Hello,
We have one environment of BeyondTrust Insight with scanned accounts and managed accounts. We are planning to setup backup environment at different location with different domain. We wanted to export the accounts from environment 1 to this new one. Is there any way by which we can export those and re-import in other environment.
Thanks,
Prasad
Best answer by Paulo144
You can set the file location where the csv with the information is(C:\Temp\Acccounts.csv), but the rest is the same, it might have something in brazilian portuguese, because that my language, but i tried my best to translate to english the script.
This basically use the data created from the first script to look for the same Assets name and creates the account or if the account is already there it updates the password using the data from the csv.
this technically can be done via API connection and a script to do the work for you. Few years back the company I worked for did a major upgrade where this exact process had to be done. Our implementor who performed the task is an amazing individual, However, Chris no longer works for that company and moved onwards with his career. I would highly recommend engaging Beyond Trust Professional Services for this task just because of the risk associated with the commands being used. I am not certain if the process has been improved but when we did it, there was a risk of critical failure with unrecoverable consequences, unless you leveraged backups/images (We at the time did not have the ability to do those, as we were moving from physical appliances to UVM)
But I have seen it done, so I know its possible :)
Thank you Mike, for the reply. I was trying with some API example given for OAUTH2 setup script to invoke the rest API but I was getting below error, not sure if you are aware of it or encountered in past.
"Failed to authenticate due to one or more authentication rules."
The reference API that I used was from this article -
BeyondInsight / Password Safe - How to setup OAuth application user to make API calls
Without knowing how you have your environment setup I would recommend stepping through this KB BeyondInsight / Password Safe - Configuring, testing, and troubleshooting Password Safe API - Sample API scripts and its subsequent articles. I know it helped me to troubleshoot password safe cache server we were recently setting up.
Hello MikeK,
Thanks for your response. I could be able to get started with use of Rest API but when I am trying to login with script using authorization of username, password and apiKey I am getting 401 unauthorized error. If you know anything about this, please suggest.
Thanks,
Prasad
+5
Hi Pulitros,
Thank you for your response. I am getting something like this error message in Audit-
User not associated to key
What does it mean? I have API registration user and key associated with it. I have following Authentication Rule options enabled - “User Password Required”
authorization header in my script looks like this-
$headers = @{ Authorization="PS-Auth key=${apiKey}; runas=${runAsUser};pwd={runAsPassword}"; };
apiKey, runAsUser, runAsPassword are variables.
Thanks,
Prasad
+5
Hi Paulo144,
Thanks I could able to resolve it and able to signin and signout with API script. However, when I am trying to fetch password using account given as input I am getting 400 bad requests error. I debugged it found that error is appearing at this line of powershell script attached.
$rURL= Invoke-RestMethod -Uri "${baseUrl}Requests" -Method POST -ContentType "application/json" -Body $json -WebSession $session;
Can you help with this?
Thanks,
Prasad
+5
You just need to replace the api key, user and server on the script and it will work.
If you want you can send the csv file to another directory, the default is “C:/Temp/accounts.csv”
Hi Paulo144,
Thank you so much for sharing the script and it’s working absolutely fine.
Another favor, do you happen to have a script which will upload the passwords to BT environment by reading from file or from some location.
If so, can you share that. It will be helpful for me.
Thanks again!!
-Prasad
+5
You can set the file location where the csv with the information is(C:\Temp\Acccounts.csv), but the rest is the same, it might have something in brazilian portuguese, because that my language, but i tried my best to translate to english the script.
This basically use the data created from the first script to look for the same Assets name and creates the account or if the account is already there it updates the password using the data from the csv.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
