PowerShell Logo Small

Set-ADServiceAccount



This is the built-in help made by Microsoft for the command 'Set-ADServiceAccount', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies an Active Directory managed service account or group managed service account object.

SYNTAX


Set-ADServiceAccount [-Identity] <ADServiceAccount> [-AccountExpirationDate <DateTime>] [-AccountNotDelegated <Boolean>] [-Add <Hashtable>]
[-AuthType <ADAuthType>] [-Certificates <String[]>] [-Clear <String[]>] [-CompoundIdentitySupported <Boolean>] [-Credential <PSCredential>]
[-Description <String>] [-DisplayName <String>] [-DNSHostName <String>] [-Enabled <Boolean>] [-HomePage <String>] [-KerberosEncryptionType
<ADKerberosEncryptionType>] [-Partition <String>] [-PassThru [<SwitchParameter>]] [-PrincipalsAllowedToDelegateToAccount <ADPrincipal[]>]
[-PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-SamAccountName <String>] [-Server
<String>] [-ServicePrincipalNames <Hashtable>] [-TrustedForDelegation <Boolean>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Set-ADServiceAccount [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-PassThru [<SwitchParameter>]] [-Server <String>] -Instance
<ADServiceAccount> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADServiceAccount cmdlet modifies the properties of an Active Directory managed service account (MSA). You can modify commonly used
property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the
Add, Replace, Clear and Remove parameters.


The Identity parameter specifies the Active Directory MSA to modify. You can identify a MSA by its distinguished name (DN), GUID, security
identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as
$<localServiceAccountObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the
Get-ADServiceAccount cmdlet to retrieve a MSA object and then pass the object through the pipeline to the Set-ADServiceAccount cmdlet.


The Instance parameter provides a way to update a MSA object by applying the changes made to a copy of the object. When you set the Instance
parameter to a copy of an Active Directory MSA object that has been modified, the Set-ADServiceAccount cmdlet makes the same changes to the
original MSA object. To get a copy of the object to modify, use the Get-ADServiceAccount object. When you specify the Instance parameter you
should not pass the Identity parameter. For more information about the Instance parameter, see the Instance parameter description.


For more information about how the Instance concept is used in Active Directory cmdlets, see about_ActiveDirectory_Instance.


The following examples show how to modify the ServicePrincipalNames property of a MSA object by using three methods:


-By specifying the Identity and the ServicePrincipalNames parameters


-By passing a service account object through the pipeline and specifying the ServicePrincipalNames parameter


-By specifying the Instance parameter.


Method 1: Modify the ServicePrincipalNames property for the AccessIndia MSA by using the Identity and ServicePrincipalNames parameters.


Set-ADServiceAccount -Identity AccessIndia -ServicePrincipalNames @{Add=ACCESSAPP/india.contoso.com}


Method 2: Modify the ServicePrincipalNames property for the AccessIndia MSA by passing the AccessIndia MSA through the pipeline and specifying
the ServicePrincipalNames parameter.


Get-ADServiceAccount -Identity "AccessIndia" | Set-ADServiceAccount -ServicePrincipalNames @{Add=ACCESSAPP/india.contoso.com}


Method 3: Modify the <property> property for the AccessIndia MSA by using the Windows PowerShell command line to modify a local instance of
the AccessIndia MSA. Then set the Instance parameter to the local instance.


$serviceAccount = Get-ADServiceAccount -Identity "AccessIndia"


$serviceAccount.ServicePrincipalNames = @{Add=ACCESSAPP/india.contoso.com}


Set-ADServiceAccount -Instance $serviceAccount.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219355
Get-ADServiceAccount
Install-ADServiceAccount
New-ADServiceAccount
Remove-ADServiceAccount
Uninstall-ADServiceAccount

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Set-ADServiceAccount service1 -Description "Secretive Data Server"



Description

-----------

Set the description of Managed Service Account 'service1' to "Secretive Data Server"




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Set-ADServiceAccount Mongol01ADAM -ServicePrincipalNames @{replace="ADAMwdb/a.contoso.com", "ADAMbdb/a.contoso.com"}



Description

-----------

Replace the value of property ServicePrincipalNames with "ADAMwdb/a.contoso.com", "ADAMbdb/a.contoso.com"




-------------------------- EXAMPLE 3 --------------------------

C:\PS>Set-ADServiceAccount service1 -PrincipalsAllowedToRetrieveManagedPassword "MsaAdmins.corp.contoso.com"



Description

-----------

Sets the principals allowed to retrieve the password for this managed service account to be limited to only members of the specified Active
Directory group account.