Citrix Daas SDK

New-AcctServiceAccount

Creates a new service account.

Syntax

New-AcctServiceAccount
   -IdentityProviderType <String>
   -IdentityProviderIdentifier <String>
   -AccountId <String>
   -AccountSecret <SecureString>
   -SecretExpiryTime <DateTime>
   [-Capabilities <String[]>]
   [-Scope <String[]>]
   [-TenantId <Guid>]
   [-DisplayName <String>]
   [-Description <String>]
   [-LoggingId <Guid>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Description

Provides the ability to create service accounts that can be used to store credential to access identity provider like Azure AD.

Each service account is tied to a single identity provider.

Examples

EXAMPLE 1

Create a new service account to access AzureAD with AzureArcResourceManagement capability.

New-AcctServiceAccount -IdentityProviderType AzureAD -IdentityProviderIdentifier f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6 -AccountId ac14e785-cdb2-4e18-9240-8b49583b11a2 -AccountSecret $password -SecretExpiryTime 2024-09-09 -Capabilities 'AzureArcResourceManagement'

ServiceAccountUid            : 17631afc-2e4c-491e-b0aa-f979a80e32c1
IdentityProviderIdentifier   : f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6
IdentityProviderType         : AzureAD
SecretExpiryTime             : 9/9/2024 8:00:00 PM
AccountId                    : ac14e785-cdb2-4e18-9240-8b49583b11a2
Capabilities                 : {AzureArcResourceManagement}
FailureReason                :
IsHealthy                    : True
Scopes                       : {}
TenantId                     :
<!--NeedCopy-->

EXAMPLE 2

Create a new service account to access ActiveDirectory.

New-AcctServiceAccount -IdentityProviderType ActiveDirectory -IdentityProviderIdentifier test.local -AccountId test\svcacct_1 -AccountSecret $password -SecretExpiryTime 2024-09-09

ServiceAccountUid            : ad24284e-ba3d-4504-80db-9ac6640de533
IdentityProviderIdentifier   : test.local
IdentityProviderType         : ActiveDirectory
SecretExpiryTime             : 9/9/2024 8:00:00 PM
AccountId                    : test\svcacct_1
Capabilities                 :
FailureReason                :
IsHealthy                    : True
Scopes                       : {}
TenantId                     :
<!--NeedCopy-->

EXAMPLE 3

Create a new service account to access ActiveDirectory.

New-AcctServiceAccount -IdentityProviderType ActiveDirectory -IdentityProviderIdentifier test.local -AccountId test\svcacct_1 -AccountSecret $password -SecretExpiryTime 2024-09-09 -DisplayName "display name for this service account" -Description "description for this service account"

ServiceAccountUid            : ad24284e-ba3d-4504-80db-9ac6640de533
IdentityProviderIdentifier   : test.local
IdentityProviderType         : ActiveDirectory
SecretExpiryTime             : 9/9/2024 8:00:00 PM
AccountId                    : test\svcacct_1
Capabilities                 :
Description                  : description for this service account
DisplayName                  : display name for this service account
FailureReason                :
IsHealthy                    : True
Scopes                       : {}
TenantId                     :
<!--NeedCopy-->

Parameters

-IdentityProviderType

The type of the identity provider that associates with this service account. Can be AzureAD or ActiveDirectory.

Type: String
Accepted values: ActiveDirectory, AzureAD
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-IdentityProviderIdentifier

The identifier of the given identity provider. E.g. Azure AD tenant id if ‘IdentityProviderType’ is AzureAD.

Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-AccountId

The identifier for the service account. E.g. Azure application (client) id if ‘IdentityProviderType’ is AzureAD.

Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-AccountSecret

The secret for the service account. E.g. Azure application (client) secret if ‘IdentityProviderType’ is AzureAD. The secret will be encrypted and stored in database.

Type: SecureString
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-SecretExpiryTime

The secret expiration time for the service account.

Type: DateTime
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-Capabilities

The capabilities for the service account.

Type: String[]
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Scope

The administration scopes to be applied to the new service account.

Type: String[]
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-TenantId

Specifies identity of tenant associated with service account. Must always be specified in multi-tenant sites, must not be specified otherwise.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-DisplayName

The display name for the service account.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Description

The description for the service account.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-LoggingId

Specifies the identifier of the high-level operation this cmdlet call forms a part of. Citrix Studio and Director typically create high-level operations. PowerShell scripts can also wrap a series of cmdlet calls in a high-level operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You can’t pipe objects to this cmdlet.

Outputs

Citrix.ADIdentity.Sdk.ServiceAccount

This object provides details of the service account and contains the following information:

ServiceAccountUid <GUID> The unique identifier of the service account. SecretExpiryTime <Datetime> The expiration time for the secret of the service account. AccountId <string> The identifier for the service account. E.g. Azure application ID if the service account is with Azure AD as identity provider. IdentityProviderIdentifier <string> The identifier of the identity provider that the service account belongs to. E.g. Azure AD tenant ID. IdentityProviderType <string> The type of the identity provider of the service account. Can be AzureAD or ActiveDirectory. IsHealthy <bool> Indicates if the service account is healthy. Capabilities <string[]> Capabilities of the service account. Can be AzureArcResourceManagement. FailureReason <string> The reason why the service account becomes unhealthy. Scopes <Citrix.ADIdentity.Sdk.ScopeReference[]> The administration scopes associated with this identity pool. TenantId <GUID> Identity of the Citrix tenant associated with this identity pool. Not applicable (always blank) in non-multitenant sites. DisplayName <string> The display name of the service account. Description <string> The description of the service account.

Notes

In the case of failure, the following errors can result.

Error Codes


IdentityProviderTypeDoesNotMatch

The specified identity provider type doesn’t match the existing identity provider for the given tenant.

ServiceAccountDuplicateObjectExists

Duplicate object exists.

UnsupportedIdentityProviderType

The specified identity provider type is not supported.

InvalidServiceAccountCapabilities

One or more specified service account capabilities are not supported.

PermissionDenied

The user does not have administrative rights to perform this operation.

ConfigurationLoggingError

The operation could not be performed because of a configuration logging error

DatabaseError

An error occurred in the service while attempting a database operation.

DatabaseNotConfigured

The operation could not be completed because the database for the service is not configured.

ServiceStatusInvalidDb

An error occurred in the service while attempting a database operation - communication with the database failed for various reasons.

CommunicationError

An error occurred while communicating with the service.

ExceptionThrown

An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.

New-AcctServiceAccount