Resource Type: dsc_xaduser

Defined in:

lib/puppet/type/dsc_xaduser.rb

Overview

The DSC xADUser resource type. Automatically generated from version 3.0.0.0

Properties

• dsc_accountnotdelegated

  Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute.

• dsc_allowreversiblepasswordencryption

  Indicates whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute.

• dsc_cannotchangepassword

  Specifies whether the account password can be changed

• dsc_changepasswordatlogon

  Specifies whether the account password must be changed during the next logon attempt. This cannot be set to true if the PasswordNeverExpires property is also set to true

• dsc_city

  Specifies the user’s town or city (ldapDisplayName ‘l’)

• dsc_commonname

  Specifies the common nane assigned to the user account (ldapDisplayName ‘cn’)

• dsc_company

  Specifies the user’s company (ldapDisplayName ‘company’)

• dsc_compoundidentitysupported

  Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user’s device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute.

• dsc_country

  Specifies the country or region code for the user’s language of choice (ldapDisplayName ‘c’)

• dsc_department

  Specifies the user’s department (ldapDisplayName ‘department’)

• dsc_description

  Specifies a description of the object (ldapDisplayName ‘description’)

• dsc_displayname

  Specifies the display name of the object (ldapDisplayName ‘displayName’)

• dsc_distinguishedname

  Returns the X.500 path of the object

• dsc_division

  Specifies the user’s division (ldapDisplayName ‘division’)

• dsc_domaincontroller

  Specifies the Active Directory Domain Services instance to use to perform the task.

• dsc_emailaddress

  Specifies the user’s e-mail address (ldapDisplayName ‘mail’)

• dsc_employeeid

  Specifies the user’s employee ID (ldapDisplayName ‘employeeID’)

• dsc_employeenumber

  Specifies the user’s employee number (ldapDisplayName ‘employeeNumber’)

• dsc_enabled

  Specifies if the account is enabled (default True)

• dsc_ensure

  Specifies whether the user account is created or deleted

• dsc_fax

  Specifies the user’s fax phone number (ldapDisplayName ‘facsimileTelephoneNumber’)

• dsc_givenname

  Specifies the user’s given name (ldapDisplayName ‘givenName’)

• dsc_homedirectory

  Specifies a user’s home directory path (ldapDisplayName ‘homeDirectory’)

• dsc_homedrive

  Specifies a drive that is associated with the UNC path defined by the HomeDirectory property (ldapDisplayName ‘homeDrive’)

• dsc_homepage

  Specifies the URL of the home page of the object (ldapDisplayName ‘wWWHomePage’)

• dsc_homephone

  Specifies the user’s home telephone number (ldapDisplayName ‘homePhone’)

• dsc_initials

  Specifies the initials that represent part of a user’s name (ldapDisplayName ‘initials’)

• dsc_ipphone

  Specifies the user’s IP telephony phone number (ldapDisplayName ‘ipPhone’)

• dsc_jobtitle

  Specifies the user’s title (ldapDisplayName ‘title’)

• dsc_logonscript

  Specifies a path to the user’s log on script (ldapDisplayName ‘scriptPath’)

• dsc_logonworkstations

  Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Account Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer. The LDAP display name (ldapDisplayName) for this property is userWorkStations.

• dsc_manager

  Specifies the user’s manager specified as a Distinguished Name (ldapDisplayName ‘manager’)

• dsc_mobilephone

  Specifies the user’s mobile phone number (ldapDisplayName ‘mobile’)

• dsc_notes

  Specifies the notes attached to the user’s accoutn (ldapDisplayName ‘info’)

• dsc_office

  Specifies the location of the user’s office or place of business (ldapDisplayName ‘physicalDeliveryOfficeName’)

• dsc_officephone

  Specifies the user’s office telephone number (ldapDisplayName ‘telephoneNumber’)

• dsc_organization

  Specifies the user’s organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.

• dsc_othername

  Specifies a name in addition to a user’s given name and surname, such as the user’s middle name. This parameter sets the OtherName property of a user object. The LDAP display name (ldapDisplayName) of this property is middleName.

• dsc_pager

  Specifies the user’s pager number (ldapDisplayName ‘pager’)

• dsc_passwordauthentication

  Specifies the authentication context type used when testing passwords

• dsc_passwordneverexpires

  Specifies whether the password of an account can expire

• dsc_passwordneverresets

  Specifies whether existing user’s password should be reset (default $false)

• dsc_passwordnotrequired

  Specifies whether the account requires a password. A password is not required for a new account. This parameter sets the PasswordNotRequired property of an account object.

• dsc_path

  Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created

• dsc_pobox

  Specifies the user’s post office box number (ldapDisplayName ‘postOfficeBox’)

• dsc_postalcode

  Specifies the user’s postal code or zip code (ldapDisplayName ‘postalCode’)

• dsc_profilepath

  Specifies a path to the user’s profile (ldapDisplayName ‘profilePath’)

• dsc_proxyaddresses

  Specifies the proxy addresses for the user account.

• dsc_restorefromrecyclebin

  Try to restore the user object from the recycle bin before creating a new one.

• dsc_serviceprincipalnames

  Specifies the service principal names for the user account.

• dsc_smartcardlogonrequired

  Specifies whether a smart card is required to logon. This parameter sets the SmartCardLoginRequired property for a user object. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute.

• dsc_state

  Specifies the user’s or Organizational Unit’s state or province (ldapDisplayName ‘st’)

• dsc_streetaddress

  Specifies the user’s street address (ldapDisplayName ‘streetAddress’)

• dsc_surname

  Specifies the user’s last name or surname (ldapDisplayName ‘sn’)

• dsc_trustedfordelegation

  Specifies whether an account is trusted for Kerberos delegation (default $false)

• dsc_userprincipalname

  Specifies the UPN assigned to the user account (ldapDisplayName ‘userPrincipalName’)

Parameters

• dsc_domainadministratorcredential

  Specifies the user account credentials to use to perform this task

• dsc_domainname (namevar)

  Name of the domain where the user account is located (only used if password is managed)

• dsc_password

  Specifies a new password value for the account

• dsc_psdscrunascredential
• dsc_username (namevar)

  Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName ‘sAMAccountName’)

• name (namevar)

  Description of the purpose for this resource declaration.

• validation_mode (defaults to: property)

  Whether to check if the resource is in the desired state by property (default) or using Invoke-DscResource in Test mode (resource).