Functions/Accounts/Unlock-PASAccount.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
function Unlock-PASAccount {
    <#
.SYNOPSIS
Checks in an exclusive account in to the Vault.
 
.DESCRIPTION
Checks in an account, locked due to an exclusive account policy, to the Vault.
If the account is managed automatically by the CPM, after it is checked in,the password is changed immediately.
If the account is managed manually, a notification is sent to a user who is authorised to change the password.
The account is checked in automatically after it has been changed.
Requires Initiate CPM password management operations on the Safe where the account is stored.
 
.PARAMETER AccountID
The unique ID of the account.
This is retrieved by the Get-PASAccount function.
 
.EXAMPLE
Unlock-PASAccount -AccountID 21_3
 
Will check-in exclusive access account with ID of "21_3"
 
.EXAMPLE
Get-PASAccount xAccount | Unlock-PASAccount
 
Will check-in exclusive access account xAccount
 
.NOTES
Minimum CyberArk version 9.10
 
.LINK
https://pspas.pspete.dev/commands/Unlock-PASAccount
#>

    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("id")]
        [string]$AccountID
    )

    BEGIN { }#begin

    PROCESS {

        #Create URL for request
        $URI = "$Script:BaseURI/API/Accounts/$AccountID/CheckIn"

        if ($PSCmdlet.ShouldProcess($AccountID, "Check-In Exclusive Access Account")) {

            #send request to web service
            Invoke-PASRestMethod -Uri $URI -Method POST -WebSession $Script:WebSession

        }

    }#process

    END { }#end

}