Batch Reset Default Password

feganmeister · June 2, 2016, 9:48am

Hello.

If a Workflow Service Account has been provisioned to be used as the default account, it’s likely the account password will have an expiry set. In this scenario, after the password has been reset, any workflow depending on the old credentials will fail (as expected). However, updating the credentials in every Site Collection is very laborious. I made a simple script that reads the Property Bag of all Site Collections and, if it finds an old hash, updates it with a new one.

I wondered if there was a better or more appropriate way to update the Actions Pack default credentials for multiple Site Collections?

Thanks,

Patrick.

Roman · June 3, 2016, 10:53am

Hello Patrick,

Unfortunately, we still have not invented a better option to do this.

We think about something like admin center for the product, but this is still in early of development.

Matt · September 8, 2016, 3:01pm

Hello,

I am trying to do a similar thing and was wondering which hashing algorithm you used to generate the encrypted password?

Thanks,
Matt

feganmeister · September 8, 2016, 3:38pm

Looks to me like maybe an implementation of Rijndael.

If you update the credentials on any site then check the Property Bag for field “PlumsailActionsPackSettings”, you’ll have the new hash. I grab that string then apply it to all my other Site Collections. Not sure if that helps.

Matt · September 9, 2016, 1:08pm

Thanks feganmeister. I was hoping to be able to use different accounts so we could see which site collection things had been copied from. I’ll have a look at Rijndael but it was a nice to have not a deal breaker.

Thanks,
Matt

feganmeister · September 9, 2016, 1:18pm

No problem. Obviously I don’t speak for Plumsail, but I doubt they’d share the salt, initiation vectors, etc with us… Otherwise we’d be able to decrypt the passwords

sbowles · September 20, 2016, 2:35pm

Hello,

Posting this in the hopes it helps someone out there.

Generate list of all SharePoint Online sites with Plumsail configured

[code]Add-Type -Path “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll”
Add-Type -Path “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll”

$plumsailLogPath = Read-Host -Prompt “Enter path for log file to be written to, e.g., C:\temp\siteswithplumsail.txt”
$username = Read-Host -Prompt “Enter your username”
$password = Read-Host -AsSecureString -Prompt “Enter your password”
$adminCentreURL = Read-Host -Prompt “Enter the URL to your admin centre, e.g., https://xyz-admin.sharepoint.com”
$spoAdminCentreCredentials = New-Object System.Management.Automation.PSCredential($username, $password)
$spoCollectionCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)

function main() {
$sitesWithPlumsail = @()

Connect-SPOService -Url $adminCentreURL -Credential $spoAdminCentreCredentials
$sites = Get-SPOSite | select -ExpandProperty Url
Disconnect-SPOService

foreach ($site in $sites) {
$sitesWithPlumsail += (recurse $site $spoCollectionCredentials)
}

$sitesWithPlumsail | Out-File $plumsailLogPath
}

function recurse($url, $credentials) {
$sitesWithPlumsail = @()

$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = $credentials
$web = $ctx.Web
$properties = $web.AllProperties
$webs = $web.Webs

$ctx.Load($web)
$ctx.Load($properties)
$ctx.Load($webs)

try {
$ctx.ExecuteQuery()
} catch {
return ($sitesWithPlumsail += ("AccessDenied: " + $url))
}

$ctx.Dispose()

if ($properties.FieldValues.PlumsailActionsPackSettings.Length -gt 0) {
$sitesWithPlumsail += $url
}

foreach ($subsite in $webs) {
$sitesWithPlumsail += (recurse $subsite.url $credentials)
}

return $sitesWithPlumsail
}

main[/code]

Kind regards,
Stephen