Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADServiceAccount cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADServiceAccount cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink:
| Property | Syntax | R/RW | lDAPDisplayName |
| AccountExpirationDate | DateTime | RW | accountExpires, converted to local time |
| AccountLockoutTime | DateTime | RW | lockoutTime, converted to local time |
| AccountNotDelegated | Boolean | RW | userAccountControl (bit mask 1048576 |
| AllowReversiblePasswordEncryption | Boolean | RW | userAccountControl (bit mask 128) |
| BadLogonCount | Int32 | R | badPwdCount |
| CannotChangePassword | Boolean/td> | RW | nTSecurityDescriptor |
| CanonicalName | String | R | canonicalName |
| Certificates | ADCollection | RW | userCertificate |
| CN | String | R | cn |
| Created | DateTime | R | whenCreated |
| Deleted | Boolean | R | isDeleted |
| Description | String | RW | description |
| DisplayName | String | RW | displayName |
| DistinguishedName | String (DN) | R | distinguishedName |
| DoesNotRequirePreAuth | Boolean | RW | userAccountControl (bit mask 4194304) |
| Enabled | Boolean | RW | userAccountControl (bit mask not 2) |
| HomedirRequired | Boolean | RW | userAccountControl (bit mask 8) |
| HomePage | String | RW | wWWHomePage |
| HostComputers | ADCollection | RW | msDS-HostServiceAccountBL |
| LastBadPasswordAttempt | DateTime | R | badPasswordTime, converted to local time |
| LastKnownParent | String (DN) | R | lastKnownParent |
| LastLogonDate | DateTime | R | lastLogonTimeStamp, converted to local time |
| LockedOut | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 16) |
| MemberOf | ADCollection | R | memberOf |
| MNSLogonAccount | Boolean | RW | userAccountControl (bit mask 131072) |
| Modified | DateTime | R | whenChanged |
| Name | String | R | cn (Relative Distinguished Name) |
| ObjectCategory | String | R | objectCategory |
| ObjectClass | String | R | objectClass, most specific value |
| ObjectGUID | Guid | R | objectGUID, converted to string |
| PasswordExpired | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 8388608) |
| PasswordLastSet | DateTime | RW | pwdLastSet, local time |
| PasswordNeverExpires | Boolean | RW | userAccountControl (bit mask 64) |
| PasswordNotRequired | Boolean | RW | userAccountControl (bit mask 32 |
| PrimaryGroup | String | R | Group with primaryGroupToken |
| ProtectedFromAccidentalDeletion | Boolean | RW | nTSecurityDescriptor |
| SamAccountName | String | RW | sAMAccountName |
| ServicePrincipalNames | ADCollection | RW | servicePrincipalName |
| SID | Sid | R | objectSID converted to string |
| SIDHistory | ADCollection | R | sIDHistory |
| TrustedForDelegation | Boolean | RW | userAccountControl (bit mask 524288) |
| TrustedToAuthForDelegation | Boolean | RW | userAccountControl (bit mask 16777216) |
| UseDESKeyOnly | Boolean | RW | userAccountControl (bit mask 2097152) |
| UserPrincipalName | String | RW | userPrincipalName |
The attributes are those of the Service Account object. These are objects of class msDS-ManagedServiceAccount located in the container "cn=Managed Service Accounts,dc=mydomain,dc=com", where the domain is mydomain.com.
See Also
- Active Directory: PowerShell AD Module Properties
- PowerShell Portal
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory: Glossary
- Active Directory PowerShell Cmdlet Properties
- Wiki: Portal of TechNet Wiki Portals