Download full document:



Get-Acctadaccount

Gets the AD accounts stored in the AD Identity Service.

Syntax

Get-AcctADAccount [-IdentityPoolName <String>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-BearerToken <String>] [-AdminAddress <String>] [<CommonParameters>]

Get-AcctADAccount [-IdentityPoolUid <Guid>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-BearerToken <String>] [-AdminAddress <String>] [<CommonParameters>]

Detailed Description

Provides the ability to locate the AD accounts stored within the AD Identity Service and view the state of the accounts.

Parameters

Name Description Required? Pipeline Input Default Value
ADAccountSid The AD Account SID of the account. false false
Domain The domain of the account (this is in dns format). false false
State The current state of the identity stored in the AD Identity Service for the AD account. false false
Lock Indicates if the account is locked in the AD Identity Service. false false
ReturnTotalRecordCount See about_Acct_Filtering for details. false false false
MaxRecordCount See about_Acct_Filtering for details. false false 250
Skip See about_Acct_Filtering for details. false false 0
SortBy See about_Acct_Filtering for details. false false
Filter See about_Acct_Filtering for details. false false
BearerToken Specifies the bearer token assigned to the calling user false false
AdminAddress Specifies the address of a XenDesktop controller that the PowerShell snap-in connects to. You can provide this as a host name or an IP address. false false LocalHost. Once a value is provided by any cmdlet, this value becomes the default.
IdentityPoolName The name of the identity pool to which the account is registered. false true (ByPropertyName)
IdentityPoolUid The unique identifier for the identity pool that the account is registered to. false false

Input Type

Return Values

Citrix.Adidentity.Sdk.Identityinpool
The Get-Acctadaccount Returns An Object That Contains The Following Parameters
Adaccountsid <String>
The Ad Account Sid For The Retrieved Account.
Adaccountname <String>
The Ad Account Name For The Retrieved Account.
Domain <String>
The Domain For The Imported Account.
State <Citrix.Xdinterservicetypes.Adidentitystate>
The State For The Account. This Can Be;
Available
The Account Is Not Used.
Inuse
The Account Is In Use.
Error
The Account Is In Error (I.E. The Account Is Locked Or Disabled In Ad).
Tainted
The Account Is No Longer Used, But The Password Is No Longer Known.
Lock <Boolean>
The Account Is Locked (In The Database Not In Ad).
Identitypoolname <System.String>
The Name Of The Containing Identity Pool.
Identitypooluid <System.Guid>
The Guid Identifying The Containing Identity Pool.

Notes

In the case of failure the following errors can result.
Error Codes
-----------
PartialData
Only a subset of the available data was returned.
CouldNotQueryDatabase
The query required to get the database was not defined.
PermissionDenied
The user does not have administrative rights to perform this operation.
ConfigurationLoggingError
The operation could not be performed because of a configuration logging error
CommunicationError
An error occurred while communicating with the service.
DatabaseNotConfigured
The operation could not be completed because the database for the service is not configured.
InvalidFilter
A filtering expression was supplied that could not be interpreted for this cmdlet.
ExceptionThrown
An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the XenDesktop logs.

Examples

Example 1

C:\>Get-AcctADAccount

Description

Return all the AD accounts that are registered in the AD Identity Service.

Example 2

C:\>Get-AcctADAccount -IdentityPoolName MyPool -Lock $false

Description

Return all the AD accounts that are registered in the AD Identity Service in the identity pool called "MyPool" that are also locked.

Example 3

C:\>Get-AcctADAccount -Filter {IdentityPoolName -Like "p\*" -or IdentityPoolName -eq "MyPool"}

Description

Return all the AD accounts that are registered in the AD Identity Service in the identity pool called "MyPool" or in an identity pool that has a name that starts with a 'p'. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.