Updates the properties of a group Managed Service Account (gMSA) specified by the Identifier parameter.
Set-AzureDRAContact -Tenant <String> [-Properties <Hashtable>] [-Replace <Hashtable>] [-Add <Hashtable>] [-Remove <Hashtable>] [-Clear <String[]>] -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Set-DRAServiceAccount cmdlet updates the requested gMSA. The requesting user must have the Modify All group Managed Service Account Properties power.
|
Attribute / Description |
Parameters / Values |
||||
|---|---|---|---|---|---|
|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
|
Properties <Hashtable> A hashtable of property values. The key is the name of a defined attribute in the REST interface. For example: -Properties @{Attribute1DRADisplayName="my value"; Attribute2DRADisplayName=value} Multiple values are specified as a comma-separated list.For example: -Properties @{Attribute1DRADisplayName=value1, value2} If the property name contains non-alphanumeric characters it needs to be quoted.For example: -Properties @{"Attribute1-DRA-DisplayName"=value} If the property value contains a quote it needs to be escaped with a backtick (`).For example: -Properties @{Attribute1DRADisplayName="`"sample`" value"} |
true |
named |
|
true (ByPropertyName) |
false |
|
Replace [<Hashtable>] A Hashtable of property values to replace the current set of values for the specified property. The key is the name of a defined property in the REST interface. For example: -Replace @{Attribute1DRADisplayName="my value"; Attribute2DRADisplayName=value} Multiple values are specified as a comma-separated list and will replace currently set values.For example: -Replace @{Attribute1DRADisplayName=value1, value2} If the property name contains non-alphanumeric characters it needs to be quoted.For example: -Replace @{"Attribute1-DRA-DisplayName"=value} If the property value contains a quote it needs to be escaped with a backtick (`).For example: -Replace @{Attribute1DRADisplayName="`"sample`" value"} |
false |
named |
|
true (ByPropertyName) |
false |
|
Add [<Hashtable>] A Hashtable of property values to add to the current set of values for the specified multi-valued property. The key is the name of a defined property in the REST interface. For example: -Add @{Attribute1DRADisplayName=value; Attribute2DRADisplayName=value1, value2; ...; AttributeNDRADisplayName=value1, value2} Multiple values are specified as a comma-separated list.For example: -Add @{Attribute1DRADisplayName=value1, value2}} If the property name contains non-alphanumeric characters it needs to be quoted.For example: -Add @{"Attribute1-DRA-DisplayName"=value} If the property value contains a quote it needs to be escaped with a backtick (`).For example: -Add @{Attribute1DRADisplayName="`"sample`" value"} |
false |
named |
|
true (ByPropertyName) |
false |
|
Remove [<Hashtable>] A Hashtable of property values to remove from the current set of values for the specified multi-valued property. The key is the name of a defined property in the REST interface. For example: -Remove @{Attribute1DRADisplayName=value; Attribute2DRADisplayName=value1, value2; ...; AttributeNDRADisplayName=value1, value2} Multiple values are specified as a comma-separated list and will be removed from currently set values.For example: -Remove @{Attribute1DRADisplayName=value1,value2} If the property name contains non-alphanumeric characters it needs to be quoted.For example: -Remove @{"Attribute1-DRA-DisplayName"=value} If the property value contains a quote it needs to be escaped with a backtick (`).For example: -Remove @{Attribute1DRADisplayName="`"sample`" value"} |
false |
named |
|
true (ByPropertyName) |
false |
|
Clear [<String>] An array of property names whose values will be cleared. Each name is the name of a defined property in the REST interface. For example: -Clear "Attribute1-DRA-DisplayName" Multiple values need to be separated by a comma. For example: -Clear Attribute1DRADisplayName, Attribute2DRADisplayName |
false |
named |
|
true (ByPropertyName) |
false |
|
Domain <String> The domain of the object in FQDN format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
|
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
|
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
|
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
|
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
|
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
|
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Set-DRAServiceAccount -detailed". For technical information, type "Get-Help Set-DRAServiceAccount -full".
Example 24-9 1
PS C:\>Set-DRAServiceAccount -Domain MyDomain.corp -Identifier "GMSA123" -Properties @{DisplayName="gMSA123";Description="updated description"}
This example updates the display name and description of the gMSA named GMSA123 in the MyDomain.corp domain. The Identifier parameter specifies the name of the gMSA.
Example 24-10 2
PS C:\>Set-DRAServiceAccount -Domain MyDomain.corp -Identifier "CN=GMSA123,CN=Managed Service Accounts,DC=MyDomain,DC=corp"
-Properties @{PrincipalsAllowedToRetrieveManagedPassword="CN=COMPUTER123,OU=Accounting,DC=MyDomain,DC=corp";PrincipalsAllowedToDelega teToAccount="CN=George,CN=Users,DC=MYDOMAIN,DC=corp","CN=USER123,OU=Accounting,DC=MyDomain,DC=corp"}
This example updates the computer account that is specified in the PrincipalsAllowedToRetrieveManagedPassword property and the user accounts that are specified in the PrincipalsAllowedToDelegateToAccount property for the gMSA named GMSA123 in the MyDomain.corp domain. Multi-valued properties must be separated by a comma and enclosed in escaped quotation marks.