-
Understanding the Citrix Virtual Apps and Desktops Administration Model
-
-
New-AcctADAccount
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
New-AcctADAccount
Creates Active Directory (AD) computer accounts in the specified identity pool.
Syntax
New-AcctADAccount [-IdentityPoolName] <String> -Count <Int32> [-StartCount <Int32>] [-ADUserName <String>] [-ADPassword <SecureString>] [-Parallelism <Int32>] [-LoggingId <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]
New-AcctADAccount [-IdentityPoolName] <String> -ADAccountName <String[]> [-ADUserName <String>] [-ADPassword <SecureString>] [-Parallelism <Int32>] [-LoggingId <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]
New-AcctADAccount -IdentityPoolUid <Guid> -Count <Int32> [-StartCount <Int32>] [-ADUserName <String>] [-ADPassword <SecureString>] [-Parallelism <Int32>] [-LoggingId <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]
New-AcctADAccount -IdentityPoolUid <Guid> -ADAccountName <String[]> [-ADUserName <String>] [-ADPassword <SecureString>] [-Parallelism <Int32>] [-LoggingId <Guid>] [-BearerToken <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]
<!--NeedCopy-->
Detailed Description
Provides the ability to create new Active Directory (AD) computer accounts and register them in an already existing identity pool.
The accounts are created using the information stored in the identity pool. This provides the account name (via the Naming Scheme property and Start Count), domain, and OU.
The user performing the operation in PowerShell must have sufficient privileges in AD to create the new computer accounts. If the current user does not have sufficient privileges, the ADUserName and ADPassword parameters may be used instead.
The AD account names will pad the index to use all the space specified in the identity pool naming scheme (e.g. “acc###” will become “acc001”). However, if the index overflows the available space the cmdlet expands the format to use the next incremental number (e.g. “acc###” will become “acc1000” if the index is 10000, which cannot fit into the three ‘#’ placeholders). If this expanded name exceeds the 15 character name limit, the accounts are not created.
There can be only one creation process running for a specific identity pool at any one time. Attempting to start another account creation process while an existing one is executing results in an error being returned.
Related Commands
Parameters
Name | Description | Required? | Pipeline Input | Default Value |
---|---|---|---|---|
IdentityPoolName | The name of the identity pool in which accounts will be created. | true | false | |
Count | The number of accounts to create. | true | false | |
ADAccountName | The AD account names to be created. These are just the simple machine account names (e.g. MyVM001). | true | false | |
IdentityPoolUid | The unique identifier for the identity pool in which accounts will be created. | true | false | |
StartCount | The start index for the create process. | false | false | |
ADUserName | The username for an AD user account with Write Permissions. This parameter must be used if the current user does not have the necessary privileges. | false | false | |
ADPassword | The matching password for an AD user account with Write Permissions. This parameter must be used if the current user does not have the necessary privileges. | false | false | |
Parallelism | Gets or sets the maximum number of threads to create AD accounts in parallel. Range 1-60 with default of 20. | false | false | 20 |
LoggingId | Specifies the identifier of the high-level operation this cmdlet call forms a part of. Citrix Studio and Director typically create high-level operations. PowerShell scripts can also wrap a series of cmdlet calls in a high-level operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets. | false | false | |
BearerToken | Specifies the bearer token assigned to the calling user | false | false | |
TraceParent | Specifies the trace parent assigned for internal diagnostic tracing use | false | false | |
TraceState | Specifies the trace state assigned for internal diagnostic tracing use | false | false | |
VirtualSiteId | Specifies the virtual site the PowerShell snap-in will connect to. | false | false | |
AdminAddress | Specifies the address of a Citrix Virtual Apps and Desktops controller that the PowerShell snap-in connects to. You can provide this as a host name or an IP address. | false | false | LocalHost. Once a value is provided by any cmdlet, this value becomes the default. |
Input Type
Return Values
Citrix.Adidentity.Sdk.Accountoperationdetailedsummary
The Add-AcctADAccount returns an object that contains the following parameters;
-
SuccessfulAccountsCount <int> The number of accounts that were added successfully
-
FailedAccountsCount <int> The number of accounts that were not added.
-
FailedAccounts <Citrix.ADIdentity.Sdk.AccountError[]> The list of accounts that failed to be added. Each one has the following parameters;
-
ADAccountName <string>
-
ADAccountSid <String>
-
ErrorReason <string> This can be one of the following IdentityDuplicateObjectExists An identity with the same SID already exists. ADServiceDatabaseError An error occurred in the service while attempting a database operation. ADServiceDatabaseNotConfigured The operation could not be completed because the database for the service is not configured. ADServiceStatusInvalidDb An error occurred in the service while attempting a database operation - communication with the database failed for for various reasons. FailedToConnectToDomainController Contacting Active Directory failed. FailedToGetOrganizationUnitInAD Failed to access the OU in Active Directory. FailedToGetDefaultComputerContainerInAD Failed to access the default computers container in Active Directory. FailedToCreateComputerAccountInAD Failed to create the computer account in Active Directory. FailedToAccessComputerAccountInAD Failed to read the newly created computer account in Active Directory. FailedToGetSidFromAD Failed to get the SID for the created account from Active Directory. FailedToSetSamAccountNameInAD Failed to set the SAM account name in Active Directory for the account created. FailedToSetUserAccountControlInAD Failed to set the user account controller properties for the account created in Active Directory. FailedToSaveChangeInAD Failed to save the changes made to the created computer account in Active Directory. FailedToSetPasswordInAD Failed to set the password for the created computer account in Active Directory. FailedToEnableAccountInAD Failed to enable the newly created computer account in Active Directory. ComputerNameAlreadyInUseInAD The computer name for the computer to create is in use in Active Directory. FailedToGetDistinguishedNameInAD Failed to get the distinguished name for the created computer account in ActiveDirectory. FailedToSetDnsHostNameInAD Failed to set the Dns Host Name property for the created computer account in ActiveDirectory. FailedToSetDisplayNameInAD Failed to set the DisplayName property for the created computer account in ActiveDirectory. FailedToWriteServicePrincipalNameInAD Failed to set the ServicePrincipalName property for the created computer account in ActiveDirectory.
-
DiagnosticInformtion <Exception> Any other error information
-
SuccessfulAccounts <Citrix.ADIdentity.Sdk.Identity[]> The list of accounts that were successfully added. Each object provides details of the identity and contains the following information:
-
ADAccountGuid <GUID> The unique identifier for the account.
-
ADAccountName <string> The name of the account.
-
ADAccountSid <string> The SID for the account.
-
AccountDisabled <bool> Whether or not the account is disabled in AD.
-
AccountLocked <bool> Whether or not the account is locked in AD.
-
Domain <string> The domain for the account.
-
DomainControllerHint <string> The base 64 encoded hint for the domain controller location.
-
Lock <bool> Whether or not the account is locked (in the database, not AD).
-
State <string> The state for the account. This can be: Available The account is not used. InUse The account is in use. Error The account is in error (i.e. the account is locked or disabled in AD). Tainted The account is no longer used, but the password is no longer known.
-
TenantId <GUID> The identity of the tenant associated with this account.
-
DeviceManagementType <string> The device management type. New accounts will have the same ‘DeviceManagementType’ as the identity pool.
-
IdentityType <string> The identity type. New accounts will have the same ‘IdentityType’ as the identity pool.
-
VdaHostId <GUID> The ID of the VDA associated with this account.
-
WorkgroupMachine <bool> Whether or not the account is a workgroup account (not domain-joined).
-
TrustServiceInstanceId <string> The trust service ID of the machine.
Notes
In the case of failure, the following errors can result.
-
NamingSchemeNotSpecifiedForIdentityPool: No naming scheme is defined in the specified identity pool.
-
IdentityPoolObjectNotFound: The specified identity pool was not located.
-
IdentityPoolAlreadyLocked: The specified identity pool is locked.
-
PermissionDenied: The user does not have administrative rights to perform this operation.
-
ConfigurationLoggingError: The operation could not be performed because of a configuration logging error
-
DatabaseError: An error occurred in the service while attempting a database operation.
-
DatabaseNotConfigured: The operation could not be completed because the database for the service is not configured.
-
ServiceStatusInvalidDb: An error occurred in the service while attempting a database operation - communication with the database failed for various reasons.
-
CommunicationError: An error occurred while communicating with the service.
-
ExceptionThrown: An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.
Examples
Example 1
c:\PS>New-AcctADAccount -IdentityPoolName MyPool -Count 2 -OutVariable result
SuccessfulAccounts SuccessfulAccountsCount FailedAccountsCount FailedAccounts
------------------ ----------------------- ------------------- --------------
{MyDomain\ACC001, MyDomain\ACC002} 2 0 {}
c:\PS>$result[0].SuccessfulAccounts
ADAccountGuid : a33f54f8-4944-4537-93c9-a04f0b889378
ADAccountName : MyDomain\ACC001
ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2684
AccountDisabled : False
AccountLocked : False
Domain : MyDomain.com
DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock : False
State : Available
TenantId :
DeviceManagementType : None
IdentityType : ActiveDirectory
VdaHostId : ee3ec984-3f1b-41ed-aee7-38754692e829
WorkgroupMachine : False
TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684
ADAccountGuid : 16c62c01-42d0-4180-91c3-3e02b5a3e860
ADAccountName : MyDomain\ACC002
ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2685
AccountDisabled : False
AccountLocked : False
Domain : MyDomain.com
DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock : False
State : Available
TenantId :
DeviceManagementType : None
IdentityType : ActiveDirectory
VdaHostId : 8ca4ee0c-00bf-4e05-8605-c3ee7fe053c3
WorkgroupMachine : False
TrustServiceInstanceId : 8ca4ee0c-00bf-4e05-8605-c3ee7fe053c3-S-1-5-21-1315084875-1285793635-2418178940-2685
<!--NeedCopy-->
Description
Creates two new AD accounts and registers them in the identity pool called “MyPool”.
Example 2
c:\PS>New-AcctADAccount -IdentityPoolName MyPool -Count 2 -StartCount 50 -OutVariable result
SuccessfulAccounts SuccessfulAccountsCount FailedAccountsCount FailedAccounts
------------------ ----------------------- ------------------- --------------
{MyDomain\ACC050, MyDomain\ACC051} 2 0 {}
c:\PS>$result[0].SuccessfulAccounts
ADAccountGuid : fed20f3b-d1ec-4f8e-9681-197de9522bfd
ADAccountName : MyDomain\ACC050
ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2686
AccountDisabled : False
AccountLocked : False
Domain : MyDomain.com
DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock : False
State : Available
TenantId :
DeviceManagementType : None
IdentityType : ActiveDirectory
VdaHostId : 1772a527-33e6-4da4-8a3a-d98e13c1d156
WorkgroupMachine : False
TrustServiceInstanceId : 1772a527-33e6-4da4-8a3a-d98e13c1d156-S-1-5-21-1315084875-1285793635-2418178940-2686
ADAccountGuid : 86b3b360-e21f-4bb2-8e36-e236598fd51a
ADAccountName : MyDomain\ACC051
ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2687
AccountDisabled : False
AccountLocked : False
Domain : MyDomain.com
DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock : False
State : Available
TenantId :
DeviceManagementType : None
IdentityType : ActiveDirectory
VdaHostId : 0185a831-493f-4656-9126-9a29188c8213
WorkgroupMachine : False
TrustServiceInstanceId : 0185a831-493f-4656-9126-9a29188c8213-S-1-5-21-1315084875-1285793635-2418178940-2687
<!--NeedCopy-->
Description
Creates two new AD accounts and registers them in the identity pool called “MyPool”, starting from an index of 50.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.