cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Contributor

How-To pull group memberships via API

No TLDR for this one. This is a technical how-to so be warned.

This method shows how to generate a group membership listing using the provisioning API and PowerShell.

 

First setup the header

 

$lpURL = "https://lastpass.com/enterpriseapi.php"
$payload = @{}
$payload.add("Content-Type","application/JSON")
$payload.add("cid","__uzur0wn__")
$payload.add("provhash","__uzur0wn__")
$payload.add("apiuser","__urNameG03zh3r3__")

Now we add the command to the header and pull the data.

$payload.add("cmd","getuserdata")

$jsonPayload = $payload | convertto-json
$results = Invoke-WebRequest $lpurl -Body $jsonPayload -UseBasicParsing -Method Post

$temp = $results.content | convertfrom-json -depth 4

Now we clean up the data into something more usable

$userList = New-Object System.Collections.ArrayList($null)

foreach ($cUser in $uids) {

$tempUser = $temp.users.$cUser

$cUser = @{uid = $cUser
	admin = $tempuser.admin
	applications = $tempuser.applications
	attachments = $tempuser.attachments
	created = $tempuser.created
	disabled = $tempuser.disabled
	duousername = $tempuser.duousername
	formfills = $tempuser.formfills
	fullname = $tempuser.fullname
	groups = $tempuser.groups
	last_login = $tempuser.last_login
	last_pw_change = $tempuser.last_pw_change
	mpstrength = $tempuser.mpstrength
	neverloggedin = $tempuser.neverloggedin
	notes = $tempuser.notes
	password_reset_required = $tempuser.password_reset_required
	sites = $tempuser.sites
	totalscore = $tempuser.totalscore
	username = $tempuser.username
	}

[void]$userList.Add($cUser)

}

At this point all of the user data is in the $userList ArrayList and can be inspected as needed. BUT we still need to reformat this into a group centric view. We do that using this code:

$groupList = New-Object System.Collections.ArrayList($null)
foreach ($user in $userList){

	foreach ($group in $user.groups){

	$cEntry = [pscustomobject][ordered]@{
		groupName = $group
		Name = $user.fullname
		userName = $user.username
	}

	[void]$groupList.add($cEntry)

	}

}

Now you can simply export that variable to a CSV file and in that spreadsheet you can create a pivot table to display it by group then the users in that group. If you have the Import-Excel addin for Powershell, you can use the following code to dump the information directly into an XL file with the pivot table pre-created

 

$groupList | Export-Excel $env:temp\lpGroupList.xlsx `
-IncludePivotTable `
-PivotRows "groupName","Name" `
-AutoSize `
-BoldTopRow `
-Show

 

Tags (3)