Is it possible to programmatically change the password used in the PWA connector?

Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
The basis for my question is having the account managed by a security tool.  The tool would need to be able to change the password for the account specified in the PWA connector on a somewhat frequent basis.  It is trivial to change the RunAs accounts with PowerShell, but this connector stores the User/Pass.

In a perfect world, this connector would simply utilize one of the RunAs accounts (including creating a new one, of course), rather than requiring the manual entry of a username and password.  But if that is not feasible, how can we manage this scenario with the existing constraints?

Answers

  • Geoff_RossGeoff_Ross Cireson Consultant Super IT Monkey ✭✭✭✭✭
    Hi Tom,
    I don't have a project server to test this with in my lab (yet), but I would start by using SMLets to Get-SCSMConnector find the right connector and check the properties of that. To update, you need to save the connector object to a variable eg $PWAConnector, update that variable with new values and then use $PWAConnector | Update-SCSMConnector
    Sorry I can't be of any more help for now but let me know how you get on.
    Geoff
  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    Thanks for having a look at this one.  Following your advice, $PWAConnector has a RunAsAccount property, but it appears to be null. 

    So for your second step in the process, I have not tried setting RunAsAccount yet, because it does not have any apparent properties of its own, like the RunAsAccounts that appear in the console, or the hidden MOM/SCOM accounts.  It would seem that I just need to overwrite the whole object, but since it is null it suggests that this may not be where the username/password that I typed into the connector are stored.

    I need to get a test ID into there before I start experimenting.  Am I heading in the right direction, though?
  • Geoff_RossGeoff_Ross Cireson Consultant Super IT Monkey ✭✭✭✭✭
    @Tom_Hendricks
    You are heading in the direction I would be heading in, but that is no guarantee at all that it is the right direction  :p
    I'll do some more digging my end, see if I can come up with anything.
  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    I do not have a conclusion to this, but I do have an update.

    The RunAsAccount property should remain null.  This does not grant access to the PWA server (although, to points I have made in other posts, it should) and setting the property with a valid RunAsAccount will corrupt the connector.

    When working with the connector, it has a ConnectorObject property, which seems to store the properties specific to this type of connector.  For example, if $obj is our connector, then $obj.ConnectorObject.GetProperties() will show you the following:

    Name                     Key   Required AutoIncrement Type         DisplayName
    ---- --- -------- ------------- ---- -----------
    ProjectServerURL False False False string
    RunAsAccount False False False string
    IsFrequencySchedule False False False bool
    IsO365 False False False bool
    SolutionName False False False string Solution Name
    DataProviderName False False False string Data Provider Name
    DataProviderDisplayName False False False string Data Provider Display Name
    ReaderProfileName False False False string Reader Profile Name
    DatawarehouseProfileName False False False string Data Warehouse Profile Name
    Reserved False False False string Reserved
    ImpersonationEnabled False False False bool Impersonation Enabled
    SyncType False False False SyncTypeEnum Synchronization Type
    SyncInterval False False False int Sync Interval
    SyncTime False False False datetime Sync Time
    SyncNow False False False bool Synchronize Now
    Enabled False False False bool Enabled
    IsNullPropertySkipped False False False bool
    Id True False False string Connector ID
    Name False False False string Connector Name
    Description False False False string Connector Description
    DiscoveryDataIsManaged False False False bool Is Discovery Data Managed
    DiscoveryDataIsShared False False False bool Is Discovery Data Shared
    Incoming False False False bool Is Incoming
    Outgoing False False False bool Is Outgoing
    DisplayName False False False string Display Name
    It is not clear to me that any of these properties (or children of them) represent the credentials used to connect to PWA, however.

    Any other insight the team could provide on this?
Sign In or Register to comment.