Set-PASAccount

[JohnnyLeuthard]

I'm having issues with the Set-PASAccount Cmdlet and multiple actions in an array.

Expected behavior I was expecting each item in the array would be executed not just the one

Console Output Code Block: I am following the directions in the help, using example #3 as my guide. The only change is BOTH are an Add action and the example is a remove and an add but different property names.

Your Environment Running from a Win10 workstation

• PowerShell Version: 5.1 (desktop)
• psPAS Version: 4.5.90
• CyberArk Version: 11.5.3

Additional context I don't get any errors. It just doesn't add more than one item in the $actions object. If I do them 1x1 creating an array with a single item in it they all get added fine. I validated my array is an array with $actions.gettype() Each item/action in the array is a hashtable also verified with $actions[0].gettype() It's not just add. If I do a remove or replace having multiple in the array only executes one I ran it multiple times adding different properties to the array and it always ads the last item to the array

My example (names and values changed to generic) but all properties (file categories) exist in the platform assigned to the target object as optional properties.

$actions = @() $actions +=@{"op"="add";"path"="/platformAccountProperties/port";"value"="123"} $actions +=@{"op"="add";"path"="/platformAccountProperties/UserDN";"value"="xyz123"} Set-pasAccount -AccountID 123 -operations $actions

As of right now the work around I have that works is $actions | % {Set-pasAccount -AccountID 123 -operations $_} However that is just adding more cycles and time to the process since it cas to pass them across the pipeline 1x1. Not a huge deal with a couple accounts but if I had to perform an update on a large number of objects it would add up quick.

[pspete]

Hi @JohnnyLeuthard

Thanks for reporting this. I was able to replicate this as you described, so did some investigation.

There now appears to be a required format for this action detailed in the swagger documentation which expands on the published examples for the module:

It is possible to set several properties using the same command using the following structure:

{ "op": "replace", "path": "/platformaccountproperties", "value": "{\"{PropertyID1}\":\"{Value}\",\"{PropertyID2}\":\"{Value}\",\"{PropertyID3}\":\"{Value}\"}"}

In psPAS, this translates to

$actions = @()
$actions +=@{"op"="add";"path"="/platformAccountProperties";"value"=@{"port"="321";"UserDN"="xyz123";"LogonDomain"="SomeDomain"}}
$actions +=@{"op"="replace";"path"="/address";"value"="SomeNewAddress"}
Set-pasAccount -AccountID 123 -operations $actions

Successfully tested the above, so no code change needed, only updates to the documentation. Will add a further example to the docs detailing the required format when updating multiple categories which exist under the platformAccountProperties path. Thanks again for the report - very much appreciated.

[JohnnyLeuthard]

Perfect!! That actually gives me more flexibility in my scripts. Now i can just do this (tested and works)

$Hash = @{ 'Item1' = 'Value1' 'Item2' = 'Value2' } $actions +=@{"op"="add";"path"="/platformAccountProperties";"value"=$hash}}

Then I can programmatically build the hash based off what i input.

Thanks

[JohnnyLeuthard]

Whats the real difference between add and modify? If I have a value on an object and use Add with a different value it updates. Is there something else that is going on that not using the modify will miss?

[pspete]

Attempted replace or remove of a property which does not exist will raise an error - useful in a scenario you only want to update values which exist. The module is just coded against the documentation which says: You can do the following:

• Replace the existing value of a property
• Remove property from the account
• Add property to the account

[pspete]

Updated documentation here: https://pspas.pspete.dev/commands/Set-PASAccount#example-6

The module's get-help content will update from that file whenever the next build version gets published.