Set-PASUser
Set-PASUser
SYNOPSIS
Updates a vault user
SYNTAX
Gen2 (Default)
Set-PASUser -id <Int32> -username <String> [-NewPassword <SecureString>] [-userType <String>]
[-suspended <Boolean>] [-unAuthorizedInterfaces <String[]>] [-enableUser <Boolean>]
[-authenticationMethod <String[]>] [-ChangePassOnNextLogon <Boolean>] [-passwordNeverExpires <Boolean>]
[-distinguishedName <String>] [-vaultAuthorization <String[]>] [-ExpiryDate <DateTime>] [-Location <String>]
[-userActivityLogRetentionDays <Int32>] [-loginFromHour <Int32>] [-loginToHour <Int32>] [-workStreet <String>]
[-workCity <String>] [-workState <String>] [-workZip <String>] [-workCountry <String>] [-homePage <String>]
[-homeEmail <String>] [-businessEmail <String>] [-otherEmail <String>] [-homeNumber <String>]
[-businessNumber <String>] [-cellularNumber <String>] [-faxNumber <String>] [-pagerNumber <String>]
[-description <String>] [-FirstName <String>] [-MiddleName <String>] [-LastName <String>] [-street <String>]
[-city <String>] [-state <String>] [-zip <String>] [-country <String>] [-title <String>]
[-organization <String>] [-department <String>] [-profession <String>] [-WhatIf] [-Confirm]
[<CommonParameters>]
Gen1
Set-PASUser -username <String> [-NewPassword <SecureString>] [-Email <String>]
[-ChangePasswordOnTheNextLogon <Boolean>] [-ExpiryDate <DateTime>] [-UserTypeName <String>]
[-Disabled <Boolean>] [-Location <String>] [-FirstName <String>] [-LastName <String>] [-UseGen1API] [-WhatIf]
[-Confirm] [<CommonParameters>]
DESCRIPTION
Updates an existing user in the vault.
Appears to require all properties set on a user to be passed with the request.
Not passing a value to an already set property will result in it being cleared.
Default operation using the Gen2 API requires minimum version of 11.1
EXAMPLES
EXAMPLE 1
Set-PASUser -UserName Bill -Disabled $true
Disables vault user Bill
PARAMETERS
-id
The numeric id of the user to update.
Minimum required version 11.1
Type: Int32
Parameter Sets: Gen2
Aliases:
Required: True
Position: Named
Default value: 0
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-username
The name of the user to create in the vault
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-NewPassword
A new password to set on the account, as a Secure String
Must meet the password complexity requirements
Type: SecureString
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-userType
The user type
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-suspended
The user suspension status
Minimum required version 11.1
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-unAuthorizedInterfaces
The CyberArk interfaces that this user is not authorized to use.
Minimum required version 11.1
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-enableUser
Whether the user will be enabled upon creation.
Minimum required version 11.1
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-authenticationMethod
The authentication method that the user will use to log on.
Valid Values:
- “AuthTypePass”, for CyberArk Authentication (default)
- “AuthTypeLDAP”, for LDAP authentication
- “AuthTypeRADIUS”, for RADIUS authentication
Minimum required version 11.1
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The user’s email address
Type: String
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ChangePassOnNextLogon
Whether or not user will be forced to change password on first logon
Minimum required version 11.1
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ChangePasswordOnTheNextLogon
Whether or not user will be forced to change password on first logon
Type: Boolean
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-passwordNeverExpires
Whether or not the user’s password will expire
Minimum required version 11.1
Type: Boolean
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-distinguishedName
The distinguished name of the user.
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-vaultAuthorization
The user permissions in the vault.
To grant authorization to a user, the same authorization must be held by the account logged on to the API.
Valid values:
- AddSafes
- AuditUsers
- AddUpdateUsers
- ResetUsersPasswords
- ActivateUsers
- AddNetworkAreas
- ManageDirectoryMapping
- ManageServerFileCategories
- BackupAllSafes
- RestoreAllSafes
Minimum required version 11.1
Type: String[]
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ExpiryDate
Expiry Date to set on account.
Default is Never
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UserTypeName
The Type of User to create.
EPVUser type will be created by default.
Type: String
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Disabled
Whether or not the user will be created as a disabled user
Default is Enabled
Type: Boolean
Parameter Sets: Gen1
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Location
The Vault Location where the user will be created
Default location is “Root”
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workStreet
Business Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workCity
Business Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workState
Business Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workZip
Business Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-workCountry
Business Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homePage
The user’s email address
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homeEmail
The user’s email address
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-businessEmail
The user’s email address
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-otherEmail
The user’s email address
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-homeNumber
The user’s phone number
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-businessNumber
The user’s phone number
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-cellularNumber
The user’s phone number
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-faxNumber
The user’s phone number
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-pagerNumber
The user’s phone number
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-description
Description Text
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-FirstName
The user’s first name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-MiddleName
The User’s Middle Name
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-LastName
The user’s last name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-street
Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-city
Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-state
Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-zip
Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-country
Address detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-title
Personal detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-organization
Personal detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-department
Personal detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-profession
Personal detail for the user
Minimum required version 11.1
Type: String
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UseGen1API
Specify to force usage the Gen1 API endpoint.
Should be specified for versions earlier than 11.1
Type: SwitchParameter
Parameter Sets: Gen1
Aliases: UseClassicAPI
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-loginFromHour
The start of the timeframe the user account is permitted to authenticate.
Provide an hour of the day in 24-hour format (0-23)
Minimum required version 13.2
Type: Int32
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-loginToHour
The end of the timeframe the user account is permitted to authenticate.
Provide an hour of the day in 24-hour format (0-23)
Minimum required version 13.2
Type: Int32
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-userActivityLogRetentionDays
The number of days that a user’s account activity records are stored before being deleted. These activity records includes logon, logoff, and user management.
If this parameter is set to zero, user activities in the Vault will not be written in the audit log.
Default value: 90 days
Minimum required version 13.2
Type: Int32
Parameter Sets: Gen2
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.