Product Documentation

Get-AcctADAccount

Oct 21, 2016

Gets the AD accounts stored in the AD Identity Service.

Syntax

Get-AcctADAccount [-IdentityPoolName <String>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-AdminAddress <String>] [<CommonParameters>]

Get-AcctADAccount [-IdentityPoolUid <Guid>] [-ADAccountSid <String>] [-Domain <String>] [-State <ADIdentityState>] [-Lock <Boolean>] [-ReturnTotalRecordCount] [-MaxRecordCount <Int32>] [-Skip <Int32>] [-SortBy <String>] [-Filter <String>] [-AdminAddress <String>] [<CommonParameters>]

Detailed Description

Provides the ability to locate the AD accounts stored within the AD Identity Service and view the state of the accounts.

Parameters

-ADAccountSid<String>

The AD Account SID of the account.

Required? false
Default Value  
Accept Pipeline Input? false

-Domain<String>

The domain of the account (this is in dns format).

Required? false
Default Value  
Accept Pipeline Input? false

-State<ADIdentityState>

The current state of the identity stored in the AD Identity Service for the AD account.

Required? false
Default Value  
Accept Pipeline Input? false

-Lock<Boolean>

Indicates if the account is locked in the AD Identity Service.

Required? false
Default Value  
Accept Pipeline Input? false

-ReturnTotalRecordCount<SwitchParameter>

See about_Acct_Filtering for details.

Required? false
Default Value false
Accept Pipeline Input? false

-MaxRecordCount<Int32>

See about_Acct_Filtering for details.

Required? false
Default Value 250
Accept Pipeline Input? false

-Skip<Int32>

See about_Acct_Filtering for details.

Required? false
Default Value 0
Accept Pipeline Input? false

-SortBy<String>

See about_Acct_Filtering for details.

Required? false
Default Value  
Accept Pipeline Input? false

-Filter<String>

See about_Acct_Filtering for details.

Required? false
Default Value  
Accept Pipeline Input? false

-AdminAddress<String>

Specifies the address of a XenDesktop controller that the PowerShell snap-in connects to. You can provide this as a host name or an IP address.

Required? false
Default Value LocalHost. Once a value is provided by any cmdlet, this value becomes the default.
Accept Pipeline Input? false

-IdentityPoolName<String>

The name of the identity pool to which the account is registered.

Required? false
Default Value  
Accept Pipeline Input? true (ByPropertyName)

-IdentityPoolUid<Guid>

The unique identifier for the identity pool that the account is registered to.

Required? false
Default Value  
Accept Pipeline Input? false

Return Values

Citrix.AdIdentity.Sdk.IdentityInPool

The Get-AcctADAccount returns an object that contains the following parameters

ADAccountSid <string>

The AD account SID for the retrieved account.

ADAccountName <string>

The AD account name for the retrieved account.

Domain <string>

The domain for the imported account.

State <Citrix.XDInterServiceTypes.ADIdentityState>

The state for the account. This can be;

Available

The account is not used.

InUse

The account is in use.

Error

The account is in error (i.e. the account is locked or disabled in AD).

Tainted

The account is no longer used, but the password is no longer known.

Lock <Boolean>

The account is locked (in the database not in AD).

IdentityPoolName <System.String>

The name of the containing identity pool.

IdentityPoolUid <System.Guid>

The GUID identifying the containing identity pool.

Notes

In the case of failure the following errors can result.

Error Codes

-----------

PartialData

Only a subset of the available data was returned.

CouldNotQueryDatabase

The query required to get the database was not defined.

PermissionDenied

The user does not have administrative rights to perform this operation.

ConfigurationLoggingError

The operation could not be performed because of a configuration logging error

CommunicationError

An error occurred while communicating with the service.

DatabaseNotConfigured

The operation could not be completed because the database for the service is not configured.

InvalidFilter

A filtering expression was supplied that could not be interpreted for this cmdlet.

ExceptionThrown

An unexpected error occurred. To locate more details, see the Windows event logs on the controller being used or examine the XenDesktop logs.

Examples

-------------------------- EXAMPLE 1 --------------------------

C:\>Get-AcctADAccount

Return all the AD accounts that are registered in the AD Identity Service.

-------------------------- EXAMPLE 2 --------------------------

C:\>Get-AcctADAccount -IdentityPoolName MyPool -Lock $false

Return all the AD accounts that are registered in the AD Identity Service in the identity pool called "MyPool" that are also locked.

-------------------------- EXAMPLE 3 --------------------------

C:\>Get-AcctADAccount -Filter {IdentityPoolName -Like "p*" -or IdentityPoolName -eq "MyPool"}

Return all the AD accounts that are registered in the AD Identity Service in the identity pool called "MyPool" or in an identity pool that has a name that starts with a 'p'. For full details of the advanced filtering aspects of this command see about_Acct_Filtering.