Functions/Accounts/Unlock-PASAccount.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
function Unlock-PASAccount {
    <#
    .SYNOPSIS
    Checks in an exclusive account in to the Vault.

    .DESCRIPTION
    Checks in an account, locked due to an exclusive account policy, to the Vault.
    If the account is managed automatically by the CPM, after it is checked in,the password is changed immediately.
    If the account is managed manually, a notification is sent to a user who is authorised to change the password.
    The account is checked in automatically after it has been changed.
    Requires Initiate CPM password management operations on the Safe where the account is stored.

    .PARAMETER AccountID
    The unique ID of the account.
    This is retrieved by the Get-PASAccount function.

    .PARAMETER sessionToken
    Hashtable containing the session token returned from New-PASSession

    .PARAMETER WebSession
    WebRequestSession object returned from New-PASSession

    .PARAMETER BaseURI
    PVWA Web Address
    Do not include "/PasswordVault/"

    .PARAMETER PVWAAppName
    The name of the CyberArk PVWA Virtual Directory.
    Defaults to PasswordVault

    .EXAMPLE
    $token | Unlock-PASAccount -AccountID 21_3

    Will check-in exclusive access account with ID of "21_3"

    .EXAMPLE
    $token | Get-PASAccount xAccount | Unlock-PASAccount

    Will check-in exclusive access account xAccount

    .INPUTS
    SessionToken, AccountID, WebSession & BaseURI can be piped by property name

    .OUTPUTS
    None

    .NOTES
    Minimum CyberArk version 9.10

    #>

    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("id")]
        [string]$AccountID,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [hashtable]$SessionToken,

        [parameter(
            ValueFromPipelinebyPropertyName = $true
        )]
        [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$BaseURI,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$PVWAAppName = "PasswordVault"
    )

    BEGIN { }#begin

    PROCESS {

        #Create URL for request
        $URI = "$baseURI/$PVWAAppName/API/Accounts/$AccountID/CheckIn"

        if ($PSCmdlet.ShouldProcess($AccountID, "Check-In Exclusive Access Account")) {

            #send request to web service
            Invoke-PASRestMethod -Uri $URI -Method POST -Headers $SessionToken -WebSession $WebSession

        }

    }#process

    END { }#end

}