Batch Reset Default Password

by feganmeister » Thu Jun 02, 2016 9:48 am

Hello.

If a Workflow Service Account has been provisioned to be used as the default account, it's likely the account password will have an expiry set. In this scenario, after the password has been reset, any workflow depending on the old credentials will fail (as expected). However, updating the credentials in every Site Collection is very laborious. I made a simple script that reads the Property Bag of all Site Collections and, if it finds an old hash, updates it with a new one.

I wondered if there was a better or more appropriate way to update the Actions Pack default credentials for multiple Site Collections?

Thanks,

Patrick.
User avatar
feganmeister
 
Posts: 13
Joined: Tue Feb 09, 2016 11:07 am

by Roman Rylov » Fri Jun 03, 2016 10:53 am

Hello Patrick,

Unfortunately, we still have not invented a better option to do this.

We think about something like admin center for the product, but this is still in early of development.
User avatar
Roman Rylov
 
Posts: 328
Joined: Tue Nov 11, 2014 6:25 pm

by Matt » Thu Sep 08, 2016 3:01 pm

Hello,

I am trying to do a similar thing and was wondering which hashing algorithm you used to generate the encrypted password?

Thanks,
Matt
Matt
 
Posts: 2
Joined: Thu Sep 08, 2016 2:51 pm

by feganmeister » Thu Sep 08, 2016 3:38 pm

Looks to me like maybe an implementation of Rijndael.

If you update the credentials on any site then check the Property Bag for field "PlumsailActionsPackSettings", you'll have the new hash. I grab that string then apply it to all my other Site Collections. Not sure if that helps.
User avatar
feganmeister
 
Posts: 13
Joined: Tue Feb 09, 2016 11:07 am

by Matt » Fri Sep 09, 2016 1:08 pm

Thanks feganmeister. I was hoping to be able to use different accounts so we could see which site collection things had been copied from. I'll have a look at Rijndael but it was a nice to have not a deal breaker.

Thanks,
Matt
Matt
 
Posts: 2
Joined: Thu Sep 08, 2016 2:51 pm

by feganmeister » Fri Sep 09, 2016 1:18 pm

No problem. Obviously I don't speak for Plumsail, but I doubt they'd share the salt, initiation vectors, etc with us... Otherwise we'd be able to decrypt the passwords :)
User avatar
feganmeister
 
Posts: 13
Joined: Tue Feb 09, 2016 11:07 am

by sbowles » Tue Sep 20, 2016 2:35 pm

Hello,

Posting this in the hopes it helps someone out there.

Generate list of all SharePoint Online sites with Plumsail configured

Code: Select all
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"


$plumsailLogPath = Read-Host -Prompt "Enter path for log file to be written to, e.g., C:\temp\siteswithplumsail.txt"
$username = Read-Host -Prompt "Enter your username"
$password = Read-Host -AsSecureString -Prompt "Enter your password"
$adminCentreURL = Read-Host -Prompt "Enter the URL to your admin centre, e.g., https://xyz-admin.sharepoint.com"
$spoAdminCentreCredentials = New-Object System.Management.Automation.PSCredential($username, $password)
$spoCollectionCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)

function main() {
  $sitesWithPlumsail = @()

  Connect-SPOService -Url $adminCentreURL -Credential $spoAdminCentreCredentials
  $sites = Get-SPOSite | select -ExpandProperty Url
  Disconnect-SPOService

  foreach ($site in $sites) {
    $sitesWithPlumsail += (recurse $site $spoCollectionCredentials)
  }

  $sitesWithPlumsail | Out-File $plumsailLogPath
}

function recurse($url, $credentials) {
  $sitesWithPlumsail = @()

  $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($url)
  $ctx.Credentials = $credentials
  $web = $ctx.Web
  $properties = $web.AllProperties
  $webs = $web.Webs

  $ctx.Load($web)
  $ctx.Load($properties)
  $ctx.Load($webs)

  try {
    $ctx.ExecuteQuery()
  } catch {
    return ($sitesWithPlumsail += ("AccessDenied: " + $url))
  }

  $ctx.Dispose()

  if ($properties.FieldValues.PlumsailActionsPackSettings.Length -gt 0) {
    $sitesWithPlumsail += $url
  }

  foreach ($subsite in $webs) {
    $sitesWithPlumsail += (recurse $subsite.url $credentials)
  }

  return $sitesWithPlumsail
}

main


Kind regards,
Stephen
sbowles
 
Posts: 4
Joined: Fri Sep 18, 2015 1:55 pm


Return to Workflow Actions Pack for Office 365

cron