Dedicated Domain Account Onboarding without AD account groups?

is this for user management or for managed accounts?

If you're looking to bring in 1500+ Active Directory (AD) objects into BeyondTrust Password Safe without using AD groups, here are several alternative methods you can explore:

1. Use Smart Rules with Directory Queries

Smart Rules can be configured to pull in AD accounts based on custom filters, not just group membership.

• You can define filters based on:
  • OU (Organizational Unit)
  • Account attributes (e.g., name, type, last login)
  • Account type (e.g., service accounts, admin accounts)

This allows you to target specific sets of AD objects without relying on group membership.
🔗 Smart Rules documentation [Smart Rule...dtrust.com]

2. Use the API for Bulk Import

You can use the BeyondInsight Password Safe API to import AD accounts programmatically.

• Create a script (e.g., in PowerShell or Postman) to:
  • Read from a CSV file or AD query
  • Loop through each entry
  • Call the API to add each account or asset

This method is flexible and scalable for large imports.
🔗 API documentation 

✅ 3. Manual Import via Discovery Scan

You can run a Discovery Scan and then manually select which AD accounts to import.

• This method allows you to:
  • Discover all AD objects
  • Filter and select specific accounts
  • Import them without needing group-based filtering

🔗 Getting Started Guide [Password S...dtrust.com]

Here’s a sample PowerShell script that uses the BeyondInsight Password Safe API to import AD accounts in bulk without using AD groups. This script assumes you have a list of AD accounts in a CSV file and valid API credentials.

NOTE this is not supported and is used at your own risk.

Sample csv format:

AccountName,Domain,Description
svc_account1,corp.local,Service Account 1
svc_account2,corp.local,Service Account 2

powershell script (see note)

# Set API credentials and endpoint
$apiBaseUrl = "https://your-beyondinsight-server/api/public/v3"
$apiKey = "your-api-key-here"
$csvPath = "C:\ADAccounts.csv"

# Read CSV
$accounts = Import-Csv -Path $csvPath

# Loop through each account and create it
foreach ($account in $accounts) {
    $body = @{
        "AccountName" = $account.AccountName
        "DomainName" = $account.Domain
        "Description" = $account.Description
        "PlatformId" = 1  # Adjust based on your platform (e.g., Windows, Linux)
        "ManagedSystemId" = 123  # ID of the system this account belongs to
        "IsManaged" = $true
    }

    $jsonBody = $body | ConvertTo-Json -Depth 3

    $response = Invoke-RestMethod -Uri "$apiBaseUrl/accounts" `
        -Method POST `
        -Headers @{ "Authorization" = "PS-Auth $apiKey"; "Content-Type" = "application/json" } `
        -Body $jsonBody

    Write-Host "Imported account: $($account.AccountName)"
 

Important Notes

• Replace PlatformId and ManagedSystemId with actual values from your environment.
• You must have API access enabled and permissions to create accounts.
• You can extend this script to include additional fields like password policies, access levels, etc.