New-PASUser
New-PASUser
SYNOPSIS
Creates a new vault user
SYNTAX
Gen2 (Default)
New-PASUser -UserName <String> [-InitialPassword <SecureString>] [-userType <String>]
[-unAuthorizedInterfaces <String[]>] [-enableUser <Boolean>] [-authenticationMethod <String[]>]
[-ChangePassOnNextLogon <Boolean>] [-passwordNeverExpires <Boolean>] [-distinguishedName <String>]
[-vaultAuthorization <String[]>] [-ExpiryDate <DateTime>] [-Location <String>] [-workStreet <String>]
[-workCity <String>] [-workState <String>] [-workZip <String>] [-workCountry <String>] [-homePage <String>]
[-homeEmail <String>] [-businessEmail <String>] [-otherEmail <String>] [-homeNumber <String>]
[-businessNumber <String>] [-cellularNumber <String>] [-faxNumber <String>] [-pagerNumber <String>]
[-description <String>] [-FirstName <String>] [-MiddleName <String>] [-LastName <String>] [-street <String>]
[-city <String>] [-state <String>] [-zip <String>] [-country <String>] [-title <String>]
[-organization <String>] [-department <String>] [-profession <String>] [-WhatIf] [-Confirm]
[<CommonParameters>]
Gen1
New-PASUser -UserName <String> -InitialPassword <SecureString> [-Email <String>]
[-ChangePasswordOnTheNextLogon <Boolean>] [-ExpiryDate <DateTime>] [-UserTypeName <String>]
[-Disabled <Boolean>] [-Location <String>] [-FirstName <String>] [-LastName <String>] [-UseGen1API] [-WhatIf]
[-Confirm] [<CommonParameters>]
DESCRIPTION
Adds a new user to the vault
Default operation using the Gen2 API requires minimum version of 10.9
EXAMPLES
EXAMPLE 1
New-PASUser -UserName NewUser -InitialPassword $securePWD -UseGen1API
Creates a Vault user named NewUser, with password set to securestring value from $securePWD, using the Gen1 API
EXAMPLE 2
New-PASUser -UserName NewUser -InitialPassword $securePWD
Creates a Vault user named NewUser, with password set to securestring value from $securePWD
Minimum required version 10.9
EXAMPLE 3
New-PASUser -UserName NewUser -InitialPassword $securePWD -unAuthorizedInterfaces "PACLI" -vaultAuthorization ManageDirectoryMapping
Creates a Vault user as per the provided parameter values
Minimum required version 10.9
PARAMETERS
-UserName
The name of the user to create in the vault
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-InitialPassword
The password to set on the account, as a Secure String
Must meet the password complexity requirements
Type: SecureString
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Type: SecureString
Parameter Sets: Gen1
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-userType
The user type
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-unAuthorizedInterfaces
The CyberArk interfaces that this user is not authorized to use.
Minimum required version 10.9
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-enableUser
Whether the user will be enabled upon creation.
Minimum required version 10.9
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-authenticationMethod
The authentication method that the user will use to log on.
Valid Values:
- “AuthTypePass”, for CyberArk Authentication (default)
- “AuthTypeLDAP”, for LDAP authentication
- “AuthTypeRADIUS”, for RADIUS authentication
Minimum required version 10.9
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The user’s email address
Type: String
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ChangePassOnNextLogon
Whether or not user will be forced to change password on first logon
Minimum required version 10.9
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ChangePasswordOnTheNextLogon
Whether or not user will be forced to change password on first logon
Type: Boolean
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-passwordNeverExpires
Whether or not the user’s password will expire
Minimum required version 10.9
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-distinguishedName
The distinguished name of the user.
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-vaultAuthorization
The user permissions in the vault.
To grant authorization to a user, the same authorization must be held by the account logged on to the API.
Valid values:
- AddSafes
- AuditUsers
- AddUpdateUsers
- ResetUsersPasswords
- ActivateUsers
- AddNetworkAreas
- ManageDirectoryMapping
- ManageServerFileCategories
- BackupAllSafes
- RestoreAllSafes
Minimum required version 10.9
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ExpiryDate
Expiry Date to set on account.
Default is Never
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-UserTypeName
The Type of User to create.
EPVUser type will be created by default.
Type: String
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Disabled
Whether or not the user will be created as a disabled user
Default is Enabled
Type: Boolean
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Location
The Vault Location where the user will be created
Default location is “Root”
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workStreet
Business Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workCity
Business Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workState
Business Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workZip
Business Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workCountry
Business Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homePage
The user’s email address
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homeEmail
The user’s email address
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-businessEmail
The user’s email address
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-otherEmail
The user’s email address
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homeNumber
The user’s phone number
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-businessNumber
The user’s phone number
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-cellularNumber
The user’s phone number
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-faxNumber
The user’s phone number
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-pagerNumber
The user’s phone number
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-description
Description Text
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-FirstName
The user’s first name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-MiddleName
The User’s Middle Name
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-LastName
The user’s last name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-street
Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-city
Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-state
Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-zip
Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-country
Address detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-title
Personal detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-organization
Personal detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-department
Personal detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-profession
Personal detail for the user
Minimum required version 10.9
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UseGen1API
Specify to force usage the Gen1 API endpoint.
Should be specified for versions earlier than 10.9
Type: SwitchParameter
Parameter Sets: Gen1
Aliases: UseClassicAPI
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
OUTPUTS
NOTES
RELATED LINKS
https://pspas.pspete.dev/commands/New-PASUser
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/API-AddUser-v10.htm