Discussion on "Add dependent accounts in CyberArk with PACLI and PowerShell"

Tim Schindler · 2022-01-07T08:49:10.000Z

CyberArk dependent accounts (or usages) are only accessible through the Classic UI and thus are not yet manageable through the CyberArk REST API. CyberArk in their epv-api-scripts repo on GitHub provide a script to onboard dependent accounts however ...

hey tim, thanks for that reply. we tried that and realized poshpacli scrambles the file names randomly into other fields, like creation date. it varies from object to object, hence it is utterly broken. current approach ich scraping of pvwa gui parsing through powershell. sometimes cyberark knows how to keep people angry…

Any idea how to read existing depandants programatically from a vault in a migration scenario?

I haven't tried this myself but I would investigate iterating through all safes and for each account/object in a safe, look for the MasterPassName file category/property. If the value is null, then it is not a dependent account whereas if there is a value, then it is a dependent account and also 'points' to the parent.

You would need to do this with PACLI/PoShPACLI.

Discussion

Add dependent accounts in CyberArk with PACLI and PowerShell

Responses(2)

Recent in Forum

Search Hashnode

Add dependent accounts in CyberArk with PACLI and PowerShell

Responses(2)

Recent in Forum