search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
295 stars 91 forks source link

get-pasuser does not get full details #527

Closed ELANDJEA closed 7 months ago

ELANDJEA commented 7 months ago

Describe the issue when using get-pasuser (even with the option -ExtendedDetails) does not get the full details of a user. when I for instance have an email address configured it does not get represented in the results

To Reproduce Steps to reproduce the behavior:

Expected behavior get full details of the user....

Screenshots & Console Output If applicable, add screenshots and/or console output to help explain your problem.


<--Console Output Goes Here-->

Your Environment Include relevant details about your environment

Additional context I now get the full details like this:

$user=get-pasuser -username $oldname if ($user -eq $null) { write-host user $oldname does not exist return $false }

get details via plain rest

$id=$user.id $ThisSession = Get-PASSession $UrlPath = "api/users/$id/" $method="get" $Request = @{ "Method" = $Method "Uri" = "$($ThisSession.BaseUri)/$UrlPath" "WebSession" = $ThisSession.WebSession "ContentType" = "application/json" } $userdetails=Invoke-RestMethod @Request

where $userdetails represent something like this:

enableUser : True changePassOnNextLogon : True expiryDate : userActivityLogRetentionDays : 90 loginFromHour : 0 loginToHour : 24 suspended : False lastSuccessfulLoginDate : 1692345373 unAuthorizedInterfaces : {} authenticationMethod : {AuthTypePass} passwordNeverExpires : False distinguishedName : description : businessAddress : @{workStreet=; workCity=; workState=; workZip=; workCountry=} internet : @{homePage=; homeEmail=; businessEmail=pipo@abcd.nl; otherEmail=} phones : @{homeNumber=; businessNumber=0; cellularNumber=; faxNumber=; pagerNumber=} personalDetails : @{street=; city=; state=; zip=; country=; title=; organization=clown; department=; profession=;firstName=pipo; middleName=; lastName=clown} id : 21 username : pipo source : CyberArk userType : EPVUser componentUser : False groupsMembership : {@{groupID=8; groupName=Auditors; groupType=Vault}, @{groupID=11; groupName=Vault Admins; groupType=Vault}, @{groupID=15; groupName=PVWAUsers; groupType=Vault}} vaultAuthorization : {} location : \

pspete commented 7 months ago

Get-PASUser -id 123 | get-member ? Get-PASUser -id 123 | Format-List ? Get-PASUser -id 123 | select-object * ?

Gives you the result you expect?

pspete commented 7 months ago

All the properties are there: image

ELANDJEA commented 7 months ago

you are absolutely right.....somehow I overlooked 😳

ELANDJEA commented 7 months ago

just one afterburner....I just realised....

when using "get-pasmember -username XYZ' it retreives less information than when I perform "get-pasmember -id ##"

hence: for proper handling I first need to find a single account (based on name) and after that use the ID property from the first result to do a new call to get all details.

is it intended behavour to only get everything using the -id parameter? (I assume it relates to the difference between gen1 and gen2 APIs)

pspete commented 7 months ago

get-pasmember

which command do you refer to?

ELANDJEA commented 7 months ago

of course I meant get-pasuser 😳

pspete commented 7 months ago

Get-PASUser -username XYZ - uses this api: Get users Get-PASUser -ID ## - uses this api: Get user details

The output of each API differs, hence the difference in output for the commands.