-
Understanding the Citrix Virtual Apps and Desktops Administration Model
-
-
New-AcctServiceAccount
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
New-AcctServiceAccount
Introduced in: Citrix Virtual Apps and Desktop 7 2308
Creates a new service account.
Syntax
New-AcctServiceAccount
-IdentityProviderType <String>
-IdentityProviderIdentifier <String>
-AccountId <String>
-AccountSecret <SecureString>
[-SecretExpiryTime <String>]
[-Capabilities <String[]>]
[-Scope <String[]>]
[-TenantId <Guid>]
-DisplayName <String>
[-Description <String>]
[-CustomProperties <String>]
[-UserPrincipalName <String>]
[-UserSecret <SecureString>]
[-UserSecretExpiryTime <String>]
[-AccessTokenForBulk <String>]
[-BulkTokenExpiryTime <Int32>]
[-LoggingId <Guid>]
[-SkipCertificateValidation]
[<CitrixCommonParameters>]
[<CommonParameters>]
<!--NeedCopy-->
Description
Provides the ability to create service accounts that can be used to store credential to access identity provider like Azure AD.
Each service account is tied to a single identity provider.
Examples
EXAMPLE 1
Create a new service account to access AzureAD with AzureArcResourceManagement capability.
New-AcctServiceAccount -IdentityProviderType AzureAD -IdentityProviderIdentifier f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6 -AccountId ac14e785-cdb2-4e18-9240-8b49583b11a2 -AccountSecret $password -SecretExpiryTime "2024-09-09" -Capabilities 'AzureArcResourceManagement' -DisplayName "display name for this service account"
ServiceAccountUid : 17631afc-2e4c-491e-b0aa-f979a80e32c1
IdentityProviderIdentifier : f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6
IdentityProviderType : AzureAD
SecretExpiryTime : 9/9/2024 8:00:00 PM
AccountId : ac14e785-cdb2-4e18-9240-8b49583b11a2
Capabilities : {AzureArcResourceManagement}
CustomProperties :
Description :
DisplayName : display name for this service account
FailureReason :
IsHealthy : True
Scopes : {}
TenantId :
<!--NeedCopy-->
EXAMPLE 2
Create a new service account to access AzureAD with connection properties.
New-AcctServiceAccount -IdentityProviderType AzureAD -IdentityProviderIdentifier f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6 -AccountId ac14e785-cdb2-4e18-9240-8b49583b11a2 -AccountSecret $password -SecretExpiryTime "2024-09-09" -Capabilities 'AzureArcResourceManagement' -DisplayName "display name for this service account" -CustomProperties '{"ProxyHypervisorTrafficThroughConnector":true,"UseSystemProxyForHypervisorTrafficOnConnectors":false,"ZoneUid":["ac65fbab-71d3-4a18-a991-97c2683d4401"]}'
ServiceAccountUid : 17631afc-2e4c-491e-b0aa-f979a80e32c1
IdentityProviderIdentifier : f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6
IdentityProviderType : AzureAD
SecretExpiryTime : 9/9/2024 8:00:00 PM
AccountId : ac14e785-cdb2-4e18-9240-8b49583b11a2
Capabilities : {AzureArcResourceManagement}
CustomProperties : {"ProxyHypervisorTrafficThroughConnector":true,"UseSystemProxyForHypervisorTrafficOnConnectors":false,"ZoneUid":["ac65fbab-71d3-4a18-a991-97c2683d4401"]}
Description :
DisplayName : display name for this service account
FailureReason :
IsHealthy : True
Revision : a94a3cd1-abe7-4bdd-9a77-fa6820c5a5c2
Scopes : {}
TenantId :
<!--NeedCopy-->
EXAMPLE 3
Create a new service account to access ActiveDirectory.
New-AcctServiceAccount -IdentityProviderType ActiveDirectory -IdentityProviderIdentifier test.local -AccountId test\svcacct_1 -AccountSecret $password -SecretExpiryTime "2024-09-09" -DisplayName "display name for this service account"
ServiceAccountUid : ad24284e-ba3d-4504-80db-9ac6640de533
IdentityProviderIdentifier : test.local
IdentityProviderType : ActiveDirectory
SecretExpiryTime : 9/9/2024 8:00:00 PM
AccountId : test\svcacct_1
Capabilities :
CustomProperties :
Description :
DisplayName : display name for this service account
FailureReason :
IsHealthy : True
Revision : a94a3cd1-abe7-4bdd-9a77-fa6820c5a5c2
Scopes : {}
TenantId :
<!--NeedCopy-->
EXAMPLE 4
Create a new service account to access ActiveDirectory.
New-AcctServiceAccount -IdentityProviderType ActiveDirectory -IdentityProviderIdentifier test.local -AccountId test\svcacct_1 -AccountSecret $password -SecretExpiryTime "2024-09-09" -DisplayName "display name for this service account" -Description "description for this service account"
ServiceAccountUid : ad24284e-ba3d-4504-80db-9ac6640de533
IdentityProviderIdentifier : test.local
IdentityProviderType : ActiveDirectory
SecretExpiryTime : 9/9/2024 8:00:00 PM
AccountId : test\svcacct_1
Capabilities :
CustomProperties :
Description : description for this service account
DisplayName : display name for this service account
FailureReason :
IsHealthy : True
Revision : a94a3cd1-abe7-4bdd-9a77-fa6820c5a5c2
Scopes : {}
TenantId :
<!--NeedCopy-->
EXAMPLE 5
Create a new service account to access AzureAD with AzureADDeviceManagement and IntuneDeviceManagement capability.
$account = New-AcctServiceAccount -IdentityProviderType AzureAD -IdentityProviderIdentifier f439f4c0-fcd8-4fe6-95b8-71e7e49dc8c6 -AccountId ac14e785-cdb2-4e18-9240-8b49583b11a2 -AccountSecret $password -SecretExpiryTime "2024-09-09" -Capabilities @("AzureADDeviceManagement","IntuneDeviceManagement") -DisplayName "display name for this service account"
$account.Capabilities
Name EffectiveScope IsHealthy FailureReason
---- -------------- ----------------- -----------------
AzureADDeviceManagement False Device.ReadWrite.All
IntuneDeviceManagement False DeviceManagementManagedDevices.ReadWrite.All
<!--NeedCopy-->
EXAMPLE 6
Create a new service account with an Azure AD user.
New-AcctServiceAccount -IdentityProviderType AzureAD -IdentityProviderIdentifier "3018e238-8648-4b6e-bc65-03362258ede5" -AccountId "7f14400b-3b72-4504-839f-3a3e6f003ccc" -AccountSecret $SecureString -SecretExpiryTime 2025-09-09 -Capabilities @("AzureADDeviceManagement","IntuneDeviceManagement","AzureADSecurityGroupManagement") -DisplayName "name" -UserPrincipalName $userPrincipalName -UserSecret $UserString -UserSecretExpiryTime 2025-09-09
ServiceAccountUid : 286b772c-9fb4-4651-88b4-214cdf52835c
AccountId : 7f14400b-3b72-4504-839f-3a3e6f003ccc
IdentityProviderIdentifier : 3018e238-8648-4b6e-bc65-03362258ede5
IdentityProviderType : AzureAD
SecretExpiryTime : 9/9/2025 12:00:00 AM
AzureADUser : Citrix.ADIdentity.Sdk.ServiceAccountAzureADUser
Capabilities : {AzureADDeviceManagement, IntuneDeviceManagement, AzureADSecurityGroupManagement}
CustomProperties :
Description :
DisplayName : displayName
FailureReason : Azure AD security group management requires Group.ReadWrite.All,GroupMember.ReadWrite.All;
IsHealthy : False
Revision : 9cfc0216-8d26-4be5-a907-9700861d85cf
Scopes : {}
TenantId :
<!--NeedCopy-->
Parameters
-IdentityProviderType
The type of the identity provider that associates with this service account. Can be AzureAD or ActiveDirectory.
| Type: | String |
| Accepted values: | AzureAD, ActiveDirectory |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityProviderIdentifier
The identifier of the given identity provider. E.g. Azure AD tenant id if ‘IdentityProviderType’ is AzureAD.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AccountId
The identifier for the service account. E.g. Azure application (client) id if ‘IdentityProviderType’ is AzureAD.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AccountSecret
The secret for the service account. E.g. Azure application (client) secret if ‘IdentityProviderType’ is AzureAD. The secret will be encrypted and stored in database.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
The display name for the service account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Length range: | 0 to 128 |
| Disallowed characters: | \/;:#.*?=<>\|[]()"' |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2407 |
-SecretExpiryTime
The secret expiration time for the service account. If it is not specified, will set secret as never expires.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Capabilities
The capabilities for the service account.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Scope
The administration scopes to be applied to the new service account.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TenantId
Specifies identity of tenant associated with service account. Must always be specified in multi-tenant sites, must not be specified otherwise.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
The description for the service account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2407 |
-CustomProperties
The custom properties for the service account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2411 |
-UserPrincipalName
The Azure AD User UserPrincipalName if ‘IdentityProviderType’ is AzureAD.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2511 |
-UserSecret
The secret for the service account azure AD user. if ‘IdentityProviderType’ is AzureAD. The secret will be encrypted and stored in database.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2511 |
-UserSecretExpiryTime
The Azure AD user secret expiration time for the service account. If it is not specified, will set secret as never expires.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2511 |
-AccessTokenForBulk
Specifies an access token that is used to generate a bulk token for service account operations. This token should possess the necessary permissions required for bulk provisioning or management tasks.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2603 |
-BulkTokenExpiryTime
Specifies the duration, in days, for which the generated bulk enrollment token remains valid. Valid range: 30-180 days. Values outside this range are rejected. If an access token is supplied via AccessTokenForBulk and BulkTokenExpiryTime is not specified, the default of 180 days is applied. After expiry the bulk token cannot be used for authentication or authorization.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2603 |
-LoggingId
Specifies the identifier of the high-level operation this cmdlet call forms a part of. Citrix Studio and Director typically create high-level operations. PowerShell scripts can also wrap a series of cmdlet calls in a high-level operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SkipCertificateValidation
Forces the cmdlet to skip checking SSL certificates. By default, the cmdlet will check the certificate from the server. If the certificate is not valid, the cmdlet will not connect to the server.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Introduced in: | Citrix Virtual Apps and Desktop 7 2511 |
CitrixCommonParameters
This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
You can’t pipe objects to this cmdlet.
Outputs
Citrix.ADIdentity.Sdk.ServiceAccount
This object provides details of the service account and contains the following information:
ServiceAccountUid <GUID> The unique identifier of the service account. SecretExpiryTime <Datetime> The expiration time for the secret of the service account. AccountId <string> The identifier for the service account. E.g. Azure application ID if the service account is with Azure AD as identity provider. IdentityProviderIdentifier <string> The identifier of the identity provider that the service account belongs to. E.g. Azure AD tenant ID. IdentityProviderType <string> The type of the identity provider of the service account. Can be AzureAD or ActiveDirectory. IsHealthy <bool> Indicates if the service account is healthy. Capabilities <string[]> Capabilities of the service account. Can be AzureArcResourceManagement AzureADDeviceManagement AzureADSecurityGroupManagement IntuneDeviceManagement. FailureReason <string> The reason why the service account becomes unhealthy. Scopes <Citrix.ADIdentity.Sdk.ScopeReference[]> The administration scopes associated with this identity pool. TenantId <GUID> Identity of the Citrix tenant associated with this identity pool. Not applicable (always blank) in non-multitenant sites. DisplayName <string> The display name of the service account. Description <string> The description of the service account. CustomProperties <string> The custom properties of the service account. AzureADUser <Citrix.ADIdentity.Sdk.ServiceAccountAzureADUser> The Azure AD user associated with the service account.
Notes
If the command fails, the following errors can be returned:
-
IdentityProviderTypeDoesNotMatch
The specified identity provider type doesn’t match the existing identity provider for the given tenant.
-
ServiceAccountDuplicateObjectExists
Duplicate object exists.
-
UnsupportedIdentityProviderType
The specified identity provider type is not supported.
-
InvalidServiceAccountCapabilities
One or more specified service account capabilities are not supported.
-
ServiceStatusInvalidDb
An error occurred in the service while attempting a database operation - communication with the database failed for various reasons.
-
DatabaseError
An error occurred in the service while attempting a database operation.
-
DatabaseNotConfigured
The operation could not be completed because the database for the service is not configured.
-
DataStoreException
An error occurred in the service while attempting a database operation - communication with the database failed for various reasons.
-
PermissionDenied
You do not have permission to execute this command.
-
AuthorizationError
There was a problem communicating with the Citrix Delegated
- Administration Service.
-
CommunicationError
There was a problem communicating with the remote service.
-
ExceptionThrown
An unexpected error occurred. For more details, see the Windows event logs on the controller or the Citrix Virtual Apps and Desktops logs.
Related Links
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.