11 April,19 at 11:51 AM
This article describes the basic steps to obtain and configure the necessary tools used to import objects into the privilege service vault. This feature was added in Centrify Privilege Service 18.4 and allows admins to import systems, domains, databases and their accounts. This is a powershell module that will be released in github.
1. Start with Github to find the Centrify Powershell Samples
https://github.com/centrify/centrify-samples-powershell
Go to “Clone or Download” then “Download ZIP”
2. Next, be sure to download the CPS Import Demo Kit file, attached to this blog post. (CPSImportDemoKit.zip)
2a. Extract both the Centrify-samples-powershell-master and CPSImportDemoKit folders
2b. Once the CPSImportDemoKit file is unzipped, copy the following files to the Centrify-samples-powershell-master folder:
3.Open Powershell (As admin or with privilege)
3a. Run the following command:
Then answer [A] or [Y] Yes to all (This allows your system to run unsigned modules)
4.Now open PowerShell ISE (with Admin/Privilege)
4a. Open Centrify.Samples.PowerShell.Example.ps1. We will be making some changes to this file for the import to work
Because we will be utilizing interactive login, we will need to uncomment this line and set it to your tenant admin (lines 19 and 20 will get changed)
BEFORE:
AFTER:
5.Next, scroll down to line 55 and uncomment this line and comment out line 64 (as this is what we need for interactive login)
Now save the file.
6.Next, run the script by pressing the green arrow at the top of the PS Console:
You should get a password (and MFA prompt if configured). Enter your tenant admin credentials here. (This does not run the import, but a test to make sure your tenant info is set correctly in the script.)
At this point, we are ready to modify the file so that we can run the import
7. Scroll down to past line 141 and insert some blank lines:
7a. The import will take a few variables so enter this line into the blank space:
Centrify-CPS-Import -endpoint $endpoint -token $token.BearerToken -csvfile $csv
7b. Next, go up one line and add this:
$csv = $exampleRootDir\
Once you enter the “\” character you should have an option to browse to the demo-sample.csv file, like this:
So now, it will show the full path to your demo-sample.csv file:
7c. Now, put the line that shows the path to the csv file in single quotes and add $csv next to the
-csvFile entry, so it should look like this:
8. Save the script
9. Run the script once more using the green arrow at the top
You should get an authentication prompt, as if you are logging into your tenant
You should also see something like this:
You can verify the script was successful if you see ‘Imported’ next to the account names in your tenant. But you may need to refresh your browser first.
10. Go back to Powershell ISE and look at the script output, you should see a line that indicates a directory that was created in your Centrify-samples-powershell-master folder
10a. Open this folder and you will see some text files that show you the failed rows and warning rows. Opening these files will tell you what was wrong with the accounts that caused them to not get imported. You can fix the issues shown in these files and run the import again.
10b. Also included in the Centrify-samples-powershell-master folder is a Cleanup tool that will remove all the imported users for the demo. All you need to do is open this file in Powershell ISE and run it. It should reverse everything you did in the steps followed above.
Thanks for reading! Good luck!
-bschaap