Share via

New-MDIDSA

Module:
DefenderForIdentity Module

Creates a new Directory Service Account (DSA).

Syntax

GMSA (Default) 

New-MDIDSA
    [-Identity] <String>
    -GmsaGroupName <String>
    [-BaseDn <String>]
    [-Server <String>]
    [<CommonParameters>]

StandardAccount 

New-MDIDSA
    [-Identity] <String>
    -ForceStandardAccount
    [-BaseDn <String>]
    [-Server <String>]
    [<CommonParameters>]

Description

This function creates a new Directory Service Account (DSA). It can create either a GMSA (Group Managed Service Account) or a standard service account based on the provided parameters, and sets the required permissions for the Deleted Objects container.

Examples

EXAMPLE 1

New-MDIDSA -Identity "mdiSvc01" -GmsaGroupName "mdiSvcGroup01"

This example creates a new GMSA service account with the name "mdiSvc01" and the GMSA group name "mdiSvcGroup01".

EXAMPLE 2

New-MDIDSA -Identity "mdiSvc02" -ForceStandardAccount

This example creates a new standard service account with the name "mdiSvc02".

Parameters

-BaseDn

Specifies the base distinguished name (DN) for the service account. This parameter is optional and for standard accounts it defaults to the Users container in your domain (for example, "CN=Users,DC=Contoso,DC=com"). GMSAs are created under the Managed Service Accounts container.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:3
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Domain

Specifies the name of the domain to run the command against. This parameter is optional and defaults to the user's DNS domain.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ForceStandardAccount

If specified, forces the creation of a standard service account instead of a GMSA.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-GmsaGroupName

Specifies the name of the GMSA group. This parameter is mandatory and must be a string with a length between 1 and 28 characters.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Identity

Specifies the name of the service account to be created. This parameter is mandatory and must be a string with a length between 1 and 16 characters.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:1
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Server

Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Outputs

System.Boolean

By default, the cmdlet returns $true when the specified Directory Service Account (DSA) has been created successfully.