sysadmin-z Posted June 26, 2018 Share Posted June 26, 2018 Hi, I was wondering if it is possible to expire a password through the API. I am able to update a password using the API, but that requires me to generate a password and then update it. I would like to update using the selected password generator and privileged account that is required for resetting the password. Would it be possible to expire it by updating the ExpiryDate? If so, how quickly would a reset happen? Thanks. Link to comment Share on other sites More sharing options...
support Posted June 26, 2018 Share Posted June 26, 2018 Hello, Yes, you can do something like this, as per the example below in PowerShell. Are you also aware of the GeneratePassword option when updating passwords via the UI as well? This will generate a new password for you, based on the selected Password Generator assigned to the Password List, and then you wouldn't need to change the Expiry Date or Schedule as per below? With this example below, or if you used the GenerarePassword option, the reset would be picked up within the next minutes and processed. $NewExpiryDate = (get-date).AddDays(-1).ToString("yyyy-MM-dd") $NewSchedule = (get-date).AddMinutes(1).ToString("hh:mm") $jsonData = ' { "PasswordID":"57783", "ExpiryDate":"' + $NewExpiryDate + '", "PasswordResetSchedule":"' + $NewSchedule + '" } ' $PasswordstateUrl = 'https://myurl/api/passwords' $result = Invoke-Restmethod -Method Put -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials Write-Output $result Regards Click Studios Link to comment Share on other sites More sharing options...
Steve D Posted September 30, 2020 Share Posted September 30, 2020 Sorry for dragging up this old post. Can this process be used in a replacement for LAPS? Scenario: Workstation Local Administrator Account: localadmin Technician retrieves the localadmin password. I am monitoring the PasswordState event log, so at this point I call the above API URL but with modifications to set the expiration, let's say 30 minutes in the future. This would give the technician a 30 minute window of access. The question: When the password expires in PasswordState, would PasswordState use it's own internal PowerShell scripts to reset the localadmin password on the workstation? (I can make a new post if prefered) Link to comment Share on other sites More sharing options...
support Posted October 7, 2020 Share Posted October 7, 2020 Hi Steve, Sorry we missed this post. When you trigger a password reset via our API, it does use our own reset scripts to perform the reset. It sounds like what you want to do though is give a user access to a password for a specific amount of time, and this can be achieved through the User Interface, which would be much easier. This could either be achieved through requesting access to a password, and the approver can set how long the access lasts for. Or you could use the Check IN? Check Out feature, which will give the user exclusive access to the password for a set amount of time, and can automatically change the password when they are finished with it. Regards, Support Link to comment Share on other sites More sharing options...
PeterJ Posted July 28, 2021 Share Posted July 28, 2021 can I suggest that you change the line: $NewSchedule = (get-date).AddMinutes(1).ToString("hh:mm") to $NewSchedule = (get-date).AddMinutes(1).ToString("HH:mm") Regards Peter Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now