Get-Acctadaccount¶
Gets the Active Directory (AD) accounts stored in the AD Identity Service.
Syntax¶
Get-AcctADAccount [-IdentityPoolName <String>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]<br><br>Get-AcctADAccount [-IdentityPoolUid <Guid>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]
Detailed Description¶
Provides the ability to locate the Active Directory (AD) accounts stored within the AD Identity Service and view the state of the accounts.
Related Commands¶
- New-AcctADAccount
- Add-AcctADAccount
- Remove-AcctADAccount
- Unlock-AcctADAccount
- Update-AcctADAccount
- Repair-AcctADAccount
Parameters¶
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| ADAccountSid | The AD Account SID of the account. | false | false | |
| Domain | The domain of the account (this is in dns format). | false | false | |
| State | The current state of the identity stored in the AD Identity Service for the AD account. | false | false | |
| Lock | Indicates if the account is locked in the AD Identity Service. | false | false | |
| ReturnTotalRecordCount | See about_Acct_Filtering for details. | false | false | false |
| MaxRecordCount | See about_Acct_Filtering for details. | false | false | 250 |
| Skip | See about_Acct_Filtering for details. | false | false | 0 |
| SortBy | See about_Acct_Filtering for details. | false | false | |
| Filter | See about_Acct_Filtering for details. | false | false | |
| FilterScope | Gets only results allowed by the specified scope id. | false | false | |
| BearerToken | Specifies the bearer token assigned to the calling user | false | false | |
| TraceParent | Specifies the trace parent assigned for internal diagnostic tracing use | false | false | |
| TraceState | Specifies the trace state assigned for internal diagnostic tracing use | false | false | |
| VirtualSiteId | Specifies the virtual site the PowerShell snap-in will connect to. | false | false | |
| AdminAddress | Specifies the address of a Citrix Virtual Apps and Desktops controller that the PowerShell snap-in connects to. You can provide this as a host name or an IP address. | false | false | LocalHost. Once a value is provided by any cmdlet, this value becomes the default. |
| IdentityPoolName | The name of the identity pool to which the account is registered. | false | true (ByPropertyName) | |
| IdentityPoolUid | The unique identifier for the identity pool that the account is registered to. | false | false |
Input Type¶
¶
Return Values¶
Citrix.Adidentity.Sdk.Identityinpool¶
The Get-AcctADAccount returns an object that contains the following parameters:
IdentityPoolName <string>
The name of the containing identity pool.
IdentityPoolUid <GUID>
The unique identifier for the containing identity pool.
ADAccountGuid <GUID>
The unique identifier for the account.
ADAccountName <string>
The name of the account.
ADAccountSid <string>
The SID for the account.
AccountDisabled <bool>
Whether or not the account is disabled in AD.
AccountLocked <bool>
Whether or not the account is locked in AD.
Domain <string>
The domain for the account.
DomainControllerHint <string>
The base 64 encoded hint for the domain controller location.
Lock <bool>
Whether or not the account is locked (in the database, not AD).
State <string>
The state for the account. This can be:
Available
The account is not used.
InUse
The account is in use.
Error
The account is in error (i.e. the account is locked or disabled in AD).
Tainted
The account is no longer used, but the password is no longer known.
TenantId <GUID>
The identity of the tenant associated with this account.
DeviceManagementType <string>
The device management type.
IdentityType <string>
The identity type.
VdaHostId <GUID>
The ID of the VDA associated with this account.
WorkgroupMachine <bool>
Whether or not the account is a workgroup account (not domain-joined).
TrustServiceInstanceId <string>
The trust service ID of the machine.
Notes¶
In the case of failure the following errors can result.
Error Codes
-----------
PartialData
Only a subset of the available data was returned.
CouldNotQueryDatabase
The query required to get the database was not defined.
PermissionDenied
The user does not have administrative rights to perform this operation.
ConfigurationLoggingError
The operation could not be performed because of a configuration logging error
CommunicationError
An error occurred while communicating with the service.
DatabaseNotConfigured
The operation could not be completed because the database for the service is not configured.
InvalidFilter
A filtering expression was supplied that could not be interpreted for this cmdlet.
ExceptionThrown
An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.
Examples¶
Example 1¶
c:\PS>Get-AcctADAccount<br><br> ADAccountGuid : a33f54f8-4944-4537-93c9-a04f0b889378<br><br> ADAccountName : MyDomain\ACC001<br><br> ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2684<br><br> AccountDisabled : False<br><br> AccountLocked : False<br><br> Domain : MyDomain.com<br><br> DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==<br><br> Lock : False<br><br> State : Available<br><br> TenantId :<br><br> DeviceManagementType : None<br><br> IdentityType : ActiveDirectory<br><br> VdaHostId : ee3ec984-3f1b-41ed-aee7-38754692e829<br><br> WorkgroupMachine : False<br><br> TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684<br><br> IdentityPoolName : MyWorkgroupPool<br><br> IdentityPoolUid : f4aef7af-4298-44a3-a5fb-4a9201ca01d7<br><br> ADAccountGuid : 00000000-0000-0000-0000-000000000000<br><br> ADAccountName : WorkgrpAcc001<br><br> ADAccountSid : S-1-254-31435167-1163162762-1265062292-170227718-1001<br><br> AccountDisabled : False<br><br> AccountLocked : False<br><br> Domain :<br><br> DomainControllerHint :<br><br> Lock : False<br><br> State : Available<br><br> TenantId :<br><br> DeviceManagementType : None<br><br> IdentityType : Workgroup<br><br> VdaHostId : 01dfa99f-748a-4554-9451-674b0678250a<br><br> WorkgroupMachine : True<br><br> TrustServiceInstanceId : 01dfa99f-748a-4554-9451-674b0678250a
Description¶
Return all the AD accounts that are registered in the AD Identity Service.
Example 2¶
c:\PS>Get-AcctADAccount -IdentityPoolName MyPool -Lock $false
Description¶
Return all the AD accounts that are registered in the AD Identity Service in the identity pool named "MyPool" that are not locked.
Example 3¶
c:\PS>Get-AcctADAccount -Filter {IdentityPoolName -Like "p\*" -or IdentityPoolName -eq "MyPool"}
Description¶
Return all the AD accounts that are registered in the AD Identity Service in the identity pool named "MyPool" or an identity pool with a name starting with 'p'. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.