DSCResources/MSFT_ADManagedServiceAccount/MSFT_ADManagedServiceAccount.schema.mof
[ClassVersion("1.0.1.0"), FriendlyName("ADManagedServiceAccount")]
class MSFT_ADManagedServiceAccount : OMI_BaseResource { [Key, Description("Specifies the Security Account Manager (SAM) account name of the managed service account (ldapDisplayName 'sAMAccountName'). To be compatible with older operating systems, create a SAM account name that is 15 characters or less. Once created, the user's SamAccountName cannot be changed.")] String ServiceAccountName; [Required, Description("The type of managed service account. Standalone will create a Standalone Managed Service Account (sMSA) and Group will create a Group Managed Service Account (gMSA)."), ValueMap{"Group","Standalone"}, Values{"Group","Standalone"}] String AccountType; [Write, Description("Specifies the user account credentials to use to perform this task. This is only required if not executing the task on a domain controller or using the parameter DomainController."), EmbeddedInstance("MSFT_Credential")] String Credential; [Write, Description("Specifies the common name assigned to the managed service account (ldapDisplayName 'cn'). If not specified the default value will be the same value provided in parameter ServiceAccountName.")] String CommonName; [Write, Description("Specifies the description of the account (ldapDisplayName 'description').")] String Description; [Write, Description("Specifies the display name of the account (ldapDisplayName 'displayName').")] String DisplayName; [Write, Description("Specifies the Active Directory Domain Controller instance to use to perform the task. This is only required if not executing the task on a domain controller.")] String DomainController; [Write, Description("Specifies whether the user account is created or deleted. If not specified, this value defaults to Present."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Specifies which Kerberos encryption types the account supports when creating service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute."),ValueMap{"None","RC4","AES128","AES256"}, Values{"None","RC4","AES128","AES256"}] String KerberosEncryptionType[]; [Write, Description("Specifies whether an account is trusted for Kerberos delegation. Default value is $false.")] Boolean TrustedForDelegation; [Write, Description("Specifies the membership policy for systems which can use a group managed service account. (ldapDisplayName 'msDS-GroupMSAMembership'). Only used when 'Group' is selected for 'AccountType'.")] String ManagedPasswordPrincipals[]; [Write, Description("Active Directory attribute used to perform membership operations for Group Managed Service Accounts (gMSA). If not specified, this value defaults to SamAccountName."), ValueMap{"SamAccountName","DistinguishedName","ObjectGUID","ObjectSid"}, Values{"SamAccountName","DistinguishedName","ObjectGUID","ObjectSid"}] String MembershipAttribute; [Write, Description("Specifies the X.500 path of the Organizational Unit (OU) or container where the new account is created. Specified as a Distinguished Name (DN).")] String Path; [Read, Description("Returns whether the user account is enabled or disabled.")] Boolean Enabled; [Read, Description("Returns the Distinguished Name of the Service Account.")] String DistinguishedName; }; |