commvault.com commvault.com
Solved

Query/Script to fetch service accounts used in Commvault

  • 24 May 2021
  • 7 replies
  • 722 views
S
Rank
Badge +3

Hi Team,

I am looking for a Query/Script that can be used to fetch the information about all the service accounts that are used in Commcell Environment.

Eg: to store DR backups in a Network share/ account used to add the mountpath(provisioned from NAS/SAN) in a media agent etc.

These service accounts are not coming from AD and hence are not listed in the Users or Users and User groups. Hence, they cannot be found in the Users and Users groups permissions report from webconsole.

Also, these service accounts cannot be obtained from “UMUser” table in CSDB.

Is there a way we can obtain this information from CSDB?

I have a support ticket 210524-114 opened for this request.

Regards,

Shashwat

icon

Best answer by Mike Struening RETIRED 15 June 2021, 20:25

View original

7 replies

S
Rank
Userlevel 7
Badge +15

Hi @SHASHA 

Thank you for the question and welcome to the Community!

I’m not sure we have command line options or scripts to check user accounts used across the Commcell, but we do have User Account Management item in the control panel to help manage these accounts.

The options in User Account Management allow you to display (preview) all the items where a specific user account has been configured and if necessary, update those credentials in a single step, environment-wide.

Thanks,

Stuart

Customer Support
S
Rank
Badge +3

Hi @SHASHA 

Thank you for the question and welcome to the Community!

I’m not sure we have command line options or scripts to check user accounts used across the Commcell, but we do have User Account Management item in the control panel to help manage these accounts.

The options in User Account Management allow you to display (preview) all the items where a specific user account has been configured and if necessary, update those credentials in a single step, environment-wide.

Thanks,

Stuart

Hi Stuart,

I checked the UAM in Control Panel, however, the credentials/account details are not available there. However, for an instance, if you go to the DR backup under Maintenance, there the metadata is going to the network share and to open that network share we are using a Service account.

Similarly, under the mount path properties, in the sharing tab, we can see the login for the mountpath which is once again provisioned from a NAS. 

The only hope I have is to retrieve the details from the CSDB.

 

Regards,

Shashwat

S
Rank
Userlevel 7
Badge +15

Hi @SHASHA 

UAM is the tool to use to obtain system account username and password usage across the environment, I have checked other command line, REST API tools to display user details, but these refer to commcell user accounts.

If you take a known credential, e.g. DR Backup or mount path as you mentioned, then enter these into UAM under Current Credentials, leaving New Credential blank and click Preview, does this display the expected items where that credential has been used?

Thanks,

Stuart

Customer Support
S
Rank
Badge +3

Hi @SHASHA 

UAM is the tool to use to obtain system account username and password usage across the environment, I have checked other command line, REST API tools to display user details, but these refer to commcell user accounts.

If you take a known credential, e.g. DR Backup or mount path as you mentioned, then enter these into UAM under Current Credentials, leaving New Credential blank and click Preview, does this display the expected items where that credential has been used?

Thanks,

Stuart

The problem currently is that we don’t have a tracker for all the service accounts and hence there is a need to extract all such login id/accounts. Once we have the list then we can further add those users into UAM.

But right now, do we have a way to find the accounts?

S
Rank
Badge +3

Hi Team,

I was able to locate the login id and passwords that were used to add the mountpaths (provisioned out of NAS) using the following queries in CSDB:

select * from MMMountpathCredentialAssoc;
select * from MMS2getMountPathNameGUIView;
select * from APP_Credentials;

They did help in almost showcasing the required data. However, the obtained passwords are in Encrypted format. I have requested support to internally escalate to T2/Engineering team to assist in decoding the passwords.

S
Rank
Userlevel 7
Badge +15

Hi @SHASHA 

If you have current credentials being used, then you can use UAM to check user accounts across the commcell using the preview option.

Then you can reset the credentials to a new password if needed using UAM - there is no need to decrypt the existing passwords.

 

You can use Preview to check where the user account provided has been set and as you may not have the current password, you can use Skip Password Check.

Thanks,

Stuart

Customer Support
Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Hey @SHASHA !  Noting that the incident was closed off with the solution:

Looking for all the Service accounts used in CommServer to access mount paths.

Solution:

Pulled required information using select * from MMS2getMountPathNameGUIView and select * from APP_Credentials;

-- Map the credentials with the respective MPs and provide the info.

Decrypted the password list as per request and shared.

Thanks!

https://www.linkedin.com/in/michael-struening

Reply


Terms & ConditionsCookie settings