Home General Discussion

Is it possible to programmatically change the password used in the PWA connector?

Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
The basis for my question is having the account managed by a security tool.  The tool would need to be able to change the password for the account specified in the PWA connector on a somewhat frequent basis.  It is trivial to change the RunAs accounts with PowerShell, but this connector stores the User/Pass.

In a perfect world, this connector would simply utilize one of the RunAs accounts (including creating a new one, of course), rather than requiring the manual entry of a username and password.  But if that is not feasible, how can we manage this scenario with the existing constraints?

Comments

  • Geoff_RossGeoff_Ross Cireson Consultant O.G.
    Hi Tom,
    I don't have a project server to test this with in my lab (yet), but I would start by using SMLets to Get-SCSMConnector find the right connector and check the properties of that. To update, you need to save the connector object to a variable eg $PWAConnector, update that variable with new values and then use $PWAConnector | Update-SCSMConnector
    Sorry I can't be of any more help for now but let me know how you get on.
    Geoff
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    Thanks for having a look at this one.  Following your advice, $PWAConnector has a RunAsAccount property, but it appears to be null. 

    So for your second step in the process, I have not tried setting RunAsAccount yet, because it does not have any apparent properties of its own, like the RunAsAccounts that appear in the console, or the hidden MOM/SCOM accounts.  It would seem that I just need to overwrite the whole object, but since it is null it suggests that this may not be where the username/password that I typed into the connector are stored.

    I need to get a test ID into there before I start experimenting.  Am I heading in the right direction, though?
  • Geoff_RossGeoff_Ross Cireson Consultant O.G.
    @Tom_Hendricks
    You are heading in the direction I would be heading in, but that is no guarantee at all that it is the right direction  :p
    I'll do some more digging my end, see if I can come up with anything.
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    I do not have a conclusion to this, but I do have an update.

    The RunAsAccount property should remain null.  This does not grant access to the PWA server (although, to points I have made in other posts, it should) and setting the property with a valid RunAsAccount will corrupt the connector.

    When working with the connector, it has a ConnectorObject property, which seems to store the properties specific to this type of connector.  For example, if $obj is our connector, then $obj.ConnectorObject.GetProperties() will show you the following:

    Name                     Key   Required AutoIncrement Type         DisplayName<br>----                     ---   -------- ------------- ----         -----------<br>ProjectServerURL         False False    False         string<br>RunAsAccount             False False    False         string<br>IsFrequencySchedule      False False    False         bool<br>IsO365                   False False    False         bool<br>SolutionName             False False    False         string       Solution Name<br>DataProviderName         False False    False         string       Data Provider Name<br>DataProviderDisplayName  False False    False         string       Data Provider Display Name<br>ReaderProfileName        False False    False         string       Reader Profile Name<br>DatawarehouseProfileName False False    False         string       Data Warehouse Profile Name<br>Reserved                 False False    False         string       Reserved<br>ImpersonationEnabled     False False    False         bool         Impersonation Enabled<br>SyncType                 False False    False         SyncTypeEnum Synchronization Type<br>SyncInterval             False False    False         int          Sync Interval<br>SyncTime                 False False    False         datetime     Sync Time<br>SyncNow                  False False    False         bool         Synchronize Now<br>Enabled                  False False    False         bool         Enabled<br>IsNullPropertySkipped    False False    False         bool<br>Id                       True  False    False         string       Connector ID<br>Name                     False False    False         string       Connector Name<br>Description              False False    False         string       Connector Description<br>DiscoveryDataIsManaged   False False    False         bool         Is Discovery Data Managed<br>DiscoveryDataIsShared    False False    False         bool         Is Discovery Data Shared<br>Incoming                 False False    False         bool         Is Incoming<br>Outgoing                 False False    False         bool         Is Outgoing<br>DisplayName              False False    False         string       Display Name
    It is not clear to me that any of these properties (or children of them) represent the credentials used to connect to PWA, however.

    Any other insight the team could provide on this?
Sign In or Register to comment.