Feed
Pro
Search

Author

Write
Drafts

Bug0 - The AI-native e2e QA regression testing Bug0 Browsers - Cloud Chromium on demand, per-minute, live preview Passmark - The open-source AI framework for regression testing Hackathons Changelog Brand @hashnode on X Hashnode on LinkedIn Support - hello+support@hashnode.com Code of Conduct Terms Privacy Sitemap
Sign in

Search Hashnode

Search posts, tags, users, and pages

Discussion on "Add dependent accounts in CyberArk (now Idira) with PACLI and PowerShell" | Hashnode

FeedDiscussion

Tim Schindler

CyberArk MVP, Guardian | Principal Consultant at CyberIAM

Jan 7, 2022

Add dependent accounts in CyberArk (now Idira) with PACLI and PowerShell

CyberArk (now Idira) dependent accounts (or usages) are only accessible through the Classic UI and thus are not yet manageable through the CyberArk REST API. CyberArk in their epv-api-scripts repo on

timschindler.blog4 min read

#cybersecurity-1 #powershell #cyberark #idira

Responses(2)

mat

Feb 4, 2023

hey tim, thanks for that reply. we tried that and realized poshpacli scrambles the file names randomly into other fields, like creation date. it varies from object to object, hence it is utterly broken. current approach ich scraping of pvwa gui parsing through powershell. sometimes cyberark knows how to keep people angry…

mat

Feb 4, 2023

Any idea how to read existing depandants programatically from a vault in a migration scenario?

Tim Schindler

CyberArk MVP, Guardian | Principal Consultant at CyberIAM

Feb 4, 2023

I haven't tried this myself but I would investigate iterating through all safes and for each account/object in a safe, look for the MasterPassName file category/property. If the value is null, then it is not a dependent account whereas if there is a value, then it is a dependent account and also 'points' to the parent.

You would need to do this with PACLI/PoShPACLI.