Citrix Virtual Apps and Desktops SDK

Get-AcctADAccount

Gets the Active Directory (AD) accounts stored in the AD Identity Service.

Syntax

Get-AcctADAccount [-ADAccountSid <String>] [-Domain <String>] [-IdentityPoolName <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [<CitrixCommonParameters>] [<CommonParameters>]
Get-AcctADAccount [-ADAccountSid <String>] [-Domain <String>] [-IdentityPoolUid <Guid>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [<CitrixCommonParameters>] [<CommonParameters>]

Description

Provides the ability to locate the Active Directory (AD) accounts stored within the AD Identity Service and view the state of the accounts.

Examples

EXAMPLE 1

Return all the AD accounts that are registered in the AD Identity Service.

Get-AcctADAccount ADAccountGuid : a33f54f8-4944-4537-93c9-a04f0b889378 ADAccountName : MyDomain\ACC001 ADAccountSid : S-1-5-21-1315084875-1285793635-2418178940-2684 AccountDisabled : False AccountLocked : False Domain : MyDomain.com DomainControllerHint : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw== Lock : False State : Available TenantId : DeviceManagementType : None IdentityType : ActiveDirectory VdaHostId : ee3ec984-3f1b-41ed-aee7-38754692e829 WorkgroupMachine : False TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684 IdentityPoolName : MyWorkgroupPool IdentityPoolUid : f4aef7af-4298-44a3-a5fb-4a9201ca01d7 ADAccountGuid : 00000000-0000-0000-0000-000000000000 ADAccountName : WorkgrpAcc001 ADAccountSid : S-1-254-31435167-1163162762-1265062292-170227718-1001 AccountDisabled : False AccountLocked : False Domain : DomainControllerHint : Lock : False State : Available TenantId : DeviceManagementType : None IdentityType : Workgroup VdaHostId : 01dfa99f-748a-4554-9451-674b0678250a WorkgroupMachine : True TrustServiceInstanceId : 01dfa99f-748a-4554-9451-674b0678250a

EXAMPLE 2

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” that are not locked.

Get-AcctADAccount -IdentityPoolName MyPool -Lock $false

EXAMPLE 3

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” or an identity pool with a name starting with ‘p’. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.

Get-AcctADAccount -Filter {IdentityPoolName -Like "p*" -or IdentityPoolName -eq "MyPool"}

Parameters

-ADAccountSid

The AD Account SID of the account.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-Domain

The domain of the account (this is in dns format).

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-State

The current state of the identity stored in the AD Identity Service for the AD account.

Type: ADIdentityState
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-Lock

Indicates if the account is locked in the AD Identity Service.

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ReturnTotalRecordCount

See about_Acct_Filtering for details.

Type: SwitchParameter
Position: Named
Default value: False
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-MaxRecordCount

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 250
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Skip

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 0
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-SortBy

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Filter

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-FilterScope

Gets only results allowed by the specified scope id.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-IdentityPoolName

The name of the identity pool to which the account is registered.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: True

-IdentityPoolUid

The unique identifier for the identity pool that the account is registered to.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You can’t pipe objects to this cmdlet.

Outputs

Citrix.ADIdentity.Sdk.IdentityInPool

The Get-AcctADAccount returns an object that contains the following parameters:

  • IdentityPoolName <string>

    The name of the containing identity pool.

  • IdentityPoolUid <GUID>

    The unique identifier for the containing identity pool.

  • ADAccountGuid <GUID>

    The unique identifier for the account.

  • ADAccountName <string>

    The name of the account.

  • ADAccountSid <string>

    The SID for the account.

  • AccountDisabled <bool>

    Whether or not the account is disabled in AD.

  • AccountLocked <bool>

    Whether or not the account is locked in AD.

  • Domain <string>

    The domain for the account.

  • DomainControllerHint <string>

    The base 64 encoded hint for the domain controller location.

  • Lock <bool>

    Whether or not the account is locked (in the database, not AD).

  • State <string>

    The state for the account. This can be:

  • TenantId <GUID>

    The identity of the tenant associated with this account.

  • DeviceManagementType <string>

    The device management type.

  • IdentityType <string>

    The identity type.

  • VdaHostId <GUID>

    The ID of the VDA associated with this account.

  • WorkgroupMachine <bool>

    Whether or not the account is a workgroup account (not domain-joined).

  • TrustServiceInstanceId <string>

    The trust service ID of the machine.

Notes

In the case of failure the following errors can result:

  • PartialData

    Only a subset of the available data was returned.

  • CouldNotQueryDatabase

    The query required to get the database was not defined.

  • PermissionDenied

    The user does not have administrative rights to perform this operation.

  • ConfigurationLoggingError

    The operation could not be performed because of a configuration logging error

  • CommunicationError

    An error occurred while communicating with the service.

  • DatabaseNotConfigured

    The operation could not be completed because the database for the service is not configured.

  • InvalidFilter

    A filtering expression was supplied that could not be interpreted for this cmdlet.

  • ExceptionThrown

    An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.

Get-AcctADAccount