You have a requirement to get a report that shows the password view policy assigned to each target account. The built-in Credential Manager reports don't include this information.

The attached Powershell script demonstrates creation of a sample report in CSV format, providing the ID and name of the password policy assigned to each target account. In this sample script the following columns are in the report:

"Account ID","Account Name","Target App Name","Target Server Name","PVP ID","PVP Name"

The script gets all PVPs, all target accounts, all target applications and all target servers using remote CLI commands and writes the raw data to files. The commands are submitted directly to the PAM server. It is not necessary to install the Remote CLI tool, but it must be enabled per instructions in section Enable the Credential Manager CLI on documentation page Install and Set Up the Remote CLI and Java API.

The raw files can be viewed to see which attributes are available for each type of object. Only minor modifications of the script would be needed to add columns, such as a target account descriptor field, or the target application type etc.

The script asks for the PAM server address, and PAM user credentials. The PAM user must have access to all target data. It was tested successfully with Powershell 5.1 against PAM 4.2 and 4.3 releases using the super user account and processed about 6500 accounts in one minute. It was not tested with tens of thousands of accounts, but would be expected to be able to handle that and just take more time. A page size of 100000 is used for the CLI calls in the script. This defines the maximum number of target servers, applications and accounts it can process.