You have a requirement to get a report that shows the password view policy assigned to each target account. The built-in Credential Manager reports don't include this information.

Attached is a powershell script that demonstrates creation of a sample report in CSV format, providing the ID and name of the password policy assigned to each target account. In this sample script the following columns are in the report:

"Account ID","Account Name","Target App Name","Target Server Name","PVP ID","PVP Name"

The script gets all PVPs, all target accounts, all target applications and all target servers using remote CLI commands and writes the raw data to files. The commands are submitted directly to the PAM server. It is not necessary to install the remote CLI tool. The raw files can be viewed to see which attributes are available for each type of object. Only minor modifications of the script would be needed to add columns, such as a target account descriptor field, or the target application type etc.

The script asks for the PAM server address, and PAM user credentials. The PAM user must have access to all target data. It was tested successfully with powershell 5.1 against PAM 4.1.X releases using the super user and processed about 6500 accounts in one minute. It was not tested with tens of thousands of accounts, but would be expected to be able to handle that and just take more time.