Hi,
Does any one know about, how to onboard the dedicated domain accounts without having a AD account group which will be used in directory query and all the accounts are placed in a different AD OU path.
Thanks in advanced!!
Gayatri B
Page 1 / 1
is this for user management or for managed accounts?
If you're looking to bring in 1500+ Active Directory (AD) objects into BeyondTrust Password Safe without using AD groups, here are several alternative methods you can explore:
1. Use Smart Rules with Directory Queries
Smart Rules can be configured to pull in AD accounts based on custom filters, not just group membership.
- You can define filters based on:
- OU (Organizational Unit)
- Account attributes (e.g., name, type, last login)
- Account type (e.g., service accounts, admin accounts)
This allows you to target specific sets of AD objects without relying on group membership.
🔗 Smart Rules documentation [Smart Rule...dtrust.com]
2. Use the API for Bulk Import
You can use the BeyondInsight Password Safe API to import AD accounts programmatically.
- Create a script (e.g., in PowerShell or Postman) to:
- Read from a CSV file or AD query
- Loop through each entry
- Call the API to add each account or asset
This method is flexible and scalable for large imports.
🔗 API documentation
✅ 3. Manual Import via Discovery Scan
You can run a Discovery Scan and then manually select which AD accounts to import.
- This method allows you to:
- Discover all AD objects
- Filter and select specific accounts
- Import them without needing group-based filtering
🔗 Getting Started Guide [Password S...dtrust.com]
Here’s a sample PowerShell script that uses the BeyondInsight Password Safe API to import AD accounts in bulk without using AD groups. This script assumes you have a list of AD accounts in a CSV file and valid API credentials.
NOTE this is not supported and is used at your own risk.
Sample csv format:
AccountName,Domain,Description
svc_account1,corp.local,Service Account 1
svc_account2,corp.local,Service Account 2
powershell script (see note)
# Set API credentials and endpoint
$apiBaseUrl = "https://your-beyondinsight-server/api/public/v3"
$apiKey = "your-api-key-here"
$csvPath = "C:\ADAccounts.csv"
# Read CSV
$accounts = Import-Csv -Path $csvPath
# Loop through each account and create it
foreach ($account in $accounts) {
$body = @{
"AccountName" = $account.AccountName
"DomainName" = $account.Domain
"Description" = $account.Description
"PlatformId" = 1 # Adjust based on your platform (e.g., Windows, Linux)
"ManagedSystemId" = 123 # ID of the system this account belongs to
"IsManaged" = $true
}
$jsonBody = $body | ConvertTo-Json -Depth 3
$response = Invoke-RestMethod -Uri "$apiBaseUrl/accounts" `
-Method POST `
-Headers @{ "Authorization" = "PS-Auth $apiKey"; "Content-Type" = "application/json" } `
-Body $jsonBody
Write-Host "Imported account: $($account.AccountName)"
Important Notes
- Replace
PlatformIdandManagedSystemIdwith actual values from your environment. - You must have API access enabled and permissions to create accounts.
- You can extend this script to include additional fields like password policies, access levels, etc.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.