We are using a PAM tool (cyberark) to rotate service account passwords. Is there a way to run a powershell, batch or API to update credential in Solarwinds?
yea thats my issue. Cyberark rotates the password in AD. Then I need to update solarwinds with the new password. I want to kickoff a script to do this. Right now I have to get the new PW from cyberark and manually change it in Solarwinds via Manage Windows Credentials. Id like to automate the process.
because we have an expensive tool that rotates passwords for us. What you suggest is what we do now.
I assume the Windows Credentials are stored in the SQL DB? I could write a SQL query to update that field. I assume its encrypted in the DB though so ill have to figure that out.
thanks for the replies
the encryption part for the DB is handled by the DB, it un-encrypts it and encrypts it as needed. Knowing where to put the password likely is the challenge. Now if Orion has its own encryption, that is a different ballgame. Not sure if there is an API call that could be used to do it.
Please update this post if you ever get this working, we have the same issue. Another issue we run into during the update process is the AD password gets changed on the PAM side and before we can get it changed on the Orion side the passwords get locked in AD because for a period of time they are out of sync and Orion is still trying to use the old password and it locks the accounts out after three tries.
Thanks for digging this up! Theoretically, I'm thinking you could use this with a tool designed to manage rotation of PWs.
have 2 sets of creds per function (i.e. wmi for general polling - i.e. #monitor1 and #monitor2)
when change required, user 2 gets enabled and pw gets changed by tool, and command and control script (C&CS) grabs / tool kicks off with username and new pw in parameter.
C&CS uses api to update monitoring user 2, then C&CS updates all nodes/apps with credentials for user1 to user2
C&CS then disables user2 after some hold down time.
don't have time to work on this now, but need is pressing so hopefully, soon.
edit: idea of 2 creds per was gotten from https://thwack.solarwinds.com/product-forums/network-performance-monitor-npm/f/forum/89228/when-you-have-to-change-all-passwords-for-the-orion-monitoring-platform
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK© online community. More than 180,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.