New-PASDirectoryMapping

New-PASDirectoryMapping

SYNOPSIS

Adds a new Directory Mapping for an existing directory

SYNTAX

New-PASDirectoryMapping [-DirectoryName] <String> [-MappingName] <String> [-LDAPBranch] <String>
 [-DomainGroups] <String[]> [[-VaultGroups] <String[]>] [[-Location] <String>] [[-LDAPQuery] <String>]
 [[-MappingAuthorizations] <Authorizations>] [[-UserActivityLogPeriod] <Int32>] [-WhatIf] [-Confirm]
 [<CommonParameters>]

DESCRIPTION

Adds a directory mapping.

Membership of the Vault Admins group required.

Minimum required version 10.4

EXAMPLES

EXAMPLE 1

New-PASDirectoryMapping -DirectoryName "domain.com" -LDAPBranch "DC=DOMAIN,DC=COM" -DomainGroups ADGroup -MappingName Map3 -MappingAuthorizations RestoreAllSafes, BackupAllSafes

Creates a new LDAP directory mapping in the Vault with the following authorizations: BackupAllSafes, RestoreAllSafes

EXAMPLE 2

New-PASDirectoryMapping -DirectoryName "domain.com" -LDAPBranch "DC=DOMAIN,DC=COM" -DomainGroups ADGroup -MappingName Map2 -MappingAuthorizations BackupAllSafes, RestoreAllSafes

Creates a new LDAP directory mapping in the Vault with the following authorizations: BackupAllSafes, RestoreAllSafes

EXAMPLE 3

New-PASDirectoryMapping -DirectoryName "domain.com" -LDAPBranch "DC=DOMAIN,DC=COM" -DomainGroups ADGroup -MappingName Map1 -MappingAuthorizations AddUpdateUsers, AddSafes, BackupAllSafes

Creates a new LDAP directory mapping in the Vault with the following authorizations: AddUpdateUsers, AddSafes, BackupAllSafes

PARAMETERS

-DirectoryName

The name of the directory the mapping is for.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-MappingName

The name of the PAS role that will be created.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-LDAPBranch

The LDAP branch that will be used for external directory queries

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-DomainGroups

Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-VaultGroups

A list of Vault groups that a mapped user will be added to.

Minimum required version 10.7

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Location

The path of the Vault location that mapped users are added under.

This value cannot be updated.

Minimum required version 10.7

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-LDAPQuery

Match LDAP query results to mapping

Minimum required version 10.7

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-MappingAuthorizations

Specify authorizations that will be applied when an LDAP User Account is created in the Vault. To apply specific authorizations to a mapping, the user must have the same authorizations. Possible authorizations: AddSafes, AuditUsers, AddUpdateUsers, ResetUsersPasswords, ActivateUsers, AddNetworkAreas, ManageServerFileCategories, BackupAllSafes, RestoreAllSafes.

Type: Authorizations
Parameter Sets: (All)
Aliases:
Accepted values: AddUpdateUsers, AddSafes, AddNetworkAreas, ManageServerFileCategories, AuditUsers, BackupAllSafes, RestoreAllSafes, ResetUsersPasswords, ActivateUsers

Required: False
Position: 8
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-UserActivityLogPeriod

Retention period in days for user activity logs

Minimum required version 10.10

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: 0
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

https://pspas.pspete.dev/commands/New-PASDirectoryMapping

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/LDAP_Create_Directory_Mapping.htm