Test-MDIDSA
Validates the permissions and delegation of a Directory Service Account (DSA).
Syntax
Test-MDIDSA
[-Identity] <String>
[-Detailed]
[-Server <String>]
[<CommonParameters>]Description
This function validates the permissions and delegation of a Directory Service Account (DSA) by checking its ACLs, manager assignments, and sensitive group membership.
Examples
EXAMPLE 1
Test-MDIDSA -Identity "mdiSvc01"This example returns a boolean value indicating whether the specified Directory Service Account (DSA) has any issues with its permissions and delegation.
EXAMPLE 2
Test-MDIDSA -Identity "mdiSvc01" -Detailed
Test Status Details
---- ------ -------
SensitiveGroupsMembership False {CN=Administrators,CN=Builtin,DC=CONTOSO,DC=COM, CN=Domain Adm...
ExplicitDelegation False {OU=Marketing,DC=CONTOSO,DC=COM}
ManagerOf False {CN=Martin Schvartzman,CN=Users,DC=CONTOSO,DC=COM}
DeletedObjectsContainerPermission True {SPECIAL ACCESS, LIST CONTENTS, READ PROPERTY}This example returns a detailed output for the Directory Service Account (DSA) permissions and delegation validations.
Parameters
-Detailed
If specified, returns detailed information about the validation status.
| Type: | System.Management.Automation.SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Identity
Specifies the identity of the Directory Service Account (DSA) to test.
| Type: | System.String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
System.Boolean
By default, the cmdlet returns $true when the specified Directory Service Account (DSA) has the
correct permissions and delegation.
System.Management.Automation.PSCustomObject
When you use the Detailed parameter, the cmdlet returns a custom object containing the status and details of each test.