I'm currently reviewing automation opportunities within the day to day administration of a Clustered ONTAP CIFS server.
One of the processes I'm looking to automate is the vserver cifs password-reset operation which updates the password of the vservers computer account in the Active Directory domain.
Any domain admin worht their salt will tell you they perform house keeping on the domain by looking for machine account passwords that have not be changed in X days and deleting those accounts older than X.
The value of X will vary depending on your organizations security and risk profile.
To achieve this account password update in clustered ONTAP you use the vserver cifs password-reset command.
This would appear to map to the new-nccifspassword cmdlet.
However, unlike the CLI which asks you for credentials of a domain user with permissions to reset password on the OU where the computer account resides, the new-nccifspassword cmdlet does not accept such parameters.
On the controller in the log file /mroot/etc/log/mlog/mgwd.log you can see both the ontapi operation and the CLI operation but the ontapi stays at pending and never changes to a success state.
Certain information in the log extracts is masked for obvious reasons.
0000001c.0001084c 000d0193 Tue Dec 18 2012 16:21:11 -05:00 [kern_mgwd:info:823] ontapi :: xxx.xxx.xxx.xxx:: admin :: <netapp version='1.7' xmlns='http://www.netapp.com/filer/admin' vfiler='xxxxxxxxx'><cifs-password-change /></netapp>^M :: Pending
0000001c.00010879 000d053c Tue Dec 18 2012 16:22:45 -05:00 [kern_mgwd:info:823] ssh :: xxx.xxx.xxx.xxx:: admin :: vserver cifs password-reset -vserver xxxxxxxxxx:: Pending
0000001c.0001087f 000d055e Tue Dec 18 2012 16:22:48 -05:00 [kern_mgwd:info:823] ssh :: xxx.xxx.xxx.xxx :: admin :: vserver cifs password-reset -vserver xxxxxxxxxx:: Success
Is there a deficiency in the cmdlet or should I be using the invoke-ssh cmdlet instead for this purpose?
Any help would be appreciated