The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADServiceAccount cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADServiceAccount cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink:

Property Syntax R/RW lDAPDisplayName
AccountExpirationDate DateTime RW accountExpires, converted to local time
AccountLockoutTime DateTime RW lockoutTime, converted to local time
AccountNotDelegated Boolean RW userAccountControl (bit mask 1048576
AllowReversiblePasswordEncryption Boolean RW userAccountControl (bit mask 128)
BadLogonCount Int32 R badPwdCount
CannotChangePassword Boolean/td> RW nTSecurityDescriptor
CanonicalName String R canonicalName
Certificates ADCollection RW userCertificate
CN String R cn
Created DateTime R whenCreated
Deleted Boolean R isDeleted
Description String RW description
DisplayName String RW displayName
DistinguishedName String (DN) R distinguishedName
DoesNotRequirePreAuth Boolean RW userAccountControl (bit mask 4194304)
Enabled Boolean RW userAccountControl (bit mask not 2)
HomedirRequired Boolean RW userAccountControl (bit mask 8)
HomePage String RW wWWHomePage
HostComputers ADCollection RW msDS-HostServiceAccountBL
LastBadPasswordAttempt DateTime R badPasswordTime, converted to local time
LastKnownParent String (DN) R lastKnownParent
LastLogonDate DateTime R lastLogonTimeStamp, converted to local time
LockedOut Boolean RW msDS-User-Account-Control-Computed (bit mask 16)
MemberOf ADCollection R memberOf
MNSLogonAccount Boolean RW userAccountControl (bit mask 131072)
Modified DateTime R whenChanged
Name String R cn (Relative Distinguished Name)
ObjectCategory String R objectCategory
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID, converted to string
PasswordExpired Boolean RW msDS-User-Account-Control-Computed (bit mask 8388608)
PasswordLastSet DateTime RW pwdLastSet, local time
PasswordNeverExpires Boolean RW userAccountControl (bit mask 64)
PasswordNotRequired Boolean RW userAccountControl (bit mask 32
PrimaryGroup String R Group with primaryGroupToken
ProtectedFromAccidentalDeletion Boolean RW nTSecurityDescriptor
SamAccountName String RW sAMAccountName
ServicePrincipalNames ADCollection RW servicePrincipalName
SID Sid R objectSID converted to string
SIDHistory ADCollection R sIDHistory
TrustedForDelegation Boolean RW userAccountControl (bit mask 524288)
TrustedToAuthForDelegation Boolean RW userAccountControl (bit mask 16777216)
UseDESKeyOnly Boolean RW userAccountControl (bit mask 2097152)
UserPrincipalName String RW userPrincipalName

The attributes are those of the Service Account object. These are objects of class msDS-ManagedServiceAccount located in the container "cn=Managed Service Accounts,dc=mydomain,dc=com", where the domain is mydomain.com.

↑ Return to Top

See Also

↑ Return to Top

Other Resources

↑ Return to Top