Summary: All of the scripts documented here are available from CTI to automate CyberArk tasks that would otherwise be manual, repetitive processes. CTI can provide pricing and support specifics customized to your business’ CyberArk implementation needs.
Account Report Scripts
1. Total-account-report-mailer.ps1
Description: Produces brief HTML report/count of all accounts in CyberArk and how many of which are set to be automatically managed and emails report to set recipients.
2. Duplicate-accounts-report.ps1
Description: Use All-accounts-report.ps1 output to produce report of all accounts in CyberArk that exist more than once.
3. Account-id-search.ps1
Description: Searches vault for ID for a list of accounts, Produces a report of just account IDs.
4. All-accounts-report.ps1
Description: Produces CSV report of all accounts in CyberArk along with all parameters.
AD Consolidation Scripts
5. Safe-reperm-check.ps1
Description: Checks a Migration Site export of accounts from input directory for personal safes and exports list to output directory.
6. Safe-reperm-exec.ps1
Description: Reads in the output file of personal safes and new UPNs and executes the changes in the CyberArk Vault. Records any actions taken or errors seen in output file.
App Report Scripts
7. App-auth-report.ps1
Description: Report of all authorization attributes of CyberArk applications. Reports on what servers/hosts are allowed to make CCP/CP calls to CyberArk via CyberArk applications.
8. App-report.ps1
Description: Report of all CyberArk applications.
Bulk-Group-Member-Add Scripts
8. Bulk-group-member-add.ps1
Description: Adds a list of users from their domain’s respective end user’s group to CyberArk. Saves output and indicates when user requires manual intervention.
9. Bulk-group-member-remove.ps1
Description: Removes a list of users from their domain’s respective end user’s group. Saves output and indicates when user requires manual intervention.
10. Bulk-group-member-add-disc.ps1
Description: Adds a list of users from their domain’s respective end user’s group. Saves output and indicates when user requires manual intervention.
11. Bulk-group-member-add-adgroup.ps1
Description: Adds a list of users to a domain group. Saves output and indicates when user requires manual intervention.
12. Bulk-group-member-add-by-samacct.ps1
Description: Adds a list of users from their domain’s respective end user’s group. Saves output and indicates when user requires manual intervention.
13. WB-bulk-group-member-remove.ps1
Description: Removes a list of users from their domain’s respective end user’s group. Saves output and indicates when user requires manual intervention.
Bulk-Import-Account Scripts
14. Bulk-import-dbacct.ps1
Description: Adds a csv of Oracle DB accounts to CyberArk – custom version for database/oracle accounts.
15. Bulk-import-genacct.ps1
Description: Adds a csv of Oracle DB accounts to CyberArk – custom version for generic custom accounts.
16. Bulk-import-dbacct-overwrite.ps1
Description: Adds a csv of Oracle DB accounts to CyberArk – custom version for OVERWRITING/importing Oracle DB accounts.
17. Bulk-import-dbacct.ps1
Description: Adds a csv of Oracle DB accounts to CyberArk – custom version for importing Oracle DB accounts – warns when account already exists.
18. Bulk-import-informatica.ps1
Description: Adds a csv of prd informatica accounts to CyberArk – custom version for importing informatica accounts.
19. Bulk-import-miscsnow.ps1
Description: Adds a csv of ServiceNow accounts to CyberArk – custom version for importing service now accounts via Leslie
20. Bulk-import-miscwb.ps1
Description: Adds a csv of ServiceNow accounts to CyberArk – custom version for importing generic WB unmanaged accounts
21. Bulk-Safe-Domain-Reperm Safe-permission-report.ps1
Description: Report of all users with permissions to provided csv of safes. Identifies if domain object and which domain, excludes users in if statement below. custom version that reports only on applicable AD accounts for migrating safe permissions to new domains
22. Safe-reperm-exec-nodelete.ps1
Description: Reads in the output file of personal safes and new UPNs from the safe-reperm.ps1 script and executes the changes in the CyberArk Vault. Records any actions taken or errors seen in output file saved to ./output/. custom version that does not delete epvuser (for rerunning if users have already been recreated and just needs perms added/re-applied)
23. Safe-reperm-exec.ps1
Description: Reads in the output file of personal safes and new UPNs from the safe-reperm.ps1 script and executes the changes in the CyberArk Vault. Deletes each EPV user only once, including ones that only have group permissions, reapplies permissions from new domain. Records any actions taken or errors seen in output file saved to ./output/.
24. Safe-reperm-preexec-WB.ps1
Description: Takes output from safe-owners-report.ps1 script and removes each user from legacy end user’s group, and then adds them to AD end user’s group. Does not remove user from legacy since we don’t have access to do so. Records any actions taken or errors seen in output file saved to ./output/.
25. Safe-reperm-preexec.ps1
Description: Takes output from safe-owners-report.ps1 script and removes each user from legacy end user’s group, and then adds them to AD end user’s group. Records any actions taken or errors seen in output file saved to ./output/.
26. Safe-report.ps1
Description: Outputs report of all safes – for use with safe-permission-report.ps1
Bulk Update Accounts Scripts
27. Bulk-update-accounts.ps1
Description: Updates a csv of accounts/parameters with new values. Used when you need to change any parameter on an account, like its name, target address, username, etc.
28. Bulk-update-accountsmgmt.ps1
Description: Updates a csv of accounts cpm mgmt with a new value (true/false).
29. Bulk-update-accountsprops.ps1
Description: Updates a csv of accounts/platformAccountProperties parameters with a new value. For any custom/platform-specific parameters that aren’t schema-wide..
30. Bulk-update-accountssecrets.ps1
Description: Updates a csv of accounts with a new secret – such as when you need to update the password value manually on a list of unmanaged (or otherwise) accounts.
31. Bulk-update-informatica.ps1
Description: Updates a csv of accounts – custom version for Informatica team
Group Report Scripts
32. Bulk-group-report.ps1
Description: Script takes input file of AD groups, finds which domain each user is in, and saves a report of all of the members of each group
33. Group-report.ps1
Description: Simple interactive script that asks for a single AD group, finds which domain it’s in, and saves a report of all of the member of the group.
Onboard Privileged Personal Account Scripts
34. Onboard-privileged-account.ps1
Description: Interactive script that onboards a personal user privilege account to CyberArk, creates a safe if needed. Checks if account exists before adding it.
35. Bulk-onboard-privileged-account.ps1
Description: Adds a csv of personal user privilege accounts to CyberArk as well as creates a safe if needed. If one already exists the script uses that safe. Checks if privileged account exists before adding it.
36. Bulk-onboard-privileged-account-noprivcheck.ps1
Description: Adds a csv of personal user privilege accounts to CyberArk as well as creates a safe if needed. If one already exists the script uses that safe. This is a custom version that doesn’t check if the privileged account exists.
37. Bulk-onboard-WMAD-personal-account-by-name.ps1
Description: Adds a csv of personal user privilege accounts to CyberArk as well as creates a safe if needed. If one already exists the script uses that safe. This custom version is used when AD was not the primary domain.
38. Bulk-onboard-personal-account-by-samacct.ps1
Description: Adds a csv of personal user privilege accounts to CyberArk as well as creates a safe if needed. If one already exists the script uses that safe. This custom version uses samacct rather than UPN.
Safe Admins Migration Scripts
39. Pasadmin-check.ps1
Description: Checks all safes to see if pasadmin has appropriate permissions. Saves an output file of results to output directory. Used when you need to change safe admins user/group.
40. Pasadmin-cleanup.ps1
Description: Removes “pasadmin” user permissions on all safes listed in input csv of safes with “SafeName” as the column header.
41. Pasadmin-fix.ps1
Description: Sets PAS Admin group permissions on all safes listed in input csv of safes with “SafeName” as the column header.
42. Pasadmins-postcheck.ps1
Description: Checks all safes to see if pasadmins group has appropriate permissions. Saves an output file of results to output directory. Used when you need to change safe admins user/group, need to be very careful with this since you can lock yourself out of the environment.
Safe Report Scripts
43. Safe-account-report.ps1
Description: Outputs report of all accounts in provided csv of safes.
44. Safe-report.ps1
Description: Outputs report of all safes
45. Safe-details-report.ps1
Description: Outputs report of all parameters of each safe in provided csv of safes.
46. Safe-owners-report.ps1
Description: Report of all users with permissions to provided csv of safes.
47. Safe-owners-report-alt.ps1
Description: Report of all users with permissions to provided csv of safes. This is a custom version that identifies if domain object and which domain, excludes users in if statement.
48. Safe-account-report-by-name.ps1
Description: Report of all accounts in provided csv of safes. This is a custom version that searches for specific account name.
49. Safe-account-report-splitparam.ps1
Description: Report of all accounts in provided csv of safes, providing management parameters in their own columns. This is a custom version that makes it easier to work with this data if need be.
50. Safe-report-old.ps1
Description: Old version using legacy v10 API
CyberArk User Report
51. Cagroup-report.ps1
Description: Outputs report of all vault groups in CyberArk
52. User-details-report.ps1
Description: Report of all vault users and their parameters in CyberArk including last logon date. Also determines what type of user they are and what domain they are.
One-Off Scripts
53. Add-group-to-safes.ps1
Description: Script to add a set group to safes specified in input csv.
54. Add-prov-user.ps1
Description: Adds a provider CyberArk user to CyberArk – WIP – for automating CP/AIM deployments
55. Add-user-to-group.ps1
Description: Simple interactive script to add a single user to a group in AD.
56. Bulk-delete-acct.ps1
Description: Removes a csv of accounts from CyberArk.
57. Bulk-delete-users.ps1
Description: Deletes a list of CyberArk users from CyberArk. Used for cleaning up old CyberArk users to free up licenses.
58. Bulk-recon-safe.ps1
Description: Reconciles each account in a safe. Used when all accounts in a list of safes needs to be reset immediately.
59. Bulk-Safe-GroupMove-Reperm.ps1
Description: Reads input file of safes and groups and reapplies permissions in the CyberArk Vault, This is needed after moving group to new OU. Records any actions taken or errors seen in output file saved to ./output/.
60. Bulk-update-app-auth.ps1
Description: Adds input csv of appids and hosts to authorized hosts of CyberArk app.
61. Ccp-add.ps1
Description: Sets CCP provider account permissions on all safes listed in input csv of safes with “SafeName” as the column header.
62. Cpm-port-tester.ps1
Description: Tests all ports from server it’s ran from with given CSV of sample accounts. For testing if a CPM can reach all target addresses of all accounts in CyberArk, like when changing IP address. Destination firewalls are very numerous and not in the control of CyberArk team, can mean months of work to chase down each firewall rule.
63. Platform-report.ps1
Description: Report of all attributes of all platforms in CyberArk.
64. PSM-port-tester.ps1
Description: Tests PSM port from server it’s ran from with given CSV of destination servers. For testing if a PSM can reach all target addresses of all accounts in CyberArk, like when changing IP address. Destination firewalls are very numerous and not in the control of CyberArk team, can mean months of work to chase down each firewall rule.