Citrix Virtual Apps and Desktops SDK

Get-AcctADAccount

Gets the Active Directory (AD) accounts stored in the AD Identity Service.

Syntax


Get-AcctADAccount [-IdentityPoolName <String>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [-BearerToken <String>] [-AdminClientIP <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]

Get-AcctADAccount [-IdentityPoolUid <Guid>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-FilterScope <Guid>] [-BearerToken <String>] [-AdminClientIP <String>] [-TraceParent <String>] [-TraceState <String>] [-VirtualSiteId <String>] [-AdminAddress <String>] [<CommonParameters>]

<!--NeedCopy-->

Detailed Description

Provides the ability to locate the Active Directory (AD) accounts stored within the AD Identity Service and view the state of the accounts.

Parameters

Name Description Required? Pipeline Input Default Value
ADAccountSid The AD Account SID of the account. false false  
Domain The domain of the account (this is in dns format). false false  
State The current state of the identity stored in the AD Identity Service for the AD account. false false  
Lock Indicates if the account is locked in the AD Identity Service. false false  
ReturnTotalRecordCount See about_Acct_Filtering for details. false false false
MaxRecordCount See about_Acct_Filtering for details. false false 250
Skip See about_Acct_Filtering for details. false false 0
SortBy See about_Acct_Filtering for details. false false  
Filter See about_Acct_Filtering for details. false false  
FilterScope Gets only results allowed by the specified scope id. false false  
BearerToken Specifies the bearer token assigned to the calling user false false  
AdminClientIP Specifies the Client IP of the calling user false false  
TraceParent Specifies the trace parent assigned for internal diagnostic tracing use false false  
TraceState Specifies the trace state assigned for internal diagnostic tracing use false false  
VirtualSiteId Specifies the virtual site the PowerShell snap-in will connect to. false false  
AdminAddress Specifies the address of a Citrix Virtual Apps and Desktops controller that the PowerShell snap-in connects to. You can provide this as a host name or an IP address. false false LocalHost. Once a value is provided by any cmdlet, this value becomes the default.
IdentityPoolName The name of the identity pool to which the account is registered. false true (ByPropertyName)  
IdentityPoolUid The unique identifier for the identity pool that the account is registered to. false false  

Input Type

Return Values

Citrix.Adidentity.Sdk.Identityinpool

The Get-AcctADAccount returns an object that contains the following parameters:

  • IdentityPoolName <string> The name of the containing identity pool.

  • IdentityPoolUid <GUID> The unique identifier for the containing identity pool.

  • ADAccountGuid <GUID> The unique identifier for the account.

  • ADAccountName <string> The name of the account.

  • ADAccountSid <string> The SID for the account.

  • AccountDisabled <bool> Whether or not the account is disabled in AD.

  • AccountLocked <bool> Whether or not the account is locked in AD.

  • Domain <string> The domain for the account.

  • DomainControllerHint <string> The base 64 encoded hint for the domain controller location.

  • Lock <bool> Whether or not the account is locked (in the database, not AD).

  • State <string> The state for the account. This can be: Available The account is not used. InUse The account is in use. Error The account is in error (i.e. the account is locked or disabled in AD). Tainted The account is no longer used, but the password is no longer known.

  • TenantId <GUID> The identity of the tenant associated with this account.

  • DeviceManagementType <string> The device management type.

  • IdentityType <string> The identity type.

  • VdaHostId <GUID> The ID of the VDA associated with this account.

  • WorkgroupMachine <bool> Whether or not the account is a workgroup account (not domain-joined).

  • TrustServiceInstanceId <string> The trust service ID of the machine.

Notes

In the case of failure the following errors can result.

  • PartialData: Only a subset of the available data was returned.

  • CouldNotQueryDatabase: The query required to get the database was not defined.

  • PermissionDenied: The user does not have administrative rights to perform this operation.

  • ConfigurationLoggingError: The operation could not be performed because of a configuration logging error

  • CommunicationError: An error occurred while communicating with the service.

  • DatabaseNotConfigured: The operation could not be completed because the database for the service is not configured.

  • InvalidFilter: A filtering expression was supplied that could not be interpreted for this cmdlet.

  • ExceptionThrown: An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the Citrix Virtual Apps and Desktops logs.

Examples

Example 1


c:\PS>Get-AcctADAccount

          ADAccountGuid          : a33f54f8-4944-4537-93c9-a04f0b889378

          ADAccountName          : MyDomain\ACC001

          ADAccountSid           : S-1-5-21-1315084875-1285793635-2418178940-2684

          AccountDisabled        : False

          AccountLocked          : False

          Domain                 : MyDomain.com

          DomainControllerHint   : v2_ZGMubXlkb21haW4uY29tOjU5ZTlkMjhkLWY0NmItNDM0YS05N2MyLTk5NWRhOWUxMjBkNw==

          Lock                   : False

          State                  : Available

          TenantId               :

          DeviceManagementType   : None

          IdentityType           : ActiveDirectory

          VdaHostId              : ee3ec984-3f1b-41ed-aee7-38754692e829

          WorkgroupMachine       : False

          TrustServiceInstanceId : ee3ec984-3f1b-41ed-aee7-38754692e829-S-1-5-21-1315084875-1285793635-2418178940-2684

          IdentityPoolName       : MyWorkgroupPool

          IdentityPoolUid        : f4aef7af-4298-44a3-a5fb-4a9201ca01d7

          ADAccountGuid          : 00000000-0000-0000-0000-000000000000

          ADAccountName          : WorkgrpAcc001

          ADAccountSid           : S-1-254-31435167-1163162762-1265062292-170227718-1001

          AccountDisabled        : False

          AccountLocked          : False

          Domain                 :

          DomainControllerHint   :

          Lock                   : False

          State                  : Available

          TenantId               :

          DeviceManagementType   : None

          IdentityType           : Workgroup

          VdaHostId              : 01dfa99f-748a-4554-9451-674b0678250a

          WorkgroupMachine       : True

          TrustServiceInstanceId : 01dfa99f-748a-4554-9451-674b0678250a

<!--NeedCopy-->

Description

Return all the AD accounts that are registered in the AD Identity Service.

Example 2


c:\PS>Get-AcctADAccount -IdentityPoolName MyPool -Lock $false

<!--NeedCopy-->

Description

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” that are not locked.

Example 3


c:\PS>Get-AcctADAccount -Filter {IdentityPoolName -Like "p\*" -or IdentityPoolName -eq "MyPool"}

<!--NeedCopy-->

Description

Return all the AD accounts that are registered in the AD Identity Service in the identity pool named “MyPool” or an identity pool with a name starting with ‘p’. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.

Get-AcctADAccount