Active Directory: Get-ADServiceAccount Default and Extended Properties
The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADServiceAccount cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADServiceAccount cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink:
Property | Syntax | R/RW | lDAPDisplayName |
AccountExpirationDate | DateTime | RW | accountExpires, converted to local time |
AccountLockoutTime | DateTime | RW | lockoutTime, converted to local time |
AccountNotDelegated | Boolean | RW | userAccountControl (bit mask 1048576 |
AllowReversiblePasswordEncryption | Boolean | RW | userAccountControl (bit mask 128) |
BadLogonCount | Int32 | R | badPwdCount |
CannotChangePassword | Boolean/td> | RW | nTSecurityDescriptor |
CanonicalName | String | R | canonicalName |
Certificates | ADCollection | RW | userCertificate |
CN | String | R | cn |
Created | DateTime | R | whenCreated |
Deleted | Boolean | R | isDeleted |
Description | String | RW | description |
DisplayName | String | RW | displayName |
DistinguishedName | String (DN) | R | distinguishedName |
DoesNotRequirePreAuth | Boolean | RW | userAccountControl (bit mask 4194304) |
Enabled | Boolean | RW | userAccountControl (bit mask not 2) |
HomedirRequired | Boolean | RW | userAccountControl (bit mask 8) |
HomePage | String | RW | wWWHomePage |
HostComputers | ADCollection | RW | msDS-HostServiceAccountBL |
LastBadPasswordAttempt | DateTime | R | badPasswordTime, converted to local time |
LastKnownParent | String (DN) | R | lastKnownParent |
LastLogonDate | DateTime | R | lastLogonTimeStamp, converted to local time |
LockedOut | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 16) |
MemberOf | ADCollection | R | memberOf |
MNSLogonAccount | Boolean | RW | userAccountControl (bit mask 131072) |
Modified | DateTime | R | whenChanged |
Name | String | R | cn (Relative Distinguished Name) |
ObjectCategory | String | R | objectCategory |
ObjectClass | String | R | objectClass, most specific value |
ObjectGUID | Guid | R | objectGUID, converted to string |
PasswordExpired | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 8388608) |
PasswordLastSet | DateTime | RW | pwdLastSet, local time |
PasswordNeverExpires | Boolean | RW | userAccountControl (bit mask 64) |
PasswordNotRequired | Boolean | RW | userAccountControl (bit mask 32 |
PrimaryGroup | String | R | Group with primaryGroupToken |
ProtectedFromAccidentalDeletion | Boolean | RW | nTSecurityDescriptor |
SamAccountName | String | RW | sAMAccountName |
ServicePrincipalNames | ADCollection | RW | servicePrincipalName |
SID | Sid | R | objectSID converted to string |
SIDHistory | ADCollection | R | sIDHistory |
TrustedForDelegation | Boolean | RW | userAccountControl (bit mask 524288) |
TrustedToAuthForDelegation | Boolean | RW | userAccountControl (bit mask 16777216) |
UseDESKeyOnly | Boolean | RW | userAccountControl (bit mask 2097152) |
UserPrincipalName | String | RW | userPrincipalName |
The attributes are those of the Service Account object. These are objects of class msDS-ManagedServiceAccount located in the container "cn=Managed Service Accounts,dc=mydomain,dc=com", where the domain is mydomain.com.
See Also
- Active Directory: PowerShell AD Module Properties
- PowerShell Portal
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory: Glossary
- Active Directory PowerShell Cmdlet Properties
- Wiki: Portal of TechNet Wiki Portals