Get-DSPamAccount
2024-10-28
Get-DSPamAccount
SYNOPSIS
Fetch pam accounts.
SYNTAX
GetByFolder (Default)
Get-DSPamAccount [-VaultID <guid>] [-AsBasicInformation] [-AsLegacyResponse] [<CommonParameters>]
GetByID
Get-DSPamAccount -AccountID <guid> [-AsLegacyResponse] [<CommonParameters>]
ALIASES
This cmdlet has the following aliases,
DESCRIPTION
Fetch pam accounts. There is three way to do so. First, get a specific account by using the AccountID parameter. Second, get all pam accounts by calling the cmdlet without parameters. Third, get all pam accounts of a specific folder by using the FolderID parameter. In case there is a lot of PAM accounts, it is possible an TryGoOfflineException occurs. If that is the case, there is two way to avoid that error. First, when calling New-DSSession, use the Timeout parameter to increase the polling delay. Another way is to use AsBasicInformation switch of this cmdlet. This will return a simplified object with the information to quickly identify the PAM accounts of interest.
EXAMPLES
EXAMPLE 1
PS C:> $searchRes = Search-DSEntry -By Username -Match ExactExpression -Value 'MyUsername' -IncludePamVaults -IncludeVault @(); $search = $searchRes[0]; $pamAccountRes = Get-DSPamAccount -AccountID $search.ID
Get the PAM account whose username is 'MyUsername'. It is assumed in this example that the username is unique, so the search result contains a single result.
EXAMPLE 2
PS C:> $pamBasicRes = Get-DSPamAccount -AsBasicInformation; $nameStarts = $pamBasicRes | Where Label -like 'MyName*'; foreach ($pamBasic in $nameStarts) { Remove-DSPamAccount -AccountID $pamBasic.ID }
Delete all PAM Accounts whose name starts with 'MyName'.
PARAMETERS
-AccountID
Pam account's ID
Type: System.Guid
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases:
- PamCredentialID
ParameterSets:
- Name: GetByID
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-AsBasicInformation
The returned object will be simplified. It allows simple identification of the PAM Account (ID, Label, Username, Domain), its PAM folder (FolderID, FolderName), and its PAM vault (TeamFolderID). It is quicker than obtaining the complete PAM Accounts objects.
Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: GetByFolder
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-AsLegacyResponse
In versions prior to 2024.2, many DS cmdlets returned a ServerResponse object. Enabling this backward compatibility switch allows scripts developed for earlier versions to function correctly.
Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-VaultID
Get all accounts in the specified folder
Type: System.Guid
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases:
- FolderID
ParameterSets:
- Name: GetByFolder
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
OUTPUTS
NOTES
For more information, type "Get-Help Get-DSPamAccount -detailed". For technical information, type "Get-Help Get-DSPamAccount -full".