How to Report Target Accounts Based On Password Status
search cancel

How to Report Target Accounts Based On Password Status

book

Article ID: 367002

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

It is required to report on target accounts based on whether or not PAM manages the password and whether a password is verified or unverified. How can a report be generated for unmanaged accounts, unverified managed accounts, and verified managed accounts?

Environment

Privileged Access Manager, all versions

Resolution

When storing accounts in the database, PAM has two columns for the password status: synchronized and passwordverified. The synchronized column refers to whether or not the account's password is managed in PAM, while the passwordverified column states whether the password is verified.

The Accounts Credential Manager report lists all accounts and can be filtered on synchronized (managed) or unsynchronized (unmanaged), but does not report whether or not the password is verified.

The remote CLI utility can be used to report both on synchronized/managed or verified accounts by running one of the following commands.

The command to list unsynchronized/unmanaged accounts: capam_command capam=<PAM_HOST> adminUserID=<PAM_ADMIN> adminPassword=<PASSWORD> cmdName=searchTargetAccount TargetAccount.synchronize=false

The command to list synchronized/managed accounts with unverified passwords: capam_command capam=<PAM_HOST> adminUserID=<PAM_ADMIN> adminPassword=<PASSWORD> cmdName=searchTargetAccount TargetAccount.synchronize=true TargetAccount.passwordVerified=false

The command to list synchronized/managed accounts with verified passwords: capam_command capam=<PAM_HOST> adminUserID=<PAM_ADMIN> adminPassword=<PASSWORD> cmdName=searchTargetAccount TargetAccount.synchronize=true TargetAccount.passwordVerified=true

Additional Information

For information on how to install the Remote CLI or use the commands, please refer to the Use the Remote CLI documentation section.