Developer Documentation
Citrix Virtual Apps and Desktops SDK
2603 CR 2511 CR 2503 CR 2411 CR 2407 CR 2507 LTSR 2402 LTSR 2203 LTSR
View PDF

Get-AcctADAccount

May 4, 2026
Contributed by: 
C

Gets the Active Directory (AD) accounts stored in the AD Identity Service.

Syntax

Get-AcctADAccount
   [-ADAccountSid <String>]
   [-Domain <String>]
   [-IdentityPoolName <String>]
   [-State <ADIdentityState>]
   [-Lock <Boolean>]
   [-ReturnTotalRecordCount]
   [-MaxRecordCount <Int32>]
   [-Skip <Int32>]
   [-SortBy <String>]
   [-Filter <String>]
   [-FilterScope <Guid>]
   [-SkipCertificateValidation]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Get-AcctADAccount
   [-ADAccountSid <String>]
   [-Domain <String>]
   [-IdentityPoolUid <Guid>]
   [-State <ADIdentityState>]
   [-Lock <Boolean>]
   [-ReturnTotalRecordCount]
   [-MaxRecordCount <Int32>]
   [-Skip <Int32>]
   [-SortBy <String>]
   [-Filter <String>]
   [-FilterScope <Guid>]
   [-SkipCertificateValidation]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Description

Provides the ability to locate the Active Directory (AD) accounts stored within the AD Identity Service and view the state of the accounts.

Examples

EXAMPLE 1

Return all the AD accounts that are registered in the AD Identity Service.

Get-AcctADAccount

ADAccountGuid          : a33f54f8-4944-4537-93c9-a04f0b889378
ADAccountName          : MyDomain\ACC001
ADAccountSid           : S-1-5-21-1315084875-1285793635-2418178940-2684
AccountDisabled        : False
AccountLocked          : False
Domain                 : MyDomain.com
DomainControllerHint   : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock                   : False
State                  : Available
TenantId               :
DeviceManagementType   : None
IdentityType           : ActiveDirectory
VdaHostId              : ee3ec984-3f1b-41ed-aee7-38754692e829
WorkgroupMachine       : False
TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684

IdentityPoolName       : MyWorkgroupPool
IdentityPoolUid        : f4aef7af-4298-44a3-a5fb-4a9201ca01d7
ADAccountGuid          : 00000000-0000-0000-0000-000000000000
ADAccountName          : WorkgrpAcc001
ADAccountSid           : S-1-254-31435167-1163162762-1265062292-170227718-1001
AccountDisabled        : False
AccountLocked          : False
Domain                 :
DomainControllerHint   :
Lock                   : False
State                  : Available
TenantId               :
DeviceManagementType   : None
IdentityType           : Workgroup
VdaHostId              : 01dfa99f-748a-4554-9451-674b0678250a
WorkgroupMachine       : True
TrustServiceInstanceId : 01dfa99f-748a-4554-9451-674b0678250a
<!--NeedCopy-->

EXAMPLE 2

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” that are not locked.

Get-AcctADAccount -IdentityPoolName MyPool -Lock $false
<!--NeedCopy-->

EXAMPLE 3

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” or an identity pool with a name starting with ‘p’. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.

Get-AcctADAccount -Filter {IdentityPoolName -Like "p*" -or IdentityPoolName -eq "MyPool"}
<!--NeedCopy-->

Parameters

-ADAccountSid

The AD Account SID of the account.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-Domain

The domain of the account (this is in dns format).

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-State

The current state of the identity stored in the AD Identity Service for the AD account.

Type: ADIdentityState
Accepted values: Error, Available, InUse, Tainted
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Lock

Indicates if the account is locked in the AD Identity Service.

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ReturnTotalRecordCount

See about_Acct_Filtering for details.

Type: SwitchParameter
Position: Named
Default value: False
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-MaxRecordCount

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 250
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Skip

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 0
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-SortBy

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Filter

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-FilterScope

Gets only results allowed by the specified scope id.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
Introduced in: Citrix Virtual Apps and Desktop 7 2106

-SkipCertificateValidation

Forces the cmdlet to skip checking SSL certificates. By default, the cmdlet will check the certificate from the server. If the certificate is not valid, the cmdlet will not connect to the server.

Type: SwitchParameter
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
Introduced in: Citrix Virtual Apps and Desktop 7 2511

-IdentityPoolName

The name of the identity pool to which the account is registered.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: True
Length range: 1 to 64

-IdentityPoolUid

The unique identifier for the identity pool that the account is registered to.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You can’t pipe objects to this cmdlet.

Outputs

Citrix.ADIdentity.Sdk.IdentityInPool

The Get-AcctADAccount returns an object that contains the following parameters:

  • IdentityPoolName <string>

    The name of the containing identity pool.

  • IdentityPoolUid <GUID>

    The unique identifier for the containing identity pool.

  • ADAccountGuid <GUID>

    The unique identifier for the account.

  • ADAccountName <string>

    The name of the account.

  • ADAccountSid <string>

    The SID for the account.

  • AccountDisabled <bool>

    Whether or not the account is disabled in AD.

  • AccountLocked <bool>

    Whether or not the account is locked in AD.

  • Domain <string>

    The domain for the account.

  • DomainControllerHint <string>

    The base 64 encoded hint for the domain controller location.

  • Lock <bool>

    Whether or not the account is locked (in the database, not AD).

  • State <string>

    The state for the account. This can be:

  • TenantId <GUID>

    The identity of the tenant associated with this account.

  • DeviceManagementType <string>

    The device management type.

  • IdentityType <string>

    The identity type.

  • VdaHostId <GUID>

    The ID of the VDA associated with this account.

  • WorkgroupMachine <bool>

    Whether or not the account is a workgroup account (not domain-joined).

  • TrustServiceInstanceId <string>

    The trust service ID of the machine.

Notes

In the case of failure the following errors can result:

  • PartialData

    Only a subset of the available data was returned.

  • CouldNotQueryDatabase

    The query required to get the database was not defined.

  • PermissionDenied

    The user does not have administrative rights to perform this operation.

  • ConfigurationLoggingError

    The operation could not be performed because of a configuration logging error

  • CommunicationError

    An error occurred while communicating with the service.

  • DatabaseNotConfigured

    The operation could not be completed because the database for the service is not configured.

  • InvalidFilter

    A filtering expression was supplied that could not be interpreted for this cmdlet.

  • ExceptionThrown

    An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.

Get-AcctADAccount
May 4, 2026
Contributed by: 
C
May 4, 2026
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.