public/Get-VPASEPVUserDetails.ps1
|
<#
.Synopsis GET EPV USER DETAILS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET EPV USER(s) DETAILS .LINK https://vpasmodule.com/commands/Get-VPASEPVUserDetails .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER EPVUsername Query for the target EPVUser via Username .PARAMETER EPVUserID Query for the target EPVUser via UserID .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $EPVUserDetailsJSON = Get-VPASEPVUserDetails -EPVUsername {EPVUSERNAME VALUE} .EXAMPLE $EPVUserDetailsJSON = Get-VPASEPVUserDetails -EPVUserID {EPVUSERID VALUE} .EXAMPLE $InputParameters = @{ EPVUsername = "targetEPVUsername" } $EPVUserDetailsJSON = Get-VPASEPVUserDetails -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ EPVUserID = "55" } $EPVUserDetailsJSON = Get-VPASEPVUserDetails -InputParameters $InputParameters .OUTPUTS If successful: { "enableUser": true, "changePassOnNextLogon": false, "expiryDate": null, "suspended": false, "lastSuccessfulLoginDate": 1723868229, "unAuthorizedInterfaces": [ ], "authenticationMethod": [ ], "passwordNeverExpires": false, "distinguishedName": "", "description": "", "businessAddress": { "workStreet": "", "workCity": "", "workState": "", "workZip": "", "workCountry": "" }, "internet": { "homePage": "", "homeEmail": "", "businessEmail": "vadim.melamed@vman.com", "otherEmail": "" }, "phones": { "homeNumber": "", "businessNumber": "1234567890", "cellularNumber": "", "faxNumber": "", "pagerNumber": "" }, "personalDetails": { "street": "", "city": "", "state": "", "zip": "", "country": "", "title": "", "organization": "", "department": "", "profession": "", "firstName": "Vadim", "middleName": "", "lastName": "Melamed" }, "id": 41, "username": "vadim@vman.com", "source": "CyberArk", "userType": "EPVUser", "componentUser": false, "groupsMembership": [ { "groupID": 28, "groupName": "Everybody", "groupType": "Vault" }, { "groupID": 40, "groupName": "Privilege Cloud Administrators", "groupType": "Vault" }, { "groupID": 82, "groupName": "TestingNewAuth", "groupType": "Vault" } ], "vaultAuthorization": [ "AddUpdateUsers", "AddSafes", "ManageServerFileCategories", "AuditUsers", "ResetUsersPasswords", "ActivateUsers" ], "location": "\\" } --- $false if failed #> function Get-VPASEPVUserDetails{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUsername (for example: vman)")] [String]$EPVUsername, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUserID (for example: 55)")] [String]$EPVUserID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("EPVUsername") MandatoryKeys = @("EPVUsername") } set2 = @{ AcceptableKeys = @("EPVUserID") MandatoryKeys = @("EPVUserID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE EPV USER DETAILS" Write-VPASOutput -str $_ -type E return $false } try{ if($EPVUsername){ $LookupBy = "Username" $LookupVal = $EPVUsername } if($EPVUserID){ $LookupBy = "UserID" $LookupVal = $EPVUserID } if($LookupBy -eq "Username"){ Write-Verbose "INVOKING HELPER FUNCTION" $searchQuery = "$LookupVal" $UserID = Get-VPASEPVUserIDHelper -token $token -username $searchQuery } elseif($LookupBy -eq "UserID"){ Write-Verbose "SUPPLIED USERID: $LookupVal, SKIPPING HELPER FUNCTION" $UserID = $LookupVal } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Users/$UserID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Users/$UserID" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD Write-Verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $outputlog = $response $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN Write-Verbose "SUCCESSFULLY RETRIEVED DETAILS FOR $LookupBy : $LookupVal" Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO RETRIEVE DETAILS FOR $LookupBy : $LookupVal" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |