Specifying parameters using different formats

For certain types of parameters, you can specify a value using any one of several different supported formats. For example, you can specify a user principal for a CdaAdPrincipal object type by providing the information that identifies the user in any of the following formats:

  • distinguished name (DN) for the user.
  • security identifier for the user (SID).
  • sAMAccountName attribute for the user in either the sAMAccountName@domain format or domain\sAMAccountName format.
  • in a stored user object.

The following formats are all valid for specifying an Active Directory user principal:

New-CdaRoleAssignment -AuditRole $role -Assignee "cn=ben,cn=Users,dc=acme,dc=com"
New-CdaRoleAssignment -AuditRole $role -Assignee "S-1-5-21-12345678-98765432-500"
New-CdaRoleAssignment -AuditRole $role -Assignee  "ben@acme.com"
New-CdaRoleAssignment -AuditRole $role -Assignee "acme\ben"
New-CdaRoleAssignment -AuditRole $role -Assignee $userObject

The following table lists the supported formats for each type of parameter.

Type Supported parameter formats


You can specify an installation name as string, for example, “DefaultInstallation,” or using a CdaInstallation object.


You can specify Active Directory users, groups, or computers using any of the following formats:

  • Distinguished name string
  • SID string
  • sAMMAccountName@domain
  • domain\sAMAccountName

You can specify Active Directory users, groups, or computers using a CdaAdPrincipal object.


You can specify a Windows account name or a SQL Server login account name and password, e.g.

For a Windows user account, all of the same formats listed for a CdaAdPrincipal object are supported.

For SQL Server login accounts, the format is “sql:sql_name:sql_password. The password can be empty.


You can specify the audit scope using the Active Directory site name as a string, for example, “default-first-site” or by specifying a network subnet definition as a string, for example, “”.

If a parameter is not listed in the table, you must specify the object instance returned by a previously cmdlet. For example, you can use the Get-CdaAuditStore cmdlet to return an object instance of the audit store then use that object instance for parameters in other cmdlets that require it.

# Get the audit store object instance and store it in $cdaAuditStoreObject
$cdaAduitStoreObject = Get-CdaAuditStore -Installation “DefaultInstallation” -Name “Default-First-Site”
# Use the audit store object instance to specify a parameter value
Attach-CdaDatabase -AuditStore $cdaAduitStoreObject -Name “audit-store-db” ‑Server “win2012\instance1” -Database “audit-store-database”