERBOSE: Inspecting Account Property accessRestrictedToRemoteMachines
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
om"
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 625-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; remoteMachinesAccess=; creat
edTime=1584959645}
Account properties Updated Successfully
DEBUG: Updating Account Secret...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29/Password/Update -Method POST -Header System.C
ollections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body {
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/Accounts/51_29/Password/Update with -1-byte payload
**Error Message: {"Details":[{"ParameterName":"NewCredentials","ErrorCode":"PASWS011E","ErrorMessage":"Missing mandatory parameter [N
ewCredentials]."}],"ErrorCode":"PASWS167E","ErrorMessage":"There are some invalid parameters"}
Exception Message: The remote server returned an error: (400) Bad Request.**
Status Code: 400
Status Description: Bad Request
VERBOSE: Invoke-REST Response:
[1/1] Updated pamwinadm1@07.07.07.07 successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl