renzinpoo
commented
4 years ago Found the answer in: https://cyberark-customers.force.com/s/article/00002028
apparently, the password of the failing accounts has these characters:
"<", "&#"
added them PasswordForbiddenChars and the script worked fine.
Describe the issue I am running a bulk password sync between two kinds of windows accounts. a managed windows account and an unmanaged windows account (with DOMAIN\ prefix, not supported by PAS account management). The script works but for some reason, it is inconsistent as it fails to sync some accounts. ( latest was 4 out 20 accounts had this error)
I am having this error for the few accounts in my list :
Invoke-PASRestMethod : [400] A potentially dangerous value was detected from the client.
To Reproduce
Below is the script I am using:
import-module pspas $acctname = Import-Csv 'c:\filelocation\accountlist.csv' New-PASSession -Credential $creds -BaseURI https://PVWA_URL/ -type Cyberark -SkipCertificateCheck $acctname | foreach { $cred = Get-PASAccountPassword -AccountID $.ID1 -Reason "Password Synchronization" | Select-Object -ExpandProperty Password $securestring = $cred | ConvertTo-SecureString -AsPlainText -Force Invoke-PASCPMOperation -AccountID $.ID2 -ChangeTask -NewCredentials $securestring }
sample of the csv file:
Expected behavior To sync account passwords from ID1 column to ID2 column
Screenshots & Console Output see attached for the error:
Console Output Code Block:
Your Environment Include relevant details about your environment
Additional context Add any other context about the problem here.