Active Directory: Get-ADServiceAccount Default and Extended Properties
The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADServiceAccount cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADServiceAccount cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink:
| Property | Syntax | R/RW | lDAPDisplayName |
| AccountExpirationDate | DateTime | RW | accountExpires, converted to local time |
| AccountLockoutTime | DateTime | RW | lockoutTime, converted to local time |
| AccountNotDelegated | Boolean | RW | userAccountControl (bit mask 1048576 |
| AllowReversiblePasswordEncryption | Boolean | RW | userAccountControl (bit mask 128) |
| BadLogonCount | Int32 | R | badPwdCount |
| CannotChangePassword | Boolean/td> | RW | nTSecurityDescriptor |
| CanonicalName | String | R | canonicalName |
| Certificates | ADCollection | RW | userCertificate |
| CN | String | R | cn |
| Created | DateTime | R | whenCreated |
| Deleted | Boolean | R | isDeleted |
| Description | String | RW | description |
| DisplayName | String | RW | displayName |
| DistinguishedName | String (DN) | R | distinguishedName |
| DoesNotRequirePreAuth | Boolean | RW | userAccountControl (bit mask 4194304) |
| Enabled | Boolean | RW | userAccountControl (bit mask not 2) |
| HomedirRequired | Boolean | RW | userAccountControl (bit mask 8) |
| HomePage | String | RW | wWWHomePage |
| HostComputers | ADCollection | RW | msDS-HostServiceAccountBL |
| LastBadPasswordAttempt | DateTime | R | badPasswordTime, converted to local time |
| LastKnownParent | String (DN) | R | lastKnownParent |
| LastLogonDate | DateTime | R | lastLogonTimeStamp, converted to local time |
| LockedOut | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 16) |
| MemberOf | ADCollection | R | memberOf |
| MNSLogonAccount | Boolean | RW | userAccountControl (bit mask 131072) |
| Modified | DateTime | R | whenChanged |
| Name | String | R | cn (Relative Distinguished Name) |
| ObjectCategory | String | R | objectCategory |
| ObjectClass | String | R | objectClass, most specific value |
| ObjectGUID | Guid | R | objectGUID, converted to string |
| PasswordExpired | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 8388608) |
| PasswordLastSet | DateTime | RW | pwdLastSet, local time |
| PasswordNeverExpires | Boolean | RW | userAccountControl (bit mask 64) |
| PasswordNotRequired | Boolean | RW | userAccountControl (bit mask 32 |
| PrimaryGroup | String | R | Group with primaryGroupToken |
| ProtectedFromAccidentalDeletion | Boolean | RW | nTSecurityDescriptor |
| SamAccountName | String | RW | sAMAccountName |
| ServicePrincipalNames | ADCollection | RW | servicePrincipalName |
| SID | Sid | R | objectSID converted to string |
| SIDHistory | ADCollection | R | sIDHistory |
| TrustedForDelegation | Boolean | RW | userAccountControl (bit mask 524288) |
| TrustedToAuthForDelegation | Boolean | RW | userAccountControl (bit mask 16777216) |
| UseDESKeyOnly | Boolean | RW | userAccountControl (bit mask 2097152) |
| UserPrincipalName | String | RW | userPrincipalName |
The attributes are those of the Service Account object. These are objects of class msDS-ManagedServiceAccount located in the container "cn=Managed Service Accounts,dc=mydomain,dc=com", where the domain is mydomain.com.
See Also
- Active Directory: PowerShell AD Module Properties
- PowerShell Portal
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory: Glossary
- Active Directory PowerShell Cmdlet Properties
- Wiki: Portal of TechNet Wiki Portals