Powershell Password Change Job for IPMI Devices

Start with the following PowerShell snippet to create a password change job for an IPMI device that has been previously enrolled.

Note that there is only a cmdlet to perform a Windows password change job. All jobs start as Windows password change jobs and are transformed into jobs for the other target platforms. This the proper way to create a password change job for an IPMI device is:

  1. New-LSJobWindowsChangePassword - this creates the initial job (yes, for the wrong platform).
  2. Set-LSJobChangePasswordChangeSettings - this will let you define everything, including that you want to do it for an IPMI device.
  3. Set-LSJobSchedule

In the example code below, the schedule portion of the job is not configured.

#The following will create an IPMI password change job that will login as ADMIN using the password from the store and randomize an account called Scooby.
#Be aware, most of these devices are case sensitive!!!
#You have to authenticate first!

$token = Get-LSLoginToken

#Set target elements $tsystem = '192.168.1.151'

$lAccount = 'ADMIN'
#$lAPwd = 'ADMIN' #shouldn't be needed as the device is already enrolled with a password as a valid account store. But just in case, use this value when 'UseSavedPasswords = 0' for JobSettings
$tType = 'ACCOUNT_TYPE_IPMI' #This sets the job to an IPMI password change job
$tAccount = 'Scooby'
$pwCType = 'PWD_CHANGE_TYPE_GEN_RANDOM' #This sets the job to use a random password rather than a fixed/static password
$pwCompat = 'PWD_COMPAT_W2K' #This sets the job to use WIN2K compatibility mode so you can use passwords longer than 14 characters

#Create the new job

#The new job is added to a variable $nJob as we will need to pull the JobID from the message output

$nJob = New-LSJobWindowsChangePassword -SystemName $tsystem -AccountName $tAccount -PasswordLength 10 -AuthenticationToken $token -CreateAccountIfNotFound $False

#Grab JobID from Operation Message. JobID is the last element in the output message on success.

$OMArray=$nJob.OperationMessage.Split()
$JID = $OMArray[-1]

#Update the job to be used for IPMI rather than for Windows and set other password constraints

#Create PCJobSettings Objects

$PCJobSettings = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeSettings
$PWConstraints = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeConstraints

#Define job settings

$PCJobSettings.AccountType = [LSClientAgentCommandlets.RouletteWebService.EAccountType]::$tType
$PCJobSettings.PasswordChangeType =[LSClientAgentCommandlets.RouletteWebService.EPasswordChangeType]::$pwCType
$PCJobSettings.PasswordCompatibilityLevel = [LSClientAgentCommandlets.RouletteWebService.EPasswordCompatibilityLevel]::$pwCompat
$PCJobSettings.FullAccountName = $tAccount
$PCJobSettings.LoginName = $lAccount
#$PCJobSettings.CurrentPassword = $lAPwd #Uncomment when 'UseSavedPasswords = 0'
$PCJobSettings.Unique = 1 #Set to 1 to use a unique random password rather than a fixed random password
$PCJobSettings.UseSavedPasswords = 1 #Set to 1 to instruct the job to use the password stored for the login account. If set to 0 you must supply (uncomment) the Current password and #lAPwd above
$PCJobSettings.FirstCharacterSetBits = 15 #This sets the password settings to use all possible characters in the first position
$PCJobSettings.LastCharacterSetBits = 15 #This sets the password settings to use all possible characters in the last position
$PCJobSettings.MiddleCharactersSetBits = 15 #This sets the password settings to use all possible characters in the middle position
$PCJobSettings.PasswordCharacterSetBits = 15 #This sets the password settings to use all possible characters for the general job
$PCJobSettings.PasswordLength = 8
$PCJobSettings.MinLettersLcase = 1
$PCJobSettings.MinLettersUcase = 1
$PCJobSettings.MinNumbers = 1
$PCJobSettings.MinSymbols = 1
$PCJobSettings.PasswordSegments = 1

#Define constraints

$PWConstraints.FailGenerationOnMissingPassfiltDLL = $False #If set to $True or not included, you must also define a path to the password filter or the job will fail.
$PWConstraints.SymbolsExcludeProblematicWithAPIs = $True #Set to $False to enable all possible characters in the job

#Assign the password constraints

$PCJobSettings.PasswordConstraints = $PWConstraints

#Apply the job with the new settings

Set-LSJobPasswordChangeSettings -AuthenticationToken $token -PasswordChangeSettings

$PCJobSettings -JobId $JID

#Define the Job Schedule (commented out in this example as it is not configured)

#Set-LSJobSchedule