DSCResources/MSFT_ADManagedServiceAccount/MSFT_ADManagedServiceAccount.schema.mof
[ClassVersion("1.0.1.0"), FriendlyName("ADManagedServiceAccount")]
class MSFT_ADManagedServiceAccount : OMI_BaseResource { [Key, Description("Specifies the Security Account Manager (SAM) account name of the managed service account (ldapDisplayName 'sAMAccountName'). To be compatible with older operating systems, create a SAM account name that is 20 characters or less. Once created, the user's SamAccountName and CN cannot be changed.")] String ServiceAccountName; [Write, Description("Specifies whether the user account is created or deleted. If not specified, this value defaults to Present."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("The type of managed service account. Single will create a Single Managed Service Account (sMSA) and Group will create a Group Managed Service Account (gMSA). If not specified, this value defaults to Single."), ValueMap{"Group","Single"}, Values{"Group","Single"}] String AccountType; [Write, Description("Specifies whether or not to remove the service account and recreate it when going from Single Managed Service Account to Group Managed Service Account and vice-versa. If not specified, this value defaults to $false.")] Boolean AccountTypeForce; [Write, Description("Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. Specified as a Distinguished Name (DN).")] String Path; [Write, Description("Specifies a description of the object (ldapDisplayName 'description').")] String Description; [Write, Description("Specifies the display name of the object (ldapDisplayName 'displayName').")] String DisplayName; [Write, Description("Specifies the members of the object (ldapDisplayName 'PrincipalsAllowedToRetrieveManagedPassword'). Only used when 'Group' is selected for 'AccountType'.")] String Members[]; [Write, Description("Active Directory attribute used to perform membership operations for Group Managed Service Accounts (gMSA). If not specified, this value defaults to SamAccountName. Only used when 'Group' is selected for 'AccountType'. Default value is 'SamAccountName'."), ValueMap{"SamAccountName","DistinguishedName","ObjectGUID","SID"}, Values{"SamAccountName","DistinguishedName","ObjectGUID","SID"}] String MembershipAttribute; [Write, Description("Specifies the user account credentials to use to perform this task. This is only required if not executing the task on a domain controller or using the parameter DomainController."), EmbeddedInstance("MSFT_Credential")] String Credential; [Write, Description("Specifies the Active Directory Domain Controller instance to use to perform the task. This is only required if not executing the task on a domain controller.")] String DomainController; [Read, Description("Returns whether the user account is enabled or disabled.")] Boolean Enabled; [Read, Description("Returns the Distinguished Name of the Service Account.")] String DistinguishedName; }; |