Comments (9)
AssafMiron
commented on August 16, 2024
Thanks for the very detailed issue report @jonnadulasudhakar
It helped me a lot finding the issue and I think I fixed it
I updated the script and would be great if you could check the new update with all the above scenarios you detailed
Thanks,
Assaf
from epv-api-scripts.
jonnadulasudhakar
commented on August 16, 2024
Thanks for helping with the problem. Here are the updates:
Script need to update on Line 977 got extra ) need to remove
If($sProp.Name -in ("remotemachineaddresses","restrictmachineaccesstolist", "remoteMachines", "accessRestrictedToRemoteMachines"**_)))_**
After changing as below, able to execute the script but failed all 3 scenarios.
If($sProp.Name -in ("remotemachineaddresses","restrictmachineaccesstolist", "remoteMachines", "accessRestrictedToRemoteMachines"))
The earlier script is able to update if we have a dummy value (Scenario 3). After modification getting the below error message for all 3 scenarios and not updating the account. The old script is able to update scenario 3 but the new script is not. included the CSV file for reference. Please advise.
PS C:\Temp> .\Accounts_Onboard_Utilityv1.ps1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -DisableSSLVerify -CsvPath .\test4.csv -NoSafeCreation -Update -Verbose -Debug
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType
"application/json" -Body {
"password": "****",
"username": "sudhakar"
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: MmYxMzgzODktYzAwNC00MzI4LWIwYWEtYmYzY2NjNmM5NjM1OzI4MjYwQjU1RDJDODM4MUQ7MDAwMDAwMDJBREI1NTJGNj
Y1QkE2Mjg1OEQzNTFBNDZCMTJCRjgzQTg2QjJBQkE2QkQwMkE4OEU4OEM0MjUxQ0VEODYzNERFMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Met
hod Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Timeout
Sec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search
=pamwinadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType
"application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.0
7.07 with 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search
=pamwinadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType
"application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.0
7.07 with 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1
584959645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Property secret value to: ''
VERBOSE: Updating Account Property remoteMachinesAccess value to: '@{remoteMachines=FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com; accessRestrictedToRemoteMachines=True}'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collection
s.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/platformAccountProperties/secret",
"value": ""
},
{
"op": "replace",
"path": "/platformAccountProperties/remoteMachinesAccess",
"value": {
"remoteMachines": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.ex
Finance.com\nFINAPP05.exFinance.com\nFINAPP06.exFinance.com",
"accessRestrictedToRemoteMachines": true
}
}
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
Error Message: {"ErrorCode":"PASWS164E","ErrorMessage":"Invalid Input Request. Reason: The target location specified by path
segment 'secret' was not found."}
Exception Message: The remote server returned an error: (400) Bad Request.
Status Code: 400
Status Description: Bad Request
VERBOSE: Invoke-REST Response:
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Ge
neric.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 0 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp>
from epv-api-scripts.
AssafMiron
commented on August 16, 2024
Thanks for the comment and test @jonnadulasudhakar
I have fixed the issue with the extra bracket and gave another shot at the update method
from epv-api-scripts.
jonnadulasudhakar
commented on August 16, 2024
Thanks for the update. Now, the errors are cleared. but the limit domain access to not updated.
PS C:\Temp> .\Accounts_Onboard_Utility.V2.PS1 -PVWAURL https://10.247.54.28/PasswordVault -AuthType cyberark -DisableSSLVerify -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: MTM1NTE3ZGEtZGI0OS00MDE5LWFiYjktN2YxOTBjYzFkNzU5O0M1OEZGRTBBQkJDRTJDREI7MDAwMDAwMDI4MjUyNEIzMTBCRDEx
Njg2QkYzMEQ4NTZERDFBM0M4RTQyNTIxQ0E5RDA2MDAwNDJBMTNDOTk5RTc3M0YwMjEwMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
}
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 426-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; createdTime=1584959645}
Account properties Updated Successfully
[1/1] Updated [email protected] successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp>
from epv-api-scripts.
AssafMiron
commented on August 16, 2024
Thanks for the swift check @jonnadulasudhakar
Hope this update will fix the issue
from epv-api-scripts.
jonnadulasudhakar
commented on August 16, 2024
Thanks for swift response. The udpated script is giving error 500
PS C:\Temp> .\Accounts_Onboard_Utility.V3.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: OTlmOTNhNDctZGNhYy00MmI1LWFhZDMtMGRiZDkyZmU3NzM2OzA1NzY5OUVGMEVENjMyRDg7MDAwMDAwMDJDMDY1RjIwNEY4RjYw
QzNBQzU4MkRCRjhFNjE2MDU3MDE4MTNFMjJDRURFRTdBQkY3Rjc2RTBCREI0NEMxRkQxMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": null,
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinan
ce.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": null,
"value": true
}
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"Object reference not set to an instance of an object."}
Exception Message: The remote server returned an error: (500) Internal Server Error.
Status Code: 500
Status Description: Internal Server Error
VERBOSE: Invoke-REST Response:
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 0 out of 1 accounts successfully.
=======================================
LogoffUrl
Please check and advise.
from epv-api-scripts.
AssafMiron
commented on August 16, 2024
Thanks @jonnadulasudhakar for the swift testings
I found a parameter name that was wrong - sorry for the inconvenience
from epv-api-scripts.
jonnadulasudhakar
commented on August 16, 2024
Thanks a lotttttt @AssafMiron. Now the script is working as expected. I am happy to help in doing testing as many times as required. Now i am able to update with limitto domain access to field. i have tested twice and it is working as expected. Thanks once again @AssafMiron . Sorry if i trouble you by keep sending msgs.
here are the logs and we can close the case:
PS C:\Temp> .\Accounts_Onboard_Utility.V4.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: N2JiZDEyZTUtMjAxNC00N2MyLThhYmItYTZlMDRlZTE3MmVlO0Y2QzkwQUU0QzZBRjc4RUY7MDAwMDAwMDJGQzc2RUJEOEVCQjVG
RkFFM0VDODRGMEU2QUEzQTVDMTAzRTkwMEJDMzg1NEY3MzhBMDM1MDhEMjYyNzFGQzhFMDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/remoteMachinesAccess/remoteMachines",
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinan
ce.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": "/remoteMachinesAccess/accessRestrictedToRemoteMachines",
"value": "True"
}
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 653-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; remoteMachinesAccess=; creat
edTime=1584959645}
Account properties Updated Successfully
[1/1] Updated [email protected] successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
PS C:\Temp> .\Accounts_Onboard_Utility.V4.PS1 -PVWAURL https://10.247.54.28/PasswordVault -DisableSSLVerify -AuthType cyberark -CsvPath .\test4.csv -Update -Debug -Verbose
=======================================
Welcome to Accounts Onboard Utility
WARNING: It is not Recommended to disable SSL verification
DEBUG: Trying to validate URL: https://10.247.54.28/PasswordVault
VERBOSE: HEAD https://10.247.54.28/PasswordVault with 0-byte payload
Getting PVWA Credentials to start Onboarding Accounts
VERBOSE: {
"password": "Cyberark1",
"username": "sudhakar"
}
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon -Method Post -Header -ContentType "appl
ication/json" -Body {
"password": "****",
"username": "sudhakar"
} -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/cyberark/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: M2M3ZDBkNjktZmQyNy00YmQxLWFhMmYtMTk5NDY5Yjk1YzA3O0MwMzlEMDhCNDhDNTcyNzU7MDAwMDAwMDI3MEFFNUQ3M0FDMDJE
RjdBQTNGNzI5RUU5RDhGMzQyMzNBOEUwNENEQjk3RTZBNEFGNTMwMzFBMDJENkU5NkM0MDAwMDAwMDA7
Starting to Onboard 1 accounts
3
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket -Method Ge
t -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/WebServices/PIMServices.svc/Safes/DC1-Prod-Win-Bucket with 0-byte payload
VERBOSE: received 180-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{GetSafeResult=}
Safe DC1-Prod-Win-Bucket exists
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
Account pamwinadm1 exist
DEBUG: Returning URL Encode of DC1-Prod-Win-Bucket
DEBUG: Returning URL Encode of pamwinadm1 07.07.07.07
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwi
nadm1+07.07.07.07 -Method Get -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "applicatio
n/json" -TimeoutSec 36000
VERBOSE: GET https://10.247.54.28/PasswordVault/api/Accounts?filter=safename eq DC1-Prod-Win-Bucket&search=pamwinadm1+07.07.07.07 w
ith 0-byte payload
VERBOSE: received 448-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{value=System.Object[]; count=1}
VERBOSE: Inspecting Account Property id
VERBOSE: Inspecting Account Property name
VERBOSE: Inspecting Account Property address
VERBOSE: Inspecting Account Property userName
VERBOSE: Inspecting Account Property platformId
VERBOSE: Inspecting Account Property safeName
VERBOSE: Inspecting Account Property secretType
VERBOSE: Inspecting Account Property platformAccountProperties
VERBOSE: Inspecting Account Property Location
VERBOSE: Inspecting Account Property Hostname
VERBOSE: Inspecting Account Property Environment
VERBOSE: Inspecting Account Property secretManagement
VERBOSE: Inspecting Account Property automaticManagementEnabled
VERBOSE: Since Account Automatic management is off, adding the Manual management reason
VERBOSE: Inspecting Account Property manualManagementReason
VERBOSE: Updating Account Property @{automaticManagementEnabled=False; manualManagementReason=[No Reason]; lastModifiedTime=1584959
645} value from: '[No Reason]' to: ''
VERBOSE: Inspecting Account Property lastModifiedTime
VERBOSE: Inspecting Account Property createdTime
VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: 'FINAPP01.exFinance.com
FINAPP02.exFinance.com
FINAPP03.exFinance.com
FINAPP04.exFinance.com
FINAPP05.exFinance.com
FINAPP06.exFinance.com'
VERBOSE: Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: 'True'
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/Accounts/51_29 -Method PATCH -Header System.Collections.Gene
ric.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [
{
"op": "add",
"path": "/secretManagement/manualManagementReason",
"value": "[No Reason]"
},
{
"op": "replace",
"path": "/secretManagement/manualManagementReason",
"value": ""
},
{
"op": "replace",
"path": "/remoteMachinesAccess/remoteMachines",
"value": "FINAPP01.exFinance.com\nFINAPP02.exFinance.com\nFINAPP03.exFinance.com\nFINAPP04.exFinance.com\nFINAPP05.exFinan
ce.com\nFINAPP06.exFinance.com"
},
{
"op": "replace",
"path": "/remoteMachinesAccess/accessRestrictedToRemoteMachines",
"value": "True"
}
] -TimeoutSec 36000
VERBOSE: PATCH https://10.247.54.28/PasswordVault/api/Accounts/51_29 with -1-byte payload
VERBOSE: received 653-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{id=51_29; name=07.07.07.07-pamwinadm1; address=07.07.07.07; userName=pamwinadm1; platformId=WinDom
ain; safeName=DC1-Prod-Win-Bucket; secretType=password; platformAccountProperties=; secretManagement=; remoteMachinesAccess=; creat
edTime=1584959645}
Account properties Updated Successfully
[1/1] Updated [email protected] successfully.
Logoff Session...
VERBOSE: Invoke-RestMethod -Uri https://10.247.54.28/PasswordVault/api/auth/Logoff -Method Post -Header System.Collections.Generic.
Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000
VERBOSE: POST https://10.247.54.28/PasswordVault/api/auth/Logoff with 0-byte payload
VERBOSE: received 16-byte response of content type application/json; charset=utf-8
VERBOSE: Invoke-REST Response: @{LogoffUrl=}
Vaulted 1 out of 1 accounts successfully.
=======================================
LogoffUrl
from epv-api-scripts.
AssafMiron
commented on August 16, 2024
Great news!
Thanks again @jonnadulasudhakar for helping improve the script for the community!
from epv-api-scripts.
Related Issues (20)
- Added logic to truncate names to 28 char HOT 1
- Identity Authentication - missing Add-ObjectDetail function HOT 1
- account_onboard_utility slow with search if only "objectname" is provided HOT 1
- This line uses a function that does not exist in lower Powershell versions. HOT 2
- Should be get-safes instead of get-safe HOT 1
- need to add has not been defined
- Unable to add new member to existing safe with Safe-Management.ps1 HOT 9
- Unable to add new member to existing safe with Safe-Management.ps1 HOT 1
- Unable to add new member to existing safe with Safe-Management.ps1 HOT 1
- Unable to update Account Properties with REST API script. HOT 4
- UpdateMember to alter member permissions on safe HOT 2
- How to properly use Safe Management script when using Shared Services HOT 1
- Consistent handling of CSV delimiters HOT 1
- CSV Output Not Working
- Account onboard utility error HOT 1
- Account Onboard Utility -Delete is taking a very long time per account HOT 3
- Can not use -UpdateMembers Attribute
- Logon Token is empty when running script for Privilege cloud HOT 1
- AOU - unable to create safes based on template safe
- GroupName and GroupPlatformID parameters do not work when using AOU.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from epv-api-scripts.