Functions/User/New-PASUser.ps1
|
function New-PASUser { <# .SYNOPSIS Creates a new vault user .DESCRIPTION Adds a new user to the vault .PARAMETER UserName The name of the user to create in the vault .PARAMETER InitialPassword The password to set on the account, as a Secure String Must meet the password complexity requirements .PARAMETER Email The user's email address .PARAMETER FirstName The user's first name .PARAMETER LastName The user's last name .PARAMETER ChangePasswordOnTheNextLogon Whether or not user will be forced to change password on first logon .PARAMETER ExpiryDate Expiry Date to set on account. Default is Never .PARAMETER UserTypeName The Type of User to create. EPVUser type will be created by default. .PARAMETER Disabled Whether or not the user will be created as a disbaled user Default is Enabled .PARAMETER Location The Vault Location where the user will be created Default location is "Root" .PARAMETER sessionToken Hashtable containing the session token returned from New-PASSession .PARAMETER WebSession WebRequestSession object returned from New-PASSession .PARAMETER BaseURI PVWA Web Address Do not include "/PasswordVault/" .PARAMETER PVWAAppName The name of the CyberArk PVWA Virtual Directory. Defaults to PasswordVault .PARAMETER ExternalVersion The External CyberArk Version, returned automatically from the New-PASSession function from version 9.7 onwards. .EXAMPLE $token | New-PASUser -UserName NewUser -InitialPassword $securePWD Creates a Vault user named NewUser, with password set to securestring value from $securePWD .INPUTS All parameters can be piped by property name .OUTPUTS Outputs Object of Custom Type psPAS.CyberArk.Vault.User SessionToken, WebSession, BaseURI are passed through and contained in output object for inclusion in subsequent pipeline operations. Output format is defined via psPAS.Format.ps1xml. To force all output to be shown, pipe to Select-Object * .NOTES .LINK #> [CmdletBinding(SupportsShouldProcess)] param( [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [string]$UserName, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [securestring]$InitialPassword, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$Email, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$FirstName, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$LastName, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [boolean]$ChangePasswordOnTheNextLogon, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [datetime]$ExpiryDate, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$UserTypeName, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [boolean]$Disabled, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$Location, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateNotNullOrEmpty()] [hashtable]$sessionToken, [parameter( ValueFromPipelinebyPropertyName = $true )] [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [string]$BaseURI, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$PVWAAppName = "PasswordVault", [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [System.Version]$ExternalVersion = "0.0" ) BEGIN {}#begin PROCESS { #Get request parameters $boundParameters = $PSBoundParameters | Get-PASParameter #Include decoded password in request $boundParameters["InitialPassword"] = $(ConvertTo-InsecureString -SecureString $InitialPassword) If($PSBoundParameters.ContainsKey("ExpiryDate")) { #Convert ExpiryDate to string in Required format $Date = (Get-Date $ExpiryDate -Format MM/dd/yyyy).ToString() #Include date string in request $boundParameters["ExpiryDate"] = $Date } #Construct Request Body $body = $boundParameters | ConvertTo-Json #Create URL for request $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users" if($PSCmdlet.ShouldProcess($UserName, "Create User")) { #send request to web service $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession if($result) { $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ "sessionToken" = $sessionToken "WebSession" = $WebSession "BaseURI" = $BaseURI "PVWAAppName" = $PVWAAppName "ExternalVersion" = $ExternalVersion } } } }#process END {}#end } |