Specifying parameters using different formats
For certain types of parameters, you can specify a value using any one of several different supported formats. For example, you can specify a user principal for a CdaAdPrincipal object type by providing the information that identifies the user in any of the following formats:
- distinguished name (DN) for the user.
- security identifier for the user (SID).
sAMAccountName
attribute for the user in either thesAMAccountName@domain
format ordomain\sAMAccountName
format.- in a stored user object.
The following formats are all valid for specifying an Active Directory user principal:
New-CdaRoleAssignment -AuditRole $role -Assignee "cn=ben,cn=Users,dc=acme,dc=com"
New-CdaRoleAssignment -AuditRole $role -Assignee "S-1-5-21-12345678-98765432-500"
New-CdaRoleAssignment -AuditRole $role -Assignee "ben@acme.com"
New-CdaRoleAssignment -AuditRole $role -Assignee "acme\ben"
New-CdaRoleAssignment -AuditRole $role -Assignee $userObject
The following table lists the supported formats for each type of parameter.
Type | Supported parameter formats |
CdaInstallation |
You can specify an installation name as string, for example, “DefaultInstallation,” or using a CdaInstallation object. |
CdaAdPrincipal |
You can specify Active Directory users, groups, or computers using any of the following formats:
You can specify Active Directory users, groups, or computers using a CdaAdPrincipal object. |
CdaAccessAccount |
You can specify a Windows account name or a SQL Server login account name and password, e.g. For a Windows user account, all of the same formats listed for a CdaAdPrincipal object are supported. For SQL Server login accounts, the format is |
CdaAuditScope |
You can specify the audit scope using the Active Directory site name as a string, for example, “default-first-site” or by specifying a network subnet definition as a string, for example, “192.168.100.0/24”. |
If a parameter is not listed in the table, you must specify the object instance returned by a previously cmdlet. For example, you can use the Get-CdaAuditStore
cmdlet to return an object instance of the audit store then use that object instance for parameters in other cmdlets that require it.
# Get the audit store object instance and store it in $cdaAuditStoreObject
$cdaAduitStoreObject = Get-CdaAuditStore -Installation “DefaultInstallation” -Name “Default-First-Site”
# Use the audit store object instance to specify a parameter value
Attach-CdaDatabase -AuditStore $cdaAduitStoreObject -Name “audit-store-db” ‑Server “win2012\instance1” -Database “audit-store-database”