Test-ADServiceAccount

Tests a managed service account from a computer.

Syntax

Test-ADServiceAccount
    [-Identity] <ADServiceAccount>
    [-AuthType <ADAuthType>]
    [<CommonParameters>]

Description

The Test-ADServiceAccount cmdlet tests a managed service account (MSA) from a local computer.

the Identity parameter specifies the Active Directory MSA account to test. You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localMSA> or pass a MSA object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount to get a MSA object and then pass that object through the pipeline to the Test-ADServiceAccount cmdlet.

Examples

Example 1: Test an MSA

PS C:\> Test-ADServiceAccount -Identity MSA1
True

This command tests the specified service account, MSA1, from the local computer. The test indicates whether the account is ready for use, which means it can be authenticated and that it can access the domain using its current credentials.

Required Parameters

-Identity

Specifies an Active Directory managed service account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are:

  • A distinguished name
  • A GUID (objectGUID)
  • A security identifier (objectSid)
  • A SAM account name (sAMAccountName)

The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.

This parameter can also get this object through the pipeline or you can set this parameter to an object instance.

Type:ADServiceAccount
Position:0
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False

Optional Parameters

-AuthType

Specifies the authentication method to use. The acceptable values for this parameter are:

  • Negotiate or 0
  • Basic or 1

The default authentication method is Negotiate.

A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.

Type:ADAuthType
Parameter Sets:Negotiate, Basic
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None or Microsoft.ActiveDirectory.Management.ADServiceAccount

A managed service account object is received by the Identity parameter.

Outputs

None