pspete
commented
4 years ago Hey Allyn,
Get-PASUser is the psPAS command you are looking for (it amalgamates both "Get User Details" (both 1st Gen & 2nd Gen) & "Get Users").
A user's groups membership is only returned since version 11.5
Specify the id (number) of the user to get the details of, the groupsmembership property is included in the list view (Get-PASUser -id 2 | Format-List) or can be accessed directly:
Get-PASUser -id 2 | select-object -ExpandProperty groupsmembership
groupID groupName groupType
------- --------- ---------
8 Auditors Vault
14 PVWAMonitor Vault
15 PVWAUsers Vault
26 PSMLiveSessionTerminators Vault
661 GlobalAdmin Vault
11 Vault Admins Vault
allynl93
Is your feature request related to a problem? Please describe. I may well be missing very obvious, but I can't seem to find a function for the "Get user details" API.
API described at: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/get-user-details-v10.htm
This makes it difficult to understand which groups a user is member of for example.
Describe the solution you'd like Ideally would like to see a function like Get-PASUserDetails included in the module. If it is included and I'm missing it, maybe under a different name, then please let me know how stupid I'm being.
Describe alternatives you've considered Don't look like there is an alternative that I can see? The API doesn't have an endpoint to view members of a groups, it appears the only way to view who is a member of group is go from a user perspective and work it back that way... Again if I've missing something fundamental do let me know.
Hope all is well. Cheers Allyn