public/Get-VPASAllDiscoveredAccounts.ps1
|
<#
.Synopsis GET ALL DISCOVERED ACCOUNTS CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET ALL DISCOVERED ACCOUNTS IN THE PENDING SAFE LIST .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .EXAMPLE $AllDiscoveredAccountsJSON = Get-VPASAllDiscoveredAccounts .OUTPUTS If successful: { "count": 12, "value": [ ... { "id": "19_13", "name": "components.vman.com-PSMTestUser-468fa034-7bb4-4fbd-baeb-fce59e29077b", "userName": "PSMTestUser", "address": "components.vman.com", "discoveryDateTime": 1724216091, "accountEnabled": true, "osGroups": "Administrators, Users", "platformType": "Windows Server Local", "domain": "vman.com", "lastLogonDateTime": 1724215358, "lastPasswordSetDateTime": 1722475482, "passwordNeverExpires": true, "osVersion": "Windows Server 2022 Standard Evaluation", "privileged": true, "userDisplayName": "PSMTestUser", "passwordExpirationDateTime": 0, "osFamily": "Server", "organizationalUnit": "CN=COMPONENTS,CN=Computers,DC=vman,DC=com", "additionalProperties": "@{AccountType=Local; CreationMethod=AutoDetected}", "platformTypeAccountProperties": "@{SID=S-1-5-21-3557626459-4054859972-1988515847-1006}", "numberOfDependencies": 0 }, { "id": "19_15", "name": "vman.com-vmanda-aa06b546-f19d-4716-a89b-d3bedfbb6858", "userName": "vmanda", "address": "vman.com", "discoveryDateTime": 1724216092, "accountEnabled": true, "osGroups": "Administrators, Remote Desktop Users", "platformType": "Windows Domain", "domain": "vman.com", "lastLogonDateTime": 1724213492, "lastPasswordSetDateTime": 1718764060, "passwordNeverExpires": true, "osVersion": "Windows Server 2022 Standard Evaluation", "privileged": true, "userDisplayName": "vmanda", "passwordExpirationDateTime": 0, "osFamily": "Server", "organizationalUnit": "CN=vmanda,CN=Users,DC=vman,DC=com", "additionalProperties": "@{AccountType=Domain; CreationMethod=AutoDetected}", "platformTypeAccountProperties": "@{SID=S-1-5-21-859712872-1750767134-752027284-1104}", "numberOfDependencies": 0 }, ... ] } --- $false if failed #> function Get-VPASAllDiscoveredAccounts{ [OutputType([bool],'System.Collections.Hashtable')] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000" } $output = @{ count = 0 value = "" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $response.count $output.value = $response.value $nextlink = $response.nextLink while(![String]::IsNullOrEmpty($nextlink)){ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/$nextlink" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/$nextlink" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $newresponse.count $output.value += $newresponse.value $nextlink = $newresponse.nextLink } $result = $output $outputlog = $result | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $result }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET ALL DISCOVERED ACCOUNTS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |