New-MDIDSA
Creates a new Directory Service Account (DSA).
Syntax
New-MDIDSA
[-Identity] <String>
-GmsaGroupName <String>
[-BaseDn <String>]
[-Server <String>]
[<CommonParameters>]New-MDIDSA
[-Identity] <String>
[-BaseDn <String>]
-ForceStandardAccount
[-Server <String>]
[<CommonParameters>]Description
This function creates a new Directory Service Account (DSA). It can create either a GMSA (Group Managed Service Account) or a standard service account based on the provided parameters, and sets the required permissions for the Deleted Objects container.
Examples
EXAMPLE 1
New-MDIDSA -Identity "mdiSvc01" -GmsaGroupName "mdiSvcGroup01"This example creates a new GMSA service account with the name "mdiSvc01" and the GMSA group name "mdiSvcGroup01".
EXAMPLE 2
New-MDIDSA -Identity "mdiSvc02" -ForceStandardAccountThis example creates a new standard service account with the name "mdiSvc02".
Parameters
-BaseDn
Specifies the base distinguished name (DN) for the service account. This parameter is optional and for standard accounts it defaults to the Users container in your domain (for example, "CN=Users,DC=Contoso,DC=com"). GMSAs are created under the Managed Service Accounts container.
| Type: | System.String |
| Position: | 3 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceStandardAccount
If specified, forces the creation of a standard service account instead of a GMSA.
| Type: | System.Management.Automation.SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-GmsaGroupName
Specifies the name of the GMSA group. This parameter is mandatory and must be a string with a length between 1 and 28 characters.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Identity
Specifies the name of the service account to be created. This parameter is mandatory and must be a string with a length between 1 and 16 characters.
| Type: | System.String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
System.Boolean
By default, the cmdlet returns $true when the specified Directory Service Account (DSA) has
been created successfully.