PowerShell Logo Small

Get-ADServiceAccount



This is the built-in help made by Microsoft for the command 'Get-ADServiceAccount', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Gets one or more Active Directory managed service accounts or group managed service accounts.

SYNTAX


Get-ADServiceAccount [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase
<String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <String>] -Filter <String> [<CommonParameters>]
Get-ADServiceAccount [-Identity] <ADServiceAccount> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>] [-Properties <String[]>] [-Server
<String>] [<CommonParameters>]
Get-ADServiceAccount [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase
<String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <String>] -LDAPFilter <String> [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Get-ADServiceAccount cmdlet gets a managed service account (MSA) or performs a search to retrieve MSAs.


The Identity parameter specifies the Active Directory MSA to get. You can identify a MSA by its distinguished name Members (DN), GUID, security identifier (SID), or Security
Accounts Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localServiceaccountObject> or pass a MSA object through the pipeline
to the Identity parameter.


To search for and retrieve more than one MSA, use the Filter or LDAPFilter parameters. The
parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support
for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing
LDAP query strings, you can use the LDAPFilter parameter.


This cmdlet gets a default set of MSA object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the
properties for service account objects, see the Properties parameter description.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291052
Install-ADServiceAccount
New-ADServiceAccount
Remove-ADServiceAccount
Set-ADServiceAccount
Uninstall-ADServiceAccount

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Get-ADServiceAccount -Identity service1
Enabled : True
Name : service1
UserPrincipalName :
SamAccountName : service1$
ObjectClass : msDS-ManagedServiceAccount
SID : S-1-5-21-159507390-2980359153-3438059098-29770
ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a
HostComputers :
DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com



This command retrieves a service account with samAccountName service1.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADServiceAccount -Identity S-1-5-21-159507390-2980359153-3438059098-29770
Enabled : True
Name : service1
UserPrincipalName :
SamAccountName : service1$
ObjectClass : msDS-ManagedServiceAccount
SID : S-1-5-21-159507390-2980359153-3438059098-29770
ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a
HostComputers :
DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com



This command retrieves the managed service account with SID S-1-5-21-159507390-2980359153-3438059098-29770.




-------------------------- EXAMPLE 3 --------------------------

PS C:\>Get-ADServiceAccount -Filter {HostComputers -eq "CN=SQL-Server-1, DC=contoso,DC=com" }




Enabled : True
Name : service1
UserPrincipalName :
SamAccountName : service1$
ObjectClass : msDS-ManagedServiceAccount
SID : S-1-5-21-159507390-2980359153-3438059098-29770
ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a
HostComputers : {CN=SQL-Server-1, DC=contoso,DC=com}
DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com



This command finds the Managed Service Accounts installed on the computer CN=SQL-Server-1,DC=contoso,DC=com.