public/Invoke-VPASReporting.ps1
|
<#
.Synopsis RUN VARIOUS REPORTS FROM CYBERARK CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO GENERATE VARIOUS REPORTS FROM CYBERARK .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER ReportType Specify which report will be run Possible values: SafeContent, SafeMembers, PlatformDetails, EPVUsers .PARAMETER ReportFormat Specify what format the report output should be Possible values: CSV, JSON, TXT, HTML, XML, ALL .PARAMETER OutputDirectory Where to place the newly generated report .PARAMETER WildCardSearch Treat the searchquery as a wildcard search (*searchquery*) instead of a single value .PARAMETER IncludePredefinedSafeMembers Include built in safe members when reporting on safe members .PARAMETER Confirm Skip the confirmation prompt to continue regardless on the size of the environment .PARAMETER Limit Upper estimate of the amount of the amount of safes in the environment Round to the nearest 1000th to capture all safes .PARAMETER HideOutput Suppress any output to the console .EXAMPLE $VReporting = Invoke-VPASReporting -ReportType {REPORTTYPE VALUE} -ReportFormat {REPORTFORMAT VALUE} -SearchQuery {SEARCHQUERY VALUE} -OutputDirectory {OUTPUTDIRECTORY VALUE} .OUTPUTS $true if successful $false if failed #> function Invoke-VPASReporting{ [OutputType([bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter ReportType to be generated (SafeContent, SafeMembers, PlatformDetails, EPVUsers)",Position=0)] [ValidateSet('SafeContent','SafeMembers','PlatformDetails','EPVUsers')] [String]$ReportType, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter ReportOutput type (CSV, JSON, TXT, HTML, XML, ALL)",Position=1)] [ValidateSet('CSV','JSON','TXT','HTML','XML','ALL')] [String]$ReportFormat, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [String]$OutputDirectory, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$SearchQuery, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$WildCardSearch, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [Switch]$IncludePredefinedSafeMembers, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [Switch]$Confirm, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$Limit, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [Switch]$HideOutput, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED REPORTTYPE VALUE: $ReportType" Write-Verbose "SUCCESSFULLY PARSED REPORTFORMAT VALUE: $ReportFormat" try{ if([String]::IsNullOrEmpty($OutputDirectory)){ $curUser = $env:UserName $OutputDirectory = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Reports" Write-Verbose "NO OUTPUT DIRECTORY SUPPLIED, USING DEFAULT LOCATION: $OutputDirectory" if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ write-verbose "$OutputDirectory DOES NOT EXIST, CREATING DIRECTORY" $MakeDirectory = New-Item -Path $OutputDirectory -Type Directory } } else{ if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ $curUser = $env:UserName $OutputDirectory = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Reports" write-verbose "$OutputDirectory DOES NOT EXIST, USING DEFAULT LOCATION: $OutputDirectory" if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ $MakeDirectory = New-Item -Path $OutputDirectory -Type Directory } } } if($ReportType -eq "SafeContent"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO SAFENAME SUPPLIED, ENTER SAFENAME (To report on all safes type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET SAFE(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Safes, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if([String]::IsNullOrEmpty($Limit)){ Write-VPASOutput -str "NO LIMIT SUPPLIED, DEFAULT SAFE LIMIT IS 25. ENTER UPPER LIMIT AMOUNT OF SAFES: " -type Y $Limit = Read-Host } if($NoSSL){ $Safes = Get-VPASSafes -token $token -searchQuery " " -limit $Limit } else{ $Safes = Get-VPASSafes -token $token -searchQuery " " -limit $Limit } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } } else{ if($NoSSL){ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery -limit $Limit } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } else{ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery -limit $Limit } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } } $Data = @{} $counter = 1 $uniqueIDs = @() Write-Verbose "QUERYING CYBERARK FOR ACCOUNTS IN TARGET SAFE(S)" foreach($safe in $TargetSafes){ if($NoSSL){ $FoundAccounts = Get-VPASAccountDetails -token $token -safe $safe -HideWarnings } else{ $FoundAccounts = Get-VPASAccountDetails -token $token -safe $safe -HideWarnings } if(!$FoundAccounts){ if(!$HideOutput){ Write-VPASOutput -str "NO ACCOUNTS FOUND IN SAFE: $safe" -type M } Write-Verbose "NO ACCOUNTS FOUND IN SAFE: $safe" } else{ foreach($rec in $FoundAccounts.value){ $temparr = @{} $AcctID = $rec.id $AcctName = $rec.name $AcctAddress = $rec.address $AcctUsername = $rec.userName $AcctPlatformID = $rec.platformId $AcctSafename = $rec.safeName $AcctSecretType = $rec.secretType $AcctAutomaticManagementEnabled = $rec.secretManagement.automaticManagementEnabled $AcctAutomaticManagementEnabledReason = $rec.secretManagement.manualManagementReason $AcctStatus = $rec.secretManagement.status if([String]::IsNullOrEmpty($AcctStatus)){ $AcctStatus = "NoError" } $EpochTime = $rec.secretManagement.lastModifiedTime $AcctLastModifiedTime = (([System.DateTimeOffset]::FromUnixTimeSeconds($EpochTime)).DateTime.toLocalTime()).ToString() $CreatedTime = $rec.createdTime $AcctCreatedTime = (([System.DateTimeOffset]::FromUnixTimeSeconds($CreatedTime)).DateTime.toLocalTime()).ToString() if($SearchQuery -eq "all"){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } else{ if($WildCardSearch){ if($AcctSafename -match $SearchQuery){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } } else{ if($AcctSafename -eq $SearchQuery){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } } } } } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $temphash = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $str += "AcctID: $AcctID`r`n" $str += "AcctName: $AcctName`r`n" $str += "AcctAddress: $AcctAddress`r`n" $str += "AcctUsername: $AcctUsername`r`n" $str += "AcctPlatformID: $AcctPlatformID`r`n" $str += "AcctSafename: $AcctSafename`r`n" $str += "AcctSecretType: $AcctSecretType`r`n" $str += "AcctAutomaticManagementEnabled: $AcctAutomaticManagementEnabled`r`n" $str += "AcctAutomaticManagementEnabledReason: $AcctAutomaticManagementEnabledReason`r`n" $str += "AcctStatus: $AcctStatus`r`n" $str += "AcctLastModifiedTime: $AcctLastModifiedTime`r`n" $str += "AcctCreatedTime: $AcctCreatedTime`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.csv" write-output "ID,Name,Address,Username,PlatformID,SafeName,SecretType,AutomaticManagementEnabled,AutomaticManagementEnabledReason,Status,LastModifiedTime,CreatedTime" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $str = "$AcctID,$AcctName,$AcctAddress,$AcctUsername,$AcctPlatformID,$AcctSafename,$AcctSecretType,$AcctAutomaticManagementEnabled,$AcctAutomaticManagementEnabledReason,$AcctStatus,$AcctLastModifiedTime,$AcctCreatedTime" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "SafeMembers"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO SAFENAME SUPPLIED, ENTER SAFENAME (To report on all safes type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET SAFE(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Safes, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if([String]::IsNullOrEmpty($Limit)){ Write-VPASOutput -str "NO LIMIT SUPPLIED, DEFAULT SAFE LIMIT IS 25. ENTER UPPER LIMIT AMOUNT OF SAFES: " -type Y $Limit = Read-Host } if($NoSSL){ $Safes = Get-VPASSafes -token $token -searchQuery " " -limit $Limit } else{ $Safes = Get-VPASSafes -token $token -searchQuery " " -limit $Limit } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } } else{ if($NoSSL){ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery -limit $Limit } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } else{ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery -limit $Limit } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } } $Data = @{} $counter = 1 Write-Verbose "QUERYING CYBERARK FOR SAFE MEMBERS IN TARGET SAFE(S)" foreach($safe in $TargetSafes){ if($NoSSL){ if($IncludePredefinedSafeMembers){ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers } else{ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe } } else{ if($IncludePredefinedSafeMembers){ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers } else{ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe } } if(!$FoundMembers){ if(!$HideOutput){ Write-VPASOutput -str "NO SAFE MEMBERS FOUND IN SAFE: $safe" -type M } Write-Verbose "NO SAFE MEMBERS FOUND IN SAFE: $safe" } else{ foreach($rec in $FoundMembers.value){ $temparr = @{} $SMSafe = $rec.safeName $SMSafeID = $rec.safeNumber $SMMemberID = $rec.memberId $SMMemberName = $rec.memberName $SMMemberType = $rec.memberType $SMMembershipExpirationDate = $rec.membershipExpirationDate $SMIsExpiredMembershipEnable = $rec.isExpiredMembershipEnable $SMIsPredefinedUser = $rec.isPredefinedUser $SMUseAccounts = $rec.permissions.useAccounts $SMRetrieveAccounts = $rec.permissions.retrieveAccounts $SMListAccounts = $rec.permissions.listAccounts $SMAddAccounts = $rec.permissions.addAccounts $SMUpdateAccountContent = $rec.permissions.updateAccountContent $SMUpdateAccountProperties = $rec.permissions.updateAccountProperties $SMInitiateCPMAccountManagementOperations = $rec.permissions.initiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $rec.permissions.specifyNextAccountContent $SMRenameAccounts = $rec.permissions.renameAccounts $SMDeleteAccounts = $rec.permissions.deleteAccounts $SMUnlockAccounts = $rec.permissions.unlockAccounts $SMManageSafe = $rec.permissions.manageSafe $SMManageSafeMembers = $rec.permissions.manageSafeMembers $SMBackupSafe = $rec.permissions.backupSafe $SMViewAuditLog = $rec.permissions.viewAuditLog $SMViewSafeMembers = $rec.permissions.viewSafeMembers $SMAccessWithoutConfirmation = $rec.permissions.accessWithoutConfirmation $SMCreateFolders = $rec.permissions.createFolders $SMDeleteFolders = $rec.permissions.deleteFolders $SMMoveAccountsAndFolders = $rec.permissions.moveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $rec.permissions.requestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $rec.permissions.requestsAuthorizationLevel2 $temparr = @{ SMSafeName = $SMSafe SMSafeID = $SMSafeID SMMemberId = $SMMemberID SMMemberName = $SMMemberName SMMemberType = $SMMemberType SMMembershipExpirationDate = $SMMembershipExpirationDate SMIsExpiredMembershipEnable = $SMIsExpiredMembershipEnable SMIsPredefinedUser = $SMIsPredefinedUser SMUseAccounts = $SMUseAccounts SMRetrieveAccounts = $SMRetrieveAccounts SMListAccounts = $SMListAccounts SMAddAccounts = $SMAddAccounts SMUpdateAccountContent = $SMUpdateAccountContent SMUpdateAccountProperties = $SMUpdateAccountProperties SMInitiateCPMAccountManagementOperations = $SMInitiateCPMAccountManagementOperations SMSpecifyNextAccountContent = $SMSpecifyNextAccountContent SMRenameAccounts = $SMRenameAccounts SMDeleteAccounts = $SMDeleteAccounts SMUnlockAccounts = $SMUnlockAccounts SMManageSafe = $SMManageSafe SMManageSafeMembers = $SMManageSafeMembers SMBackupSafe = $SMBackupSafe SMViewAuditLog = $SMViewAuditLog SMViewSafeMembers = $SMViewSafeMembers SMAccessWithoutConfirmation = $SMAccessWithoutConfirmation SMCreateFolders = $SMCreateFolders SMDeleteFolders = $SMDeleteFolders SMMoveAccountsAndFolders = $SMMoveAccountsAndFolders SMRequestsAuthorizationLevel1 = $SMRequestsAuthorizationLevel1 SMRequestsAuthorizationLevel2 = $SMRequestsAuthorizationLevel2 } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $temphash = @{ SafeName = $SMSafe SafeID = $SMSafeID MemberId = $SMMemberID MemberName = $SMMemberName MemberType = $SMMemberType MembershipExpirationDate = $SMMembershipExpirationDate IsExpiredMembershipEnable = $SMIsExpiredMembershipEnable IsPredefinedUser = $SMIsPredefinedUser UseAccounts = $SMUseAccounts RetrieveAccounts = $SMRetrieveAccounts ListAccounts = $SMListAccounts AddAccounts = $SMAddAccounts UpdateAccountContent = $SMUpdateAccountContent UpdateAccountProperties = $SMUpdateAccountProperties InitiateCPMAccountManagementOperations = $SMInitiateCPMAccountManagementOperations SpecifyNextAccountContent = $SMSpecifyNextAccountContent RenameAccounts = $SMRenameAccounts DeleteAccounts = $SMDeleteAccounts UnlockAccounts = $SMUnlockAccounts ManageSafe = $SMManageSafe ManageSafeMembers = $SMManageSafeMembers BackupSafe = $SMBackupSafe ViewAuditLog = $SMViewAuditLog ViewSafeMembers = $SMViewSafeMembers AccessWithoutConfirmation = $SMAccessWithoutConfirmation CreateFolders = $SMCreateFolders DeleteFolders = $SMDeleteFolders MoveAccountsAndFolders = $SMMoveAccountsAndFolders RequestsAuthorizationLevel1 = $SMRequestsAuthorizationLevel1 RequestsAuthorizationLevel2 = $SMRequestsAuthorizationLevel2 } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.txt" write-output "SAFE MEMBERS REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $str += "Safe: $SMSafe`r`n" $str += "SafeID: $SMSafeID`r`n" $str += "MemberID: $SMMemberID`r`n" $str += "MemberName: $SMMemberName`r`n" $str += "MemberType: $SMMemberType`r`n" $str += "MembershipExpirationDate: $SMMembershipExpirationDate`r`n" $str += "IsExpiredMembershipEnable: $SMIsExpiredMembershipEnable`r`n" $str += "IsPredefinedUser: $SMIsPredefinedUser`r`n" $str += "UseAccounts: $SMUseAccounts`r`n" $str += "RetrieveAccounts: $SMRetrieveAccounts`r`n" $str += "ListAccounts: $SMListAccounts`r`n" $str += "AddAccounts: $SMAddAccounts`r`n" $str += "UpdateAccountContent: $SMUpdateAccountContent`r`n" $str += "UpdateAccountProperties: $SMUpdateAccountProperties`r`n" $str += "InitiateCPMAccountManagementOperations: $SMInitiateCPMAccountManagementOperations`r`n" $str += "SpecifyNextAccountContent: $SMSpecifyNextAccountContent`r`n" $str += "RenameAccounts: $SMRenameAccounts`r`n" $str += "DeleteAccounts: $SMDeleteAccounts`r`n" $str += "UnlockAccounts: $SMUnlockAccounts`r`n" $str += "ManageSafe: $SMManageSafe`r`n" $str += "ManageSafeMembers: $SMManageSafeMembers`r`n" $str += "BackupSafe: $SMBackupSafe`r`n" $str += "ViewAuditLog: $SMViewAuditLog`r`n" $str += "ViewSafeMembers: $SMViewSafeMembers`r`n" $str += "AccessWithoutConfirmation: $SMAccessWithoutConfirmation`r`n" $str += "CreateFolders: $SMCreateFolders`r`n" $str += "DeleteFolders: $SMDeleteFolders`r`n" $str += "MoveAccountsAndFolders: $SMMoveAccountsAndFolders`r`n" $str += "RequestsAuthorizationLevel1: $SMRequestsAuthorizationLevel1`r`n" $str += "RequestsAuthorizationLevel2: $SMRequestsAuthorizationLevel2`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.csv" write-output "SafeName,SafeID,MemberID,MemberName,MemberType,MembershipExpirationDate,IsExpiredMembershipEnabled,IsPredefinedUser,UseAccounts,RetrieveAccounts,ListAccounts,AddAccounts,UpdateAccountContent,UpdateAccountProperties,InitiateCPMAccountManagementOperations,SpecifyNextAccountContent,RenameAccounts,DeleteAccounts,UnlockAccounts,ManageSafe,ManageSafeMembers,BackupSafe,ViewAuditLog,ViewSafeMembers,AccessWithoutConfirmation,CreateFolders,DeleteFolders,MoveAccountsAndFolders,RequestsAuthorizationLevel1,RequestsAuthorizationLevel2" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $str = "$SMSafe,$SMSafeID,$SMMemberID,$SMMemberName,$SMMemberType,$SMMembershipExpirationDate,$SMIsExpiredMembershipEnable,$SMIsPredefinedUser,$SMUseAccounts,$SMRetrieveAccounts,$SMListAccounts,$SMAddAccounts,$SMUpdateAccountContent,$SMUpdateAccountProperties,$SMInitiateCPMAccountManagementOperations,$SMSpecifyNextAccountContent,$SMRenameAccounts,$SMDeleteAccounts,$SMUnlockAccounts,$SMManageSafe,$SMManageSafeMembers,$SMBackupSafe,$SMViewAuditLog,$SMViewSafeMembers,$SMAccessWithoutConfirmation,$SMCreateFolders,$SMDeleteFolders,$SMMoveAccountsAndFolders,$SMRequestsAuthorizationLevel1,$SMRequestsAuthorizationLevel2" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "PlatformDetails"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO PLATFORMID SUPPLIED, ENTER PLATFORMID (To report on all active platforms type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET PLATFORM(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Platforms, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if($NoSSL){ $uri = "http://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } else{ $uri = "https://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } else{ if($NoSSL){ if($WildCardSearch){ $response = Get-VPASPlatformDetailsSearch -token $token -SearchQuery "$SearchQuery" $AllPlatforms = $response.value } else{ $uri = "http://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.general.id $recname = $rec.general.name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } else{ if($WildCardSearch){ $response = Get-VPASPlatformDetailsSearch -token $token -SearchQuery "$SearchQuery" $AllPlatforms = $response.value } else{ $uri = "https://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.general.id $recname = $rec.general.name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } } $Data = @{} $counter = 1 foreach($platform in $AllPlatforms){ $temparr = @{} $PFGeneralID = $platform.general.id $PFGeneralName = $platform.general.name $PFGeneralSystemType = $platform.general.systemType $PFGeneralActive = $platform.general.active $PFGeneralDescription = $platform.general.description $PFGeneralPlatformBaseID = $platform.general.platformBaseID $PFGeneralPlatformType = $platform.general.platformType $str = "" $PFPropertiesRequiredTemp = $platform.properties.required foreach($rec in $PFPropertiesRequiredTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFPropertiesRequired = $str $str = "" $PFPropertiesOptionalTemp = $platform.properties.optional foreach($rec in $PFPropertiesOptionalTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFPropertiesOptional = $str $str = "" $PFLinkedAccountsTemp = $platform.linkedAccounts foreach($rec in $PFLinkedAccountsTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFLinkedAccounts = $str $PFCredentialsManagementAllowedSafes = $platform.credentialsManagement.allowedSafes $PFCredentialsManagementAllowManualChange = $platform.credentialsManagement.allowManualChange $PFCredentialsManagementPerformPeriodicChange = $platform.credentialsManagement.performPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $platform.credentialsManagement.requirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $platform.credentialsManagement.allowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $platform.credentialsManagement.performPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $platform.credentialsManagement.requirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $platform.credentialsManagement.allowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $platform.credentialsManagement.automaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $platform.sessionManagement.requirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $platform.sessionManagement.recordAndSaveSessionActivity $PFSessionManagementPSMServerID = $platform.sessionManagement.PSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $platform.privilegedAccessWorkflows.requireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $platform.privilegedAccessWorkflows.enforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $platform.privilegedAccessWorkflows.enforceOnetimePasswordAccess $PFConnectionComponents = "" if($NoSSL){ $response2 = Get-VPASPSMSettingsByPlatformID -token $token -PlatformID $PFGeneralID } else{ $response2 = Get-VPASPSMSettingsByPlatformID -token $token -PlatformID $PFGeneralID } $AllConnectionComponents = $response2.PSMConnectors foreach($cc in $AllConnectionComponents){ $ccName = $cc.PSMConnectorID $ccStatus = $cc.Enabled if($ccStatus.ToString() -eq "True"){ $PFConnectionComponents += "$ccName(ACTIVE);" } else{ $PFConnectionComponents += "$ccName(DISABLED);" } } #GET OTHER HALF OF PLATFORM PROPERTIES $PFSearchForUsages = "" $PFPolicyType = "" $PFImmediateInterval = "" $PFInterval = "" $PFMaxConcurrentConnections = "" $PFMinValidityPeriod = "" $PFResetOveridesMinValidity = "" $PFResetOveridesTimeFrame = "" $PFTimeout = "" $PFUnlockIfFail = "" $PFUnrecoverableErrors = "" $PFMaximumRetries = "" $PFMinDelayBetweenRetries = "" $PFDllName = "" $PFXMLFile = "" $PFHeadStartInterval = "" $PFFromHour = "" $PFToHour = "" $PFChangeNotificationPeriod = "" $PFDaysNotifyPriorExpiration = "" $PFVFFromHour = "" $PFVFToHour = "" $PFRCReconcileReasons = "" $PFRCFromHour = "" $PFRCToHour = "" $PFNFNotifyPriorExpiration = "" $PFNFPriorExpirationRecipients = "" $PFNFNotifyOnPasswordDisable = "" $PFNFOnPasswordDisableRecipients = "" $PFNFNotifyOnVerificationErrors = "" $PFNFOnVerificationErrorsRecipients = "" $PFNFNotifyOnPasswordUsed = "" $PFNFOnPasswordUsedRecipients = "" $PFPasswordLength = "" $PFMinUpperCase = "" $PFMinLowerCase = "" $PFMinDigit = "" $PFMinSpecial = "" $PFPasswordLevelRequestTimeframe = "" $MoreDetails = Get-VPASPlatformDetails -platformID $PFGeneralID -token $token if($MoreDetails){ $PFSearchForUsages = $MoreDetails.details.SearchForUsages $PFPolicyType = $MoreDetails.details.PolicyType $PFImmediateInterval = $MoreDetails.details.ImmediateInterval $PFInterval = $MoreDetails.details.Interval $PFMaxConcurrentConnections = $MoreDetails.details.MaxConcurrentConnections $PFMinValidityPeriod = $MoreDetails.details.MinValidityPeriod $PFResetOveridesMinValidity = $MoreDetails.details.ResetOveridesMinValidity $PFResetOveridesTimeFrame = $MoreDetails.details.ResetOveridesTimeFrame $PFTimeout = $MoreDetails.details.Timeout $PFUnlockIfFail = $MoreDetails.details.UnlockIfFail $PFUnrecoverableErrors = $MoreDetails.details.UnrecoverableErrors $PFMaximumRetries = $MoreDetails.details.MaximumRetries $PFMinDelayBetweenRetries = $MoreDetails.details.MinDelayBetweenRetries $PFDllName = $MoreDetails.details.DllName $PFXMLFile = $MoreDetails.details.XMLFile $PFHeadStartInterval = $MoreDetails.details.HeadStartInterval $PFFromHour = $MoreDetails.details.FromHour $PFToHour = $MoreDetails.details.ToHour $PFChangeNotificationPeriod = $MoreDetails.details.ChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $MoreDetails.details.DaysNotifyPriorExpiration $PFVFFromHour = $MoreDetails.details.VFFromHour $PFVFToHour = $MoreDetails.details.VFToHour $PFRCReconcileReasons = $MoreDetails.details.RCReconcileReasons $PFRCFromHour = $MoreDetails.details.RCFromHour $PFRCToHour = $MoreDetails.details.RCToHour $PFNFNotifyPriorExpiration = $MoreDetails.details.NFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $MoreDetails.details.NFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $MoreDetails.details.NFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $MoreDetails.details.NFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $MoreDetails.details.NFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $MoreDetails.details.NFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $MoreDetails.details.NFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $MoreDetails.details.NFOnPasswordUsedRecipients $PFPasswordLength = $MoreDetails.details.PasswordLength $PFMinUpperCase = $MoreDetails.details.MinUpperCase $PFMinLowerCase = $MoreDetails.details.MinLowerCase $PFMinDigit = $MoreDetails.details.MinDigit $PFMinSpecial = $MoreDetails.details.MinSpecial $PFPasswordLevelRequestTimeframe = $MoreDetails.details.PasswordLevelRequestTimeframe } $temparr = @{ PFGeneralID = "`"$PFGeneralID`"" PFGeneralName = "`"$PFGeneralName`"" PFGeneralSystemType = "`"$PFGeneralSystemType`"" PFGeneralActive = "`"$PFGeneralActive`"" PFGeneralDescription = "`"$PFGeneralDescription`"" PFGeneralPlatformBaseID = "`"$PFGeneralPlatformBaseID`"" PFGeneralPlatformType = "`"$PFGeneralPlatformType`"" PFPropertiesRequired = "`"$PFPropertiesRequired`"" PFPropertiesOptional = "`"$PFPropertiesOptional`"" PFLinkedAccounts = "`"$PFLinkedAccounts`"" PFCredentialsManagementAllowedSafes = "`"$PFCredentialsManagementAllowedSafes`"" PFCredentialsManagementAllowManualChange = "`"$PFCredentialsManagementAllowManualChange`"" PFCredentialsManagementPerformPeriodicChange = "`"$PFCredentialsManagementPerformPeriodicChange`"" PFCredentialsManagementRequirePasswordChangeEveryXDays = "`"$PFCredentialsManagementRequirePasswordChangeEveryXDays`"" PFCredentialsManagementAllowManualVerification = "`"$PFCredentialsManagementAllowManualVerification`"" PFCredentialsManagementPerformPeriodicVerification = "`"$PFCredentialsManagementPerformPeriodicVerification`"" PFCredentialsManagementRequirePasswordVerificationEveryXDays = "`"$PFCredentialsManagementRequirePasswordVerificationEveryXDays`"" PFCredentialsManagementAllowManualReconciliation = "`"$PFCredentialsManagementAllowManualReconciliation`"" PFCredentialsManagementAutomaticReconcileWhenUnsynched = "`"$PFCredentialsManagementAutomaticReconcileWhenUnsynched`"" PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = "`"$PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation`"" PFSessionManagementRecordAndSaveSessionActivity = "`"$PFSessionManagementRecordAndSaveSessionActivity`"" PFSessionManagementPSMServerID = "`"$PFSessionManagementPSMServerID`"" PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = "`"$PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval`"" PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = "`"$PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess`"" PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = "`"$PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess`"" PFConnectionComponents = "`"$PFConnectionComponents`"" PFSearchForUsages = "`"$PFSearchForUsages`"" PFPolicyType = "`"$PFPolicyType`"" PFImmediateInterval = "`"$PFImmediateInterval`"" PFInterval = "`"$PFInterval`"" PFMaxConcurrentConnections = "`"$PFMaxConcurrentConnections`"" PFMinValidityPeriod = "`"$PFMinValidityPeriod`"" PFResetOveridesMinValidity = "`"$PFResetOveridesMinValidity`"" PFResetOveridesTimeFrame = "`"$PFResetOveridesTimeFrame`"" PFTimeout = "`"$PFTimeout`"" PFUnlockIfFail = "`"$PFUnlockIfFail`"" PFUnrecoverableErrors = "`"$PFUnrecoverableErrors`"" PFMaximumRetries = "`"$PFMaximumRetries`"" PFMinDelayBetweenRetries = "`"$PFMinDelayBetweenRetries`"" PFDllName = "`"$PFDllName`"" PFXMLFile = "`"$PFXMLFile`"" PFHeadStartInterval = "`"$PFHeadStartInterval`"" PFFromHour = "`"$PFFromHour`"" PFToHour = "`"$PFToHour`"" PFChangeNotificationPeriod = "`"$PFChangeNotificationPeriod`"" PFDaysNotifyPriorExpiration = "`"$PFDaysNotifyPriorExpiration`"" PFVFFromHour = "`"$PFVFFromHour`"" PFVFToHour = "`"$PFVFToHour`"" PFRCReconcileReasons = "`"$PFRCReconcileReasons`"" PFRCFromHour = "`"$PFRCFromHour`"" PFRCToHour = "`"$PFRCToHour`"" PFNFNotifyPriorExpiration = "`"$PFNFNotifyPriorExpiration`"" PFNFPriorExpirationRecipients = "`"$PFNFPriorExpirationRecipients`"" PFNFNotifyOnPasswordDisable = "`"$PFNFNotifyOnPasswordDisable`"" PFNFOnPasswordDisableRecipients = "`"$PFNFOnPasswordDisableRecipients`"" PFNFNotifyOnVerificationErrors = "`"$PFNFNotifyOnVerificationErrors`"" PFNFOnVerificationErrorsRecipients = "`"$PFNFOnVerificationErrorsRecipients`"" PFNFNotifyOnPasswordUsed = "`"$PFNFNotifyOnPasswordUsed`"" PFNFOnPasswordUsedRecipients = "`"$PFNFOnPasswordUsedRecipients`"" PFPasswordLength = "`"$PFPasswordLength`"" PFMinUpperCase = "`"$PFMinUpperCase`"" PFMinLowerCase = "`"$PFMinLowerCase`"" PFMinDigit = "`"$PFMinDigit`"" PFMinSpecial = "`"$PFMinSpecial`"" PFPasswordLevelRequestTimeframe = "`"$PFPasswordLevelRequestTimeframe`"" } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $temphash = @{ PFGeneralID = $PFGeneralID PFGeneralName = $PFGeneralName PFGeneralSystemType = $PFGeneralSystemType PFGeneralActive = $PFGeneralActive PFGeneralDescription = $PFGeneralDescription PFGeneralPlatformBaseID = $PFGeneralPlatformBaseID PFGeneralPlatformType = $PFGeneralPlatformType PFPropertiesRequired = $PFPropertiesRequired PFPropertiesOptional = $PFPropertiesOptional PFLinkedAccounts = $PFLinkedAccounts PFCredentialsManagementAllowedSafes = $PFCredentialsManagementAllowedSafes PFCredentialsManagementAllowManualChange = $PFCredentialsManagementAllowManualChange PFCredentialsManagementPerformPeriodicChange = $PFCredentialsManagementPerformPeriodicChange PFCredentialsManagementRequirePasswordChangeEveryXDays = $PFCredentialsManagementRequirePasswordChangeEveryXDays PFCredentialsManagementAllowManualVerification = $PFCredentialsManagementAllowManualVerification PFCredentialsManagementPerformPeriodicVerification = $PFCredentialsManagementPerformPeriodicVerification PFCredentialsManagementRequirePasswordVerificationEveryXDays = $PFCredentialsManagementRequirePasswordVerificationEveryXDays PFCredentialsManagementAllowManualReconciliation = $PFCredentialsManagementAllowManualReconciliation PFCredentialsManagementAutomaticReconcileWhenUnsynched = $PFCredentialsManagementAutomaticReconcileWhenUnsynched PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation PFSessionManagementRecordAndSaveSessionActivity = $PFSessionManagementRecordAndSaveSessionActivity PFSessionManagementPSMServerID = $PFSessionManagementPSMServerID PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess PFConnectionComponents = $PFConnectionComponents PFSearchForUsages = $PFSearchForUsages PFPolicyType = $PFPolicyType PFImmediateInterval = $PFImmediateInterval PFInterval = $PFInterval PFMaxConcurrentConnections = $PFMaxConcurrentConnections PFMinValidityPeriod = $PFMinValidityPeriod PFResetOveridesMinValidity = $PFResetOveridesMinValidity PFResetOveridesTimeFrame = $PFResetOveridesTimeFrame PFTimeout = $PFTimeout PFUnlockIfFail = $PFUnlockIfFail PFUnrecoverableErrors = $PFUnrecoverableErrors PFMaximumRetries = $PFMaximumRetries PFMinDelayBetweenRetries = $PFMinDelayBetweenRetries PFDllName = $PFDllName PFXMLFile = $PFXMLFile PFHeadStartInterval = $PFHeadStartInterval PFFromHour = $PFFromHour PFToHour = $PFToHour PFChangeNotificationPeriod = $PFChangeNotificationPeriod PFDaysNotifyPriorExpiration = $PFDaysNotifyPriorExpiration PFVFFromHour = $PFVFFromHour PFVFToHour = $PFVFToHour PFRCReconcileReasons = $PFRCReconcileReasons PFRCFromHour = $PFRCFromHour PFRCToHour = $PFRCToHour PFNFNotifyPriorExpiration = $PFNFNotifyPriorExpiration PFNFPriorExpirationRecipients = $PFNFPriorExpirationRecipients PFNFNotifyOnPasswordDisable = $PFNFNotifyOnPasswordDisable PFNFOnPasswordDisableRecipients = $PFNFOnPasswordDisableRecipients PFNFNotifyOnVerificationErrors = $PFNFNotifyOnVerificationErrors PFNFOnVerificationErrorsRecipients = $PFNFOnVerificationErrorsRecipients PFNFNotifyOnPasswordUsed = $PFNFNotifyOnPasswordUsed PFNFOnPasswordUsedRecipients = $PFNFOnPasswordUsedRecipients PFPasswordLength = $PFPasswordLength PFMinUpperCase = $PFMinUpperCase PFMinLowerCase = $PFMinLowerCase PFMinDigit = $PFMinDigit PFMinSpecial = $PFMinSpecial PFPasswordLevelRequestTimeframe = $PFPasswordLevelRequestTimeframe } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $str += "ID: $PFGeneralID`r`n" $str += "Name: $PFGeneralName`r`n" $str += "SystemType: $PFGeneralSystemType`r`n" $str += "Active: $PFGeneralActive`r`n" $str += "Description: $PFGeneralDescription`r`n" $str += "PlatformBaseID: $PFGeneralPlatformBaseID`r`n" $str += "PlatformType: $PFGeneralPlatformType`r`n" $str += "PropertiesRequired: $PFPropertiesRequired`r`n" $str += "PropertiesOptional: $PFPropertiesOptional`r`n" $str += "LinkedAccounts: $PFLinkedAccounts`r`n" $str += "AllowedSafes: $PFCredentialsManagementAllowedSafes`r`n" $str += "AllowManualChange: $PFCredentialsManagementAllowManualChange`r`n" $str += "PerformPeriodicChange: $PFCredentialsManagementPerformPeriodicChange`r`n" $str += "RequirePasswordChangeEveryXDays: $PFCredentialsManagementRequirePasswordChangeEveryXDays`r`n" $str += "AllowManualVerification: $PFCredentialsManagementAllowManualVerification`r`n" $str += "PerformPeriodicVerification: $PFCredentialsManagementPerformPeriodicVerification`r`n" $str += "RequirePasswordVerificationEveryXDays: $PFCredentialsManagementRequirePasswordVerificationEveryXDays`r`n" $str += "AllowManualReconciliation: $PFCredentialsManagementAllowManualReconciliation`r`n" $str += "AutomaticReconcileWhenUnsynched: $PFCredentialsManagementAutomaticReconcileWhenUnsynched`r`n" $str += "RequirePrivilegedSessionMonitoringAndIsolation: $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation`r`n" $str += "RecordAndSaveSessionActivity: $PFSessionManagementRecordAndSaveSessionActivity`r`n" $str += "PSMServerID: $PFSessionManagementPSMServerID`r`n" $str += "RequireDualControlPasswordAccessApproval: $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval`r`n" $str += "EnforceCheckinCheckoutExclusiveAccess: $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess`r`n" $str += "EnforceOnetimePasswordAccess: $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess`r`n" $str += "ConnectionComponents: $PFConnectionComponents`r`n" $str += "SearchForUsages: $PFSearchForUsages`r`n" $str += "PolicyType: $PFPolicyType`r`n" $str += "ImmediateInterval: $PFImmediateInterval`r`n" $str += "Interval: $PFInterval`r`n" $str += "MaxConcurrentConnections: $PFMaxConcurrentConnections`r`n" $str += "MinValidityPeriod: $PFMinValidityPeriod`r`n" $str += "ResetOveridesMinValidity: $PFResetOveridesMinValidity`r`n" $str += "ResetOveridesTimeFrame: $PFResetOveridesTimeFrame`r`n" $str += "Timeout: $PFTimeout`r`n" $str += "UnlockIfFail: $PFUnlockIfFail`r`n" $str += "UnrecoverableErrors: $PFUnrecoverableErrors`r`n" $str += "MaximumRetries: $PFMaximumRetries`r`n" $str += "MinDelayBetweenRetries: $PFMinDelayBetweenRetries`r`n" $str += "DllName: $PFDllName`r`n" $str += "XMLFile: $PFXMLFile`r`n" $str += "HeadStartInterval: $PFHeadStartInterval`r`n" $str += "FromHour: $PFFromHour`r`n" $str += "ToHour: $PFToHour`r`n" $str += "ChangeNotificationPeriod: $PFChangeNotificationPeriod`r`n" $str += "DaysNotifyPriorExpiration: $PFDaysNotifyPriorExpiration`r`n" $str += "VFFromHour: $PFVFFromHour`r`n" $str += "VFToHour: $PFVFToHour`r`n" $str += "RCReconcileReasons: $PFRCReconcileReasons`r`n" $str += "RCFromHour: $PFRCFromHour`r`n" $str += "RCToHour: $PFRCToHour`r`n" $str += "NFNotifyPriorExpiration: $PFNFNotifyPriorExpiration`r`n" $str += "NFPriorExpirationRecipients: $PFNFPriorExpirationRecipients`r`n" $str += "NFNotifyOnPasswordDisable: $PFNFNotifyOnPasswordDisable`r`n" $str += "NFOnPasswordDisableRecipients: $PFNFOnPasswordDisableRecipients`r`n" $str += "NFNotifyOnVerificationErrors: $PFNFNotifyOnVerificationErrors`r`n" $str += "NFOnVerificationErrorsRecipients: $PFNFOnVerificationErrorsRecipients`r`n" $str += "NFNotifyOnPasswordUsed: $PFNFNotifyOnPasswordUsed`r`n" $str += "NFOnPasswordUsedRecipients: $PFNFOnPasswordUsedRecipients`r`n" $str += "PasswordLength: $PFPasswordLength`r`n" $str += "MinUpperCase: $PFMinUpperCase`r`n" $str += "MinLowerCase: $PFMinLowerCase`r`n" $str += "MinDigit: $PFMinDigit`r`n" $str += "MinSpecial: $PFMinSpecial`r`n" $str += "PasswordLevelRequestTimeframe: $PFPasswordLevelRequestTimeframe`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.csv" write-output "ID,Name,SystemType,Active,Description,PlatformBaseID,PlatformType,PropertiesRequired,PropertiesOptional,LinkedAccounts,AllowedSafes,AllowManualChange,PerformPeriodicChange,RequirePasswordChangeEveryXDays,AllowManualVerification,PerformPeriodicVerification,RequirePasswordVerificationEveryXDays,AllowManualReconciliation,AutomaticReconcileWhenUnsynched,RequirePrivilegedSessionMonitoringAndIsolation,RecordAndSaveSessionActivity,PSMServerID,RequireDualControlPasswordAccessApproval,EnforceCheckinCheckoutExclusiveAccess,EnforceOnetimePasswordAccess,ConnectionComponents,SearchForUsages,PolicyType,ImmediateInterval,Interval,MaxConcurrentConnections,MinValidityPeriod,ResetOveridesMinValidity,ResetOveridesTimeFrame,Timeout,UnlockIfFail,UnrecoverableErrors,MaximumRetries,MinDelayBetweenRetries,DllName,XMLFile,HeadStartInterval,FromHour,ToHour,ChangeNotificationPeriod,DaysNotifyPriorExpiration,VFFromHour,VFToHour,RCReconcileReasons,RCFromHour,RCToHour,NFNotifyPriorExpiration,NFPriorExpirationRecipients,NFNotifyOnPasswordDisable,NFOnPasswordDisableRecipients,NFNotifyOnVerificationErrors,NFOnVerificationErrorsRecipients,NFNotifyOnPasswordUsed,NFOnPasswordUsedRecipients,PasswordLength,MinUpperCase,MinLowerCase,MinDigit,MinSpecial,PasswordLevelRequestTimeframe" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $str = "$PFGeneralID,$PFGeneralName,$PFGeneralSystemType,$PFGeneralActive,$PFGeneralDescription,$PFGeneralPlatformBaseID,$PFGeneralPlatformType,$PFPropertiesRequired,$PFPropertiesOptional,$PFLinkedAccounts,$PFCredentialsManagementAllowedSafes,$PFCredentialsManagementAllowManualChange,$PFCredentialsManagementPerformPeriodicChange,$PFCredentialsManagementRequirePasswordChangeEveryXDays,$PFCredentialsManagementAllowManualVerification,$PFCredentialsManagementPerformPeriodicVerification,$PFCredentialsManagementRequirePasswordVerificationEveryXDays,$PFCredentialsManagementAllowManualReconciliation,$PFCredentialsManagementAutomaticReconcileWhenUnsynched,$PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation,$PFSessionManagementRecordAndSaveSessionActivity,$PFSessionManagementPSMServerID,$PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval,$PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess,$PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess,$PFConnectionComponents,$PFSearchForUsages,$PFPolicyType,$PFImmediateInterval,$PFInterval,$PFMaxConcurrentConnections,$PFMinValidityPeriod,$PFResetOveridesMinValidity,$PFResetOveridesTimeFrame,$PFTimeout,$PFUnlockIfFail,$PFUnrecoverableErrors,$PFMaximumRetries,$PFMinDelayBetweenRetries,$PFDllName,$PFXMLFile,$PFHeadStartInterval,$PFFromHour,$PFToHour,$PFChangeNotificationPeriod,$PFDaysNotifyPriorExpiration,$PFVFFromHour,$PFVFToHour,$PFRCReconcileReasons,$PFRCFromHour,$PFRCToHour,$PFNFNotifyPriorExpiration,$PFNFPriorExpirationRecipients,$PFNFNotifyOnPasswordDisable,$PFNFOnPasswordDisableRecipients,$PFNFNotifyOnVerificationErrors,$PFNFOnVerificationErrorsRecipients,$PFNFNotifyOnPasswordUsed,$PFNFOnPasswordUsedRecipients,$PFPasswordLength,$PFMinUpperCase,$PFMinLowerCase,$PFMinDigit,$PFMinSpecial,$PFPasswordLevelRequestTimeframe" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "EPVUsers"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO EPVSearch SUPPLIED, ENTER EITHER AN EPVGROUP OR EPVUSER (To report on all epv users type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET EPVUSER(S) AND GROUP(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL EPVUsers, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if($NoSSL){ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $result.Users } else{ $uri = "https://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $result.Users } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO QUERY EPVUSERS" -type E Write-Verbose "UNABLE TO QUERY EPVUSERS...RETURNING FALSE" return $false } } else{ if($NoSSL){ if($WildCardSearch){ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $response.Users } else{ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output = @() foreach($rec in $response.Users){ $miniout = @{} $recid = $rec.id $recusername = $rec.username $recsource = $rec.source $recuserType = $rec.userType $reccomponentUser = $rec.componentUser $reclocation = $rec.location $recenableUser = $rec.enableUser $recsuspended = $rec.suspended $recgroupsMembership = $rec.groupsMembership $recvaultAuthorization = $rec.vaultAuthorization $recpersonalDetails = $rec.personalDetails if($recusername -eq $SearchQuery){ $miniout = @{ id = $recid username = $recusername source = $recsource userType = $recuserType componentUser = $reccomponentUser location = $reclocation enableUser = $recenableUser suspended = $recsuspended groupsMembership = $recgroupsMembership vaultAuthorization = $recvaultAuthorization personalDetails = $recpersonalDetails } $output += $miniout } } $AllUsers = $output | ConvertTo-Json $AllUsers = $AllUsers | ConvertFrom-Json } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO FIND $SearchQuery" -type E Write-Verbose "UNABLE TO FIND $SearchQuery...RETURNING FALSE" return $false } } else{ if($WildCardSearch){ $uri = "https://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $response.Users } else{ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output = @() foreach($rec in $response.Users){ $miniout = @{} $recid = $rec.id $recusername = $rec.username $recsource = $rec.source $recuserType = $rec.userType $reccomponentUser = $rec.componentUser $reclocation = $rec.location $recenableUser = $rec.enableUser $recsuspended = $rec.suspended $recgroupsMembership = $rec.groupsMembership $recvaultAuthorization = $rec.vaultAuthorization $recpersonalDetails = $rec.personalDetails if($recusername -eq $SearchQuery){ $miniout = @{ id = $recid username = $recusername source = $recsource userType = $recuserType componentUser = $reccomponentUser location = $reclocation enableUser = $recenableUser suspended = $recsuspended groupsMembership = $recgroupsMembership vaultAuthorization = $recvaultAuthorization personalDetails = $recpersonalDetails } $output += $miniout } } $AllUsers = $output | ConvertTo-Json $AllUsers = $AllUsers | ConvertFrom-Json } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO FIND $SearchQuery" -type E Write-Verbose "UNABLE TO FIND $SearchQuery...RETURNING FALSE" return $false } } } $Data = @{} $counter = 1 foreach($user in $AllUsers){ $temparr = @{} $EPVid = $user.id $EPVusername = $user.username $EPVsource = $user.source $EPVusertype = $user.userType $EPVcomponentuser = $user.componentUser $EPVlocation = $user.location $EPVenableuser = $user.enableUser $EPVsuspended = $user.suspended $EPVfirstName = $user.personalDetails.firstName $EPVmiddleName = $user.personalDetails.middleName $EPVlastName = $user.personalDetails.lastName $EPVorganization = $user.personalDetails.organization $EPVdepartment = $user.personalDetails.department $EPVgroups = "" foreach($group in $user.groupsMembership){ $EPVgroupid = $group.groupID $EPVgroupname = $group.groupName $EPVgrouptype = $group.groupType $EPVgroups += "($EPVgroupid|$EPVgroupname|$EPVgrouptype);" } $EPVAddSafes = "FALSE" $EPVAuditUsers = "FALSE" $EPVAddUpdateUsers = "FALSE" $EPVResetUsersPasswords = "FALSE" $EPVActivateUsers = "FALSE" $EPVAddNetworkAreas = "FALSE" $EPVManageDirectoryMapping = "FALSE" $EPVManageServerFileCategories = "FALSE" $EPVBackupAllSafes = "FALSE" $EPVRestoreAllSafes = "FALSE" foreach($permission in $user.vaultAuthorization){ if($permission -eq "AddSafes"){ $EPVAddSafes = "TRUE" } elseif($permission -eq "AuditUsers"){ $EPVAuditUsers = "TRUE" } elseif($permission -eq "AddUpdateUsers"){ $EPVAddUpdateUsers = "TRUE" } elseif($permission -eq "ResetUsersPasswords"){ $EPVResetUsersPasswords = "TRUE" } elseif($permission -eq "ActivateUsers"){ $EPVActivateUsers = "TRUE" } elseif($permission -eq "AddNetworkAreas"){ $EPVAddNetworkAreas = "TRUE" } elseif($permission -eq "ManageDirectoryMapping"){ $EPVManageDirectoryMapping = "TRUE" } elseif($permission -eq "ManageServerFileCategories"){ $EPVManageServerFileCategories = "TRUE" } elseif($permission -eq "BackupAllSafes"){ $EPVBackupAllSafes = "TRUE" } elseif($permission -eq "RestoreAllSafes"){ $EPVRestoreAllSafes = "TRUE" } } $temparr = @{ EPVID = $EPVid EPVUsername = $EPVusername EPVSource = $EPVsource EPVUserType = $EPVusertype EPVComponentUser = $EPVcomponentuser EPVLocation = $EPVlocation EPVEnabledUser = $EPVenableuser EPVSuspended = $EPVsuspended EPVFirstName = $EPVfirstName EPVMiddleName = $EPVmiddleName EPVLastName = $EPVlastName EPVOrganization = $EPVorganization EPVDepartment = $EPVdepartment EPVGroups = $EPVgroups EPVAddSafes = $EPVAddSafes EPVAuditUsers = $EPVAuditUsers EPVAddUpdateUsers = $EPVAddUpdateUsers EPVResetUsersPasswords = $EPVResetUsersPasswords EPVActivateUsers = $EPVActivateUsers EPVAddNetworkAreas = $EPVAddNetworkAreas EPVManageDirectoryMapping = $EPVManageDirectoryMapping EPVManageServerFileCategories = $EPVManageServerFileCategories EPVBackupAllSafes = $EPVBackupAllSafes EPVRestoreAllSafes = $EPVRestoreAllSafes } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $temphash = @{ ID = $EPVID Username = $EPVUsername Source = $EPVSource UserType = $EPVUserType ComponentUser = $EPVComponentUser Location = $EPVLocation EnabledUser = $EPVEnabledUser Suspended = $EPVSuspended FirstName = $EPVFirstName MiddleName = $EPVMiddleName LastName = $EPVLastName Organization = $EPVOrganization Department = $EPVDepartment Groups = $EPVGroups AddSafes = $EPVAddSafes AuditUsers = $EPVAuditUsers AddUpdateUsers = $EPVAddUpdateUsers ResetUsersPasswords = $EPVResetUsersPasswords ActivateUsers = $EPVActivateUsers AddNetworkAreas = $EPVAddNetworkAreas ManageDirectoryMapping = $EPVManageDirectoryMapping ManageServerFileCategories = $EPVManageServerFileCategories BackupAllSafes = $EPVBackupAllSafes RestoreAllSafes = $EPVRestoreAllSafes } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $str += "EPVID: $EPVID`r`n" $str += "EPVUsername: $EPVUsername`r`n" $str += "EPVSource: $EPVSource`r`n" $str += "EPVUserType: $EPVUserType`r`n" $str += "EPVComponentUser: $EPVComponentUser`r`n" $str += "EPVLocation: $EPVLocation`r`n" $str += "EPVEnabledUser: $EPVEnabledUser`r`n" $str += "EPVSuspended: $EPVSuspended`r`n" $str += "EPVFirstName: $EPVFirstName`r`n" $str += "EPVMiddleName: $EPVMiddleName`r`n" $str += "EPVLastName: $EPVLastName`r`n" $str += "EPVOrganization: $EPVOrganization`r`n" $str += "EPVDepartment: $EPVDepartment`r`n" $str += "EPVGroups (EPVGroupID|EPVGroupName|EPVGroupType): $EPVGroups`r`n" $str += "EPVAddSafes: $EPVAddSafes`r`n" $str += "EPVAuditUsers: $EPVAuditUsers`r`n" $str += "EPVAddUpdateUsers: $EPVAddUpdateUsers`r`n" $str += "EPVResetUsersPasswords: $EPVResetUsersPasswords`r`n" $str += "EPVActivateUsers: $EPVActivateUsers`r`n" $str += "EPVAddNetworkAreas: $EPVAddNetworkAreas`r`n" $str += "EPVManageDirectoryMapping: $EPVManageDirectoryMapping`r`n" $str += "EPVManageServerFileCategories: $EPVManageServerFileCategories`r`n" $str += "EPVBackupAllSafes: $EPVBackupAllSafes`r`n" $str += "EPVRestoreAllSafes: $EPVRestoreAllSafes`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.csv" write-output "ID,Username,Source,UserType,ComponentUser,Location,EnabledUser,Suspended,FirstName,MiddleName,LastName,Organization,Department,Groups(EPVGroupID|EPVGroupName|EPVGroupType),AddSafes,AuditUsers,AddUpdateUsers,ResetUsersPasswords,ActivateUsers,AddNetworkAreas,ManageDirectoryMapping,ManageServerFileCategories,BackupAllSafes,RestoreAllSafes" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $str = "$EPVID,$EPVUsername,$EPVSource,$EPVUserType,$EPVComponentUser,$EPVLocation,$EPVEnabledUser,$EPVSuspended,$EPVFirstName,$EPVMiddleName,$EPVLastName,$EPVOrganization,$EPVDepartment,$EPVGroups,$EPVAddSafes,$EPVAuditUsers,$EPVAddUpdateUsers,$EPVResetUsersPasswords,$EPVActivateUsers,$EPVAddNetworkAreas,$EPVManageDirectoryMapping,$EPVManageServerFileCategories,$EPVBackupAllSafes,$EPVRestoreAllSafes" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } return $true }catch{ Write-Verbose "UNABLE TO RUN REPORT...RETURNING FALSE" Write-VPASOutput -str "UNABLE TO RUN REPORT...RETURNING FALSE" -type E Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |