Get-DSPamAccount

Fetch pam accounts.

Get-DSPamAccount [-VaultID <guid>] [-AddActiveCheckoutID] [-IncludeDomainName] [-AsLegacyResponse]
 [<CommonParameters>]

Get-DSPamAccount -AccountID <guid> [-AddActiveCheckoutID] [-IncludeDomainName] [-AsLegacyResponse]
 [<CommonParameters>]

Get-DSPamAccount -AsBasicInformation [-VaultID <guid>] [-AsLegacyResponse] [<CommonParameters>]

Fetch pam accounts. There is three way to do so. First, get a specific account by using the AccountID parameter. Second, get all pam accounts by calling the cmdlet without parameters. Third, get all pam accounts of a specific folder by using the FolderID parameter. In case there is a lot of PAM accounts, it is possible an TryGoOfflineException occurs. If that is the case, there is two way to avoid that error. First, when calling New-DSSession, use the Timeout parameter to increase the polling delay. Another way is to use AsBasicInformation switch of this cmdlet. This will return a simplified object with the information to quickly identify the PAM accounts of interest.

PS C:\> $searchRes = Search-DSEntry -By Username -Match ExactExpression -Value 'MyUsername' -IncludePamVaults -IncludeVault @();
        $search = $searchRes[0];
        $pamAccountRes = Get-DSPamAccount -AccountID $search.ID

Get the PAM account whose username is 'MyUsername'. It is assumed in this example that the username is unique, so the search result contains a single result.

PS C:\> $pamBasicRes = Get-DSPamAccount -AsBasicInformation;
        $nameStarts = $pamBasicRes | Where Label -like 'MyName*';
        foreach ($pamBasic in $nameStarts) { Remove-DSPamAccount -AccountID $pamBasic.ID }

Delete all PAM Accounts whose name starts with 'MyName'.

Pam account's ID

Type: System.Guid
DefaultValue: ''
SupportsWildcards: false
Aliases:
- PamCredentialID
ParameterSets:
- Name: GetByID
  Position: Named
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Add the CheckoutID property containg the ID of the active checkout

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: GetByID
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
- Name: GetByFolder
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

The returned object will be simplified. It allows simple identification of the PAM Account (ID, Label, Username, Domain), its PAM folder (FolderID, FolderName), and its PAM vault (TeamFolderID). It is quicker than obtaining the complete PAM Accounts objects.

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: BasicInformation
  Position: Named
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

In versions prior to 2024.2, many DS cmdlets returned a ServerResponse object. Enabling this backward compatibility switch allows scripts developed for earlier versions to function correctly.

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Include the domain name. Will fetch it from the PAM provider. Can be used by non administrators.

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: GetByID
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
- Name: GetByFolder
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Get all accounts in the specified folder

Type: System.Guid
DefaultValue: ''
SupportsWildcards: false
Aliases:
- FolderID
ParameterSets:
- Name: GetByFolder
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
- Name: BasicInformation
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

For more information, type "Get-Help Get-DSPamAccount -detailed". For technical information, type "Get-Help Get-DSPamAccount -full".