Test-MDIDSA
Validates the permissions and delegation of a Directory Service Account (DSA).
Syntax
Default (Default)
Test-MDIDSA
[-Identity] <String>
[-Detailed]
[-Server <String>]
[<CommonParameters>]
Description
This function validates the permissions and delegation of a Directory Service Account (DSA) by checking its ACLs, manager assignments, and sensitive group membership.
Examples
EXAMPLE 1
Test-MDIDSA -Identity "mdiSvc01"
This example returns a boolean value indicating whether the specified Directory Service Account (DSA) has any issues with its permissions and delegation.
EXAMPLE 2
Test-MDIDSA -Identity "mdiSvc01" -Detailed
Test Status Details
---- ------ -------
SensitiveGroupsMembership False {CN=Administrators,CN=Builtin,DC=CONTOSO,DC=COM, CN=Domain Adm...
ExplicitDelegation False {OU=Marketing,DC=CONTOSO,DC=COM}
ManagerOf False {CN=Martin Schvartzman,CN=Users,DC=CONTOSO,DC=COM}
DeletedObjectsContainerPermission True {SPECIAL ACCESS, LIST CONTENTS, READ PROPERTY}
This example returns a detailed output for the Directory Service Account (DSA) permissions and delegation validations.
Parameters
-Detailed
If specified, returns detailed information about the validation status.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Domain
Specifies the name of the domain to run the command against. This parameter is optional and defaults to the user's DNS domain.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Identity
Specifies the identity of the Directory Service Account (DSA) to test.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Outputs
System.Boolean
By default, the cmdlet returns $true when the specified Directory Service Account (DSA) has the
correct permissions and delegation.
System.Management.Automation.PSCustomObject
When you use the Detailed parameter, the cmdlet returns a custom object containing the status and details of each test.