Hi,

Your Environment

• PowerShell Version: 4.0
• psPAS Branch & Version: master/b41073b
• CyberArk Version: 10.4

Current Behaviour

I'm attempting to export platforms using the following:

$CAToken | Export-PASPlatform -PlatformID "TestPlatform" -Path test.zip

This results in test.zip being created with the following text in it, rather than an actual ZIP:

@{Path=test.zip; Value=System.Object[]; Encoding=Byte}

Possible Solution

The line "$output | set-content" doesn't appear to parse the parameters in the object. I'm not sure if this is the ideal fix, but it works for me:

@@ -117,7 +117,7 @@ function Export-PASPlatform {

                                try {

-                                       $output = [PSCustomObject]@{
+                                       $output = @{
                                                Path     = $path
                                                Value    = $result
                                                Encoding = "Byte"
 @@ -131,7 +131,7 @@ function Export-PASPlatform {
                                        }

                                        #write it to a file
-                                       $output | Set-Content -ErrorAction Stop
+                                       Set-Content @output -ErrorAction Stop

                                } catch {throw "Error Saving $path"}

Hi,

it seems there is a small issue in New-PASSession.ps1 Line 139
$boundParameters = $PSBoundParameters | Get-PASParameters -ParametersToRemove Credential

Get-PASParameters -> Get-PASParameter

Kr Konstantin

for the Add-PASAccount function the 'username' parameter is not set to mandatory but it is mandatory for adding an account. Or is there a reason I am missing as to why that's not a required one in the function?

Hi.
What I want to do:
I want to add an administrator account with the same privileges as the safe owner/creator. I am currently trying to do so with the following powershell command:
$token | Add-PASSafeMember -SafeName $safename -MemberName Administrator @admin_rights_hash

Where admin_Rights_hash is defined as:
$admin_Rigths_hash=@{
UseAccounts = $True;
RetrieveAccounts = $True;
ListAccounts = $True;
AddAccounts = $true;
UpdateAccountContent = $true;
UpdateAccountProperties = $true;
InitiateCPMAccountManagementOperations = $true;
SpecifyNextAccountContent = $True; `
RenameAccounts = $true;
DeleteAccounts = $true;
UnlockAccounts = $true;
ManageSafe = $True;
ManageSafeMembers = $True;
BackupSafe = $True;
ViewSafeMembers = $true;
ViewAuditLog = $true;
RequestsAuthorizationLevel = 1;
AccessWithoutConfirmation = $true;
CreateFolders = $True;
DeleteFolders = $True;
MoveAccountsAndFolders = $True
}

This gives me all the Authorizations i want except for 'Validate Safe Content'.
Is it possible to add a feature to the Set/Add-PASSafeMember function such that this right can also be given, or is there another method I should use to add additional owners to a safe

Thank you for a great PowerShell module, helping a great deal when streamlining the management of CyberARK.

Regards oliverolli

Hi Pete, I tested both functions (Add-PASSafeMember, Set-PASSafeMember) and worked with no issues, except for RenameAccounts boolean parameter. It's mentioned in the description but not added as a parameter.

Set-PASSafeMember : A parameter cannot be found that matches parameter name 'RenameAccounts'.
At .\MyAwesomeScript.ps1:41 char:295
+ ... tContent $true -RenameAccounts $false -DeleteAccounts $false -UnlockAccounts $tr ...
+                    ~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-PASSafeMember], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Set-PASSafeMember

This utility looks incredibly useful - have you considered publishing it to the PowerShell Gallery for ease of installation?

Web services included in v10.2 have additional functionality which will require new functions to be developed:

• Add Onboarding Rule
• Delete Onboarding Rule
• Get Automatic Onboarding Rules
• Connect Through PSM
• Import Platform

With the release of CyberArk PAS 10.1, an update of the psPAS module will be required to expose any new API functionality.

Any activities and issues related to this development will be tracked under this issue.

Your Environment

• PowerShell Version: PSVersion 5.1.14409.1012
• psPAS Branch & Version: 1.3.0
• CyberArk Version: 10.3

Expected Behaviour

We would like to be able to connect to cyberark via on a client machine without internet connection. (through a parameter is fine)

Current Behaviour

Calling the new-PASSession results in the following error: Microsoft.PowerShell.Commands.WriteErrorException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

as far as we can tell this is caused by powershell failing to perform revocation check of the PVWA servers' https certificate.

Possible Solution

It would be preferred if a parameter for skipping the revocation check. Ideally without skipping the entire certificate check.

Steps to Reproduce (for bug reports)

1 . call new-PASSession from a server without internet connection (but has LAN access to cyberark via HTTPS)

2 .

3 .

4 .

Sample Output

13:34:53 VERBOSE: Performing the operation "Logon with User '****'" on target
13:34:53 "https://pam.****//PasswordVault".
13:34:53 VERBOSE: Setting Security Protocol to TLS12
13:34:54 VERBOSE: POST https://pam.****//PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon
13:34:54 with -1-byte payload
13:34:56 Microsoft.PowerShell.Commands.WriteErrorException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Context

I am trying to connect to cyberark via a script being run on a Jenkins server without internet connection

Your Environment

• PowerShell Version: 5.0
• psPAS Branch & Version: most recent one.
• CyberArk Version: 10.4

Expected Behaviour

Authentication via New-PASSession should work 100%.

Current Behaviour

When we are attempting to authenticate via the following command:

$token = New-PASSession -Credential $Credentials -BaseURI $URL

The following error is reported:The request was aborted: Could not create SSL/TLS secure channel.
Invoke-PASRestMethod : The request was aborted: Could not create SSL/TLS secure channel.
At C:\Users\Documents\WindowsPowerShell\Modules\psPAS\Functions\Authentication\New-PASSharedSession.ps1
:91 char:18

• ... ASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body - ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

It is not about certificate which is valid and verified even if we check the PVWA in our browsers.

The powershell version is the following:
Major Minor Build Revision

5 1 15063 1387

If I run the same command on PowerShell 6, just for testing, it works (on the same machine):

PS C:\Users> $token

sessionToken BaseURI

{Authorization} https://xxxxx

To summarize, the authentication works with powershell 6 but not with powershell 5. We would like to stick with PS 5, but we couldn't determine the root cause for this.... can you please support?

EPV v9.7 platform does not require address in PVWA (used for non-system type accounts), and get-help indicates address is optional, but running following results in below error. Also fails in Postman.

$token | Add-PASAccount -safe ${safeName} -platformID ${platformName} -username ${accountName} -password ${secureStringPassword} -disableAutoMgmt $true -disableAutoMgmtReason "GenericID"

Invoke-PASRestMethod : [400] Cannot add account; reason: Missing mandatory parameter. (parameter: Address)
At C:\software\powershell\psPAS\psPAS\Functions\Accounts\Add-PASAccount.ps1:322 char:3

•     Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken ...
  

+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : CAWS00001E,Invoke-PASRestMethod

Hello
Is it some limitation of the new API, that it's not possible to get account using new search option from specific safe?

Regards
Olegas

Your Environment

• PowerShell Version:5.1
• psPAS Branch & Version:2.2
• CyberArk Version:10.4

Expected Behaviour

I want list all users on cyberark

Current Behaviour

$token | Get-PASAccount -search 'test'

Test is the cyberark username

PowerShell show the following message error:Invoke-PASRestMethod : [500] Error mapping types.
Mapping types:
IEnumerable1 -> List1
System.Collections.Generic.IEnumerable1[[CyberArk.PasswordVault.API.Objects.PVPassword, CyberArk.PasswordVault.API, Version=8.0.0.0, Culture=neutral, PublicKeyToken=40be1dbc8718670f]] -> System.Collections.Generic.List1[[CyberArk.PasswordVault.PASWebServices.Models.AccountModel,
CyberArk.PasswordVault.PASWebServices, Version=8.0.0.0, Culture=neutral, PublicKeyToken=40be1dbc8718670f]]
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\Functions\Accounts\Get-PASAccount.ps1:278 char:13

• ... $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sess ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : CAWS00001E,Invoke-PASRestMethod

I want to list all users on cyberark

I am trying to use psPAS and am having a hard time getting it to function. For example, if I ran the following command I get the error below.

$Session = New-PASSession -credential $(Get-Credential) -baseURI https://cyberarkurl
$Session | Get-PasSafe

Error: Invoke-PASRestMethod : Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.String'.

This happens when trying to run any command. Below is my $PSVersionTable.

Name Value
PSVersion 3.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.42000
BuildVersion 6.2.9200.22198
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2

Thoughts?

Multiple functions accept date values as parameter inputs, the required format for the parameter input is not always the same.
Changing the parameters to DateTime types instead of strings (where applicable) will simplify usage & validation of the input.
Additionally, standardising date output is to be considered.

Your Environment

• PowerShell Version: 5.1.15063.1292
• psPAS Branch & Version: 2.2.2 master
• CyberArk Version: 10.5

Expected Behaviour

$tokenCA_username = Connect-CAVault -baseURI $baseURICA -credential oledmn -connectionNumber $connectionNumber
$accountsCA_username = $tokenCA_username | Get-PASAccount -search 'username' -filter "safename eq Safe-username"
$password_username = $accountsCA_username | Get-PASAccountPassword -UseV10API
should return password

Current Behaviour

Returns error
Get-PASAccountPassword : The input object cannot be bound because it did not contain the information required to bind all mandatory parameters: AccountID

Possible Solution

Add -AccountID parrameter
$password_username = $accountsCA_username | Get-PASAccountPassword -UseV10API -AccountID $accountsCA_username.id

1st off just looking at these I think they are great. I have been struggling to get some wrappers around the API's and getting very frustrated. I have several and they work awesome but yours are much cleaner and professional. It kind of makes me feel like an beginner.

On thing I notices when I was trying to figure out the flow of things is your function Get-EscapedString.
In your help example you have the name as Get-PASEscapedString
.

I just thought I'd point that out. The functions I looked at where it is used are calling the actual function name.

Your Environment

• PowerShell Version: 4.0
• psPAS Branch & Version: Get-PASAccount
• CyberArk Version: Version 9.8.0 (9.80.0.7)

Expected Behaviour

To get/list all the account.

Current Behaviour

Version 9.3 - 10.3:
Returns information about an account. If more than one account meets the search criteria,
only the first account will be returned (the Count output parameter will display the number
of accounts that were found).

Possible Solution

Steps to Reproduce (for bug reports)

1 .

2 .

3 .

4 .

Sample Output

Context

Your Environment

• PowerShell Version: 5.1
• psPAS Branch & Version: master branch version 2.1.0
• CyberArk Version: 10.2

Expected Behaviour

A failed authentication using New-PASSession should return only an error relating to the failure and nothing else.

Current Behaviour

A failed authentication using New-PASSession returns the error relating to the failure and a PSObject containing sessionToken & BaseURI properties/values.

Possible Solution

The error is handled/returned already from Invoke-PASRestMethod.
New-PASSession to be updated to only output result if Invoke-PASRestMethod results in success.

Steps to Reproduce (for bug reports)

Supply bogus credential when invoking New-PASSession

New-PASSession -credential $cred -BaseURI https://PVWA

Sample Output

Context

Noticed during investigation of #62

Hey Pete,

I've been playing around with this, and when CyberArk throws an error, I get a secondary error on this line. See below.

Invoke-PASRestMethod : [500]
At C:\Users\user1\Documents\WindowsPowerShell\Modules\psPAS\Functions\Authentication\Close-PASSession.ps1:74 char:9
+         Invoke-PASRestMethod -Uri $URI -Method POST -Headers $session ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

ConvertFrom-Json : Invalid JSON primitive: The.
At C:\Users\user1\Documents\WindowsPowerShell\Modules\psPAS\Private\Invoke-PASRestMethod.ps1:128 char:30
+             $response = $_ | ConvertFrom-Json
+                              ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

In this case, the actual error is the following, which I grabbed using

Write-Host "StatusCode: " $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription: " $_.Exception.Response.StatusDescription
Write-Host "Response: " $_.Exception.Message

StatusCode:  500
StatusDescription:  System.ServiceModel.ServiceActivationException
Response:  The remote server returned an error: (500) Internal Server Error.

It seems to be choking on the first word of the 'Response' which is in the parameter "$_.Exception.Message"

Your Environment

• PowerShell Version: Core
• psPAS Branch & Version: Master/1.3.0
• CyberArk Version: 10.3

Expected Behaviour

When using LDAP credentials, authentication should work

Current Behaviour

When using LDAP credentials, authentication does not work

Possible Solution

Update URL from ..../WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon
To ..../api/Auth/LDAP/Logon

Relates to #70 and requires a substantial update to the module

Steps to Reproduce (for bug reports)

1 . New-PASSession -Credential $LDAPCreds -BaseURI https://cyberark

Sample Output

Invoke-PASRestMethod : [403] Authentication failure.

Context

Your Environment

• PowerShell Version: 5.1
• psPAS Branch & Version: 2.2.0
• CyberArk Version: 9.9.5

Expected Behaviour

$token | Get-PASAccount -Keywords $a_fqdn -WarningAction Stop | Get-PASAccountPassword
should output the password value

Current Behaviour

$token | Get-PASAccount -Keywords $a_fqdn -WarningAction Stop | Get-PASAccountPassword
{112, 120, 99, 111...}

Possible Solution

Please note that with psPAS 0.8.7 it works fine

Steps to Reproduce (for bug reports)

1 . $token = New-PASSession -UseV9API -Credential $credential -BaseURI $VaultURL
2 . $token | Get-PASAccount -Keywords $a_fqdn -WarningAction Stop | Get-PASAccountPassword

Sample Output

{112, 120, 99, 111...}

Context

Changes to the module made to support any identified new or updated features of the API released with version 10.5 of CyberArk will be tracked under this issue.

New:

• Remove Group Members
• Get Groups
• Add Discovered Accounts
• Monitor Active PSM Session
• Update Automatic Onboarding Rule

Updates:

• Get LDAP Directory by Name
• Get Safe Account Groups
• Connect with PSM (for Ad-Hoc Connections)

Check development on the feature-10_5 Branch

In the parameter help for for Add-PASAccount the username reads as...

.PARAMETER Username
Username ont he target machine
I think you want it "on the" rather than "ont he"

Minor but just letting you know.

Basically, it'd be a function to do the following:

Get-PASAccount - Store metadata in PSObject
Add-PASAccount - Using metadata in PSObject; add to new safe
Get-PASAccount - To ensure the account was moved properly
Remove-PASAccount - Remove account from old safe

Parameters: $originalSafe, $destinationSafe, whatever else you need

That way, you get the account's metadata, add the account to the new safe, verify move, remove old account in old safe.

DISCLAIMER: You'll lose all the account's audit data once it is removed. Be aware of your enterprise's audit requirements!

While testing Set_PASSafeMembers & Add_PASSafeMembers

I found this token -AddAccounts $false overwriting -UpdateAccountProperties $ture and it seems it was already mentioned in the GUI (Update Safe Member window):

but couldn't find it documented anywhere in the RestAPI page. May be it's worth to mention here.

Your issue may already be reported. Please search existing issues before creating one.

Your Environment

• PowerShell Version:5.0
• psPAS Version:master
• CyberArk Version:9.7.0

While calling the New-PASSession
$token = New-PASSession -Credential $VaultCredentials -BaseURI pvwa_url

facing the following issue:
At C:\Program Files\WindowsPowerShell\Modules\psPAS\Functions\Authentication\New-PASSession.ps1:166 char:18

• ... ASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body - ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

Invoke-PASRestMethod : The request was aborted: Could not create SSL/TLS secure channel

For security purposes, please add the following line for Invoke-PASRESTMethod:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Activities for update of module for CyberArk 10.3 will be tracked here

Hello
Are you planning to implement any additional error handling?
For example in New-PASSession if Invoke-PASRestMethod fails it just returns an output to the screen. Without possibility to use try/catch and get error info to the variable.
Sample output
Invoke-PASRestMethod : [403] Authentication failure.
At C:\Users\yyy\Documents\WindowsPowerShell\Modules\psPAS\Functions\Authentication\New-PASSession.ps1:234 char:18

•         $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Sessio ...
  

+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : ITATS004E,Invoke-PASRestMethod

Hello,

I'm using Cyberark PAS on version 9.9 and I cannot get a valid session token, I'm following these steps:

Install-Module -Name psPAS -Scope CurrentUser
Import-Module psPAS
$username = "domain\user"
$password = ConvertTo-SecureString -String "myPassword" -AsPlainText -Force
$credentials = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $username, $password
$token = New-PASSession -Credential $credentials -BaseURI "https://pvwaurl" -Verbose

Do you know what could be happening?

Thanks

Tried using New-PASUser for the creation of Cyberark groups also but it did not get created as group instead as a user.Is there any other function to do this?

Hi
Is there a reason that limit parameter returns error, when set larger than 999? :)

Invoke-PASRestMethod : [400] There are some invalid parameters
At C:\Program Files\WindowsPowerShell\Modules\psPAS\2.2.2\Functions\Accounts\Get-PASAccount.ps1:278 char:13

I can bulk upload accounts using passwords but bit confused to create accounts with ssh keys.
Please help me with this,,,

This module caters for every available API call available from CyberArk v9.0 onwards. With the move to OpenAPI/Swagger in CyberArk v10, I am considering utilising the Get-PASServer function to check the target version either on authentication, or function execution, or some other way, and using the returned data to:

• prevent a function running against a version which will not support the operation
• create dynamic parameters appropriate for the functionality of the version
• set correct API endpoint URL for the method/version.

Get-PASServer however is only supported from CyberArk 9.7 onwards.
Logging this here as it is a fairly major update to the way the module works currently, will likely incur some breaking changes, and may cause issues with being able to support versions older than 9.7. Though it should simplify operations, support & updates in the long term

With README.md becoming longer and longer which each REST API release, having a Table of Contents for the README.md can help users find what they're looking for faster... especially if they want to compare versions, which is at the bottom.

A standard feature of the PVWA installer is to install to a a different IIS virtual directory. The default is /PasswordVault/, but this can be changed. psPAS should allow users to use a different virtual directory and only default to /PasswordVault/ if nothing was provided.

## Your Environment

• PowerShell Version: 5
• psPAS Branch & Version: 2.2.0
• CyberArk Version: 10.3

## Expected Behaviour

Login to Cyberark Rest API successfully

## Current Behaviour

Getting 500 Internal Server Error

## Possible Solution

I've confirmed with our Admin that our web.config file is setup correctly, and I've also confirmed firewall is not an issue, and I can telnet to our cyberark server on port 443.

## Steps to Reproduce (for bug reports)

$PVWA_URL = 'https://mycyberarkurl.domain'

# Declaration
$webServicesLogon = "$PVWA_URL/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon"

# Authentication
$bodyParams = @{username = "myusername"; password = "mypassword"} | ConvertTo-JSON

# Execution
try {
    $logonResult = Invoke-RestMethod -Uri $webServicesLogon -Method POST -ContentType "application/json" -Body $bodyParams -ErrorVariable logonResultErr
    Return $logonResult.CyberArkLogonResult
}
catch {
    Write-Host "StatusCode: " $_.Exception.Response.StatusCode.value__
    Write-Host "StatusDescription: " $_.Exception.Response.StatusDescription
    Write-Host "Response: " $_.Exception.Message
    Return $false
}

## Sample Output

StatusCode: 500
StatusDescription: System.ServiceModel.ServiceActivationException
Response: The remote server returned an error: (500) Internal Server Error.
False

Your Environment

• PowerShell Version: 5.1
• psPAS Branch & Version: Master - v1.0.16
• CyberArk Version: 10.1

Expected Behaviour

Member gets added to account group

Current Behaviour

Member does not get added to account group

Possible Solution

AccountID is not passed in request body.
Get-PASParameter private function, by default, removes AccountID from the values passed it - this behaviour needs to be removed, and any functions that currently rely on this behaviour need to be updated accordingly

Steps to Reproduce (for bug reports)

1 . $DebugPreference = "continue"

2 .Add-PASAccountGroupMember -GroupID $gID -AccountID $uID

3 . Note lack of AccountID being passed in request body.

Sample Output

N/A

Context

Solution is being worked on

Your Environment

• PowerShell Version: Major: 5 Minor 1 Build 17134 Revision 165
• psPAS Branch & Version: 1.2.0
• CyberArk Version: 9.9.0 (9.90.0.18)

Expected Behaviour

Creation of account

Current Behaviour

Using the following command

$token | Add-PASAccount -AccountName $accountName -ExtraPass1Name "test" -ExtraPass3Name "Password_Reset" -address "test.ad" -Username $newUsername -platformID $platformID -SafeName $newSafe -Password $SecurePassword

(test.ad is the active directory domain name)

PowerShell show the following message error: Invoke-PASRestMethod : [400] Cannot add account; reason: specified linked account missing required information. Make
sure Safe name and Object name are specified. Linked account type: Logon

Does anyone know what could be wrong?

Thanks
Best regards

CyberArk version 9.10 has new functionality in the API.

New functions being developed under branch ver-9-9-10

Your Environment

• PowerShell Version: 5
• psPAS Branch & Version: Master, 2.2.17
• CyberArk Version: 9.95

Expected Behaviour

Add accounts in bulk via csv

Current Behaviour

I get this error:

Invoke-PASRestMethod : [500] Cannot add account; reason: Object reference not set to an instance of an object.
At C:\Users\a1009540\Documents\WindowsPowerShell\Modules\psPAS\Functions\Accounts\Add-PASAccount.ps1:518 char:13
... $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body - ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : CAWS00001E,Invoke-PASRestMethod

Here is the code I am using:

import-csv c:\scripts\test.csv |foreach-object {

$password = $_.Password |convertto-securestring -asplaintext -force 




$token | add-pasaccount -safe $_.Safe -PlatformID $_.PlatformID -Address $_.Address `
	-Password $password -Username $_.Username `
	-DynamicProperties @{
	
	"Safe" = $_.Safe;"PlatformID" = $_.PlatformID;"Address" = $_.Address;"Password" = $password;"Username" = $_.Username
	
	}
}

My csv has these columns in this order:

Safe | PlatformID | Address | Password | Username

They all have data in them. Nothing empty. I have been able to add accounts one at a time. My $token variable is correct

Thank you

Your Environment

• PowerShell Version: 5.1
• psPAS Branch & Version: 2.2.2
• CyberArk Version: 9.10.0 (9.99.0.12)

Expected Behaviour

I need to be able to specify a user name and RSA token

Current Behaviour

User credentials only

Possible Solution

Add MFA support

Context

Trying to authenticate using MFA.

Our SunOne LDAP platform (PAS 9.7) requires userDN as an account attribute before it can be vaulted. I'm able to add optional parameters to other platforms with the -Properties switch, but not quite sure how to tackle this.

$token | Add-PASAccount -safe ${safeName} -platformID ${platformName} -address ${address} -username ${accountName} -password ${secureStringPassword}

Invoke-PASRestMethod : [400] Cannot add account; reason: Missing mandatory parameter in Platform SunOneDirectorySSL. (parameter: UserDN)
At C:\software\powershell\psPAS\psPAS\Functions\Accounts\Add-PASAccount.ps1:322 char:3

•     Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken ...
  

+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : CAWS00001E,Invoke-PASRestMethod

Hi Pete,

I know that the PAS WS SDK Implementation Guide says that the Description can only be up to 29 characters, but that must be a Typo. It should be 99.

/Kim B. Christensen

Your Environment

• PowerShell Version: 5.1
• psPAS Branch & Version: 2.2.2
• CyberArk Version: 9.10.0 (9.99.0.12)

Expected Behaviour

I would like to be able to copy permissions. Similar funcionality like in acl for windows. Example get-acl C:\folder | set-acl

Current Behaviour

I couldn't find this feature

Context

It would be great to execute:
$sess | Get-PASSafeMember -SafeName SecureSafe | Set-PASSafeMember
or
$sess | Get-PASSafeMember -SafeName SecureSafe -MemberName SuperUser | Set-PASSafeMember

Would there be a way we can have the CyberArk error returned if there is an error in one of the module functions?

ie:
StatusCode: 500
StatusDescription: Cannot add account; reason: ITATS955E You are unauthorized to create object in Safe TESTSAFE01.
Response: The remote server returned an error: (500) Internal Server Error.

Issue to track remediation of PSScriptAnalyzer findings

CyberArk 10.4 contains numerous updates to the REST API - related module update will be tracked here

Error
Get-PASUser points toNew-PASSession
https://github.com/pspete/psPAS/blob/master/psPAS/Functions/Authentication/New-PASSession.ps1

Your Environment

• PowerShell Version:
• psPAS Branch & Version:
• CyberArk Version:

Expected Behaviour

Current Behaviour

Possible Solution

Steps to Reproduce (for bug reports)

1 .

2 .

3 .

4 .

Sample Output

Context