Specifying parameters using different formats

For certain types of parameters, you can specify a value using any one of several different supported formats. For example, you can specify a user principal for a CdaAdPrincipal object type by providing the information that identifies the user in any of the following formats:

  • distinguished name (DN) for the user.
  • security identifier for the user (SID).
  • sAMAccountName attribute for the user in either the sAMAccountName@domain format or domain\sAMAccountName format.
  • in a stored user object.

The following formats are all valid for specifying an Active Directory user principal:

New-CdaRoleAssignment -AuditRole $role -Assignee "cn=ben,cn=Users,dc=acme,dc=com"
New-CdaRoleAssignment -AuditRole $role -Assignee "S-1-5-21-12345678-98765432-500"
New-CdaRoleAssignment -AuditRole $role -Assignee  "ben@acme.com"
New-CdaRoleAssignment -AuditRole $role -Assignee "acme\ben"
New-CdaRoleAssignment -AuditRole $role -Assignee $userObject

The following table lists the supported formats for each type of parameter.

Type Supported parameter formats

CdaInstallation

You can specify an installation name as string, for example, “DefaultInstallation,” or using a CdaInstallation object.

CdaAdPrincipal

You can specify Active Directory users, groups, or computers using any of the following formats:

  • Distinguished name string
  • SID string
  • sAMMAccountName@domain
  • domain\sAMAccountName

You can specify Active Directory users, groups, or computers using a CdaAdPrincipal object.

CdaAccessAccount

You can specify a Windows account name or a SQL Server login account name and password, e.g.

For a Windows user account, all of the same formats listed for a CdaAdPrincipal object are supported.

For SQL Server login accounts, the format is “sql:sql_name:sql_password. The password can be empty.

CdaAuditScope

You can specify the audit scope using the Active Directory site name as a string, for example, “default-first-site” or by specifying a network subnet definition as a string, for example, “192.168.100.0/24”.

If a parameter is not listed in the table, you must specify the object instance returned by a previously cmdlet. For example, you can use the Get-CdaAuditStore cmdlet to return an object instance of the audit store then use that object instance for parameters in other cmdlets that require it.

# Get the audit store object instance and store it in $cdaAuditStoreObject
$cdaAduitStoreObject = Get-CdaAuditStore -Installation “DefaultInstallation” -Name “Default-First-Site”
# Use the audit store object instance to specify a parameter value
Attach-CdaDatabase -AuditStore $cdaAduitStoreObject -Name “audit-store-db” ‑Server “win2012\instance1” -Database “audit-store-database”