Citrix Daas SDK

Get-AcctADAccount

Gets the Active Directory (AD) accounts stored in the AD Identity Service.

Syntax

Get-AcctADAccount
   [-ADAccountSid <String>]
   [-Domain <String>]
   [-IdentityPoolName <String>]
   [-State <ADIdentityState>]
   [-Lock <Boolean>]
   [-ReturnTotalRecordCount]
   [-MaxRecordCount <Int32>]
   [-Skip <Int32>]
   [-SortBy <String>]
   [-Filter <String>]
   [-FilterScope <Guid>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->
Get-AcctADAccount
   [-ADAccountSid <String>]
   [-Domain <String>]
   [-IdentityPoolUid <Guid>]
   [-State <ADIdentityState>]
   [-Lock <Boolean>]
   [-ReturnTotalRecordCount]
   [-MaxRecordCount <Int32>]
   [-Skip <Int32>]
   [-SortBy <String>]
   [-Filter <String>]
   [-FilterScope <Guid>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Description

Provides the ability to locate the Active Directory (AD) accounts stored within the AD Identity Service and view the state of the accounts.

Examples

EXAMPLE 1

Return all the AD accounts that are registered in the AD Identity Service.

Get-AcctADAccount

ADAccountGuid          : a33f54f8-4944-4537-93c9-a04f0b889378
ADAccountName          : MyDomain\ACC001
ADAccountSid           : S-1-5-21-1315084875-1285793635-2418178940-2684
AccountDisabled        : False
AccountLocked          : False
Domain                 : MyDomain.com
DomainControllerHint   : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==
Lock                   : False
State                  : Available
TenantId               :
DeviceManagementType   : None
IdentityType           : ActiveDirectory
VdaHostId              : ee3ec984-3f1b-41ed-aee7-38754692e829
WorkgroupMachine       : False
TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684

IdentityPoolName       : MyWorkgroupPool
IdentityPoolUid        : f4aef7af-4298-44a3-a5fb-4a9201ca01d7
ADAccountGuid          : 00000000-0000-0000-0000-000000000000
ADAccountName          : WorkgrpAcc001
ADAccountSid           : S-1-254-31435167-1163162762-1265062292-170227718-1001
AccountDisabled        : False
AccountLocked          : False
Domain                 :
DomainControllerHint   :
Lock                   : False
State                  : Available
TenantId               :
DeviceManagementType   : None
IdentityType           : Workgroup
VdaHostId              : 01dfa99f-748a-4554-9451-674b0678250a
WorkgroupMachine       : True
TrustServiceInstanceId : 01dfa99f-748a-4554-9451-674b0678250a
<!--NeedCopy-->

EXAMPLE 2

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” that are not locked.

Get-AcctADAccount -IdentityPoolName MyPool -Lock $false
<!--NeedCopy-->

EXAMPLE 3

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” or an identity pool with a name starting with ‘p’. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.

Get-AcctADAccount -Filter {IdentityPoolName -Like "p*" -or IdentityPoolName -eq "MyPool"}
<!--NeedCopy-->

Parameters

-ADAccountSid

The AD Account SID of the account.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-Domain

The domain of the account (this is in dns format).

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-State

The current state of the identity stored in the AD Identity Service for the AD account.

Type: ADIdentityState
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-Lock

Indicates if the account is locked in the AD Identity Service.

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ReturnTotalRecordCount

See about_Acct_Filtering for details.

Type: SwitchParameter
Position: Named
Default value: False
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-MaxRecordCount

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 250
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Skip

See about_Acct_Filtering for details.

Type: Int32
Position: Named
Default value: 0
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-SortBy

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Filter

See about_Acct_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-FilterScope

Gets only results allowed by the specified scope id.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-IdentityPoolName

The name of the identity pool to which the account is registered.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: True

-IdentityPoolUid

The unique identifier for the identity pool that the account is registered to.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You can’t pipe objects to this cmdlet.

Outputs

Citrix.ADIdentity.Sdk.IdentityInPool

The Get-AcctADAccount returns an object that contains the following parameters:

  • IdentityPoolName <string>

    The name of the containing identity pool.

  • IdentityPoolUid <GUID>

    The unique identifier for the containing identity pool.

  • ADAccountGuid <GUID>

    The unique identifier for the account.

  • ADAccountName <string>

    The name of the account.

  • ADAccountSid <string>

    The SID for the account.

  • AccountDisabled <bool>

    Whether or not the account is disabled in AD.

  • AccountLocked <bool>

    Whether or not the account is locked in AD.

  • Domain <string>

    The domain for the account.

  • DomainControllerHint <string>

    The base 64 encoded hint for the domain controller location.

  • Lock <bool>

    Whether or not the account is locked (in the database, not AD).

  • State <string>

    The state for the account. This can be:

  • TenantId <GUID>

    The identity of the tenant associated with this account.

  • DeviceManagementType <string>

    The device management type.

  • IdentityType <string>

    The identity type.

  • VdaHostId <GUID>

    The ID of the VDA associated with this account.

  • WorkgroupMachine <bool>

    Whether or not the account is a workgroup account (not domain-joined).

  • TrustServiceInstanceId <string>

    The trust service ID of the machine.

Notes

In the case of failure the following errors can result:

  • PartialData

    Only a subset of the available data was returned.

  • CouldNotQueryDatabase

    The query required to get the database was not defined.

  • PermissionDenied

    The user does not have administrative rights to perform this operation.

  • ConfigurationLoggingError

    The operation could not be performed because of a configuration logging error

  • CommunicationError

    An error occurred while communicating with the service.

  • DatabaseNotConfigured

    The operation could not be completed because the database for the service is not configured.

  • InvalidFilter

    A filtering expression was supplied that could not be interpreted for this cmdlet.

  • ExceptionThrown

    An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.

Get-AcctADAccount