Get-AdmAccountToken

Retrieves information about REST API access tokens for a specified account.

Description

The Get-AdmAccountToken cmdlet retrieves information about one or more access tokens for a specified account.

You can retrieve a specific token by providing its name, or retrieve all tokens for an account by omitting the Name parameter.

Examples

Example 1 – Get all tokens for an account

Get-AdmAccountToken -Identity "CN=SvcAcc_HR,OU=Service Accounts,DC=domain,DC=com" `
    -AdaxesService "adaxes.domain.com"

This command retrieves all access tokens for the SvcAcc_HR service account.

Example 2 – Get a specific token by name

Get-AdmAccountToken -Identity "domain\SvcAcc_Admin" -Name "SuperAdminToken" `
    -AdaxesService "adaxes.domain.com"

This command retrieves a specific token named SuperAdminToken for the domain\SvcAcc_Admin account.

Parameters

-Identity

Specifies the account whose tokens to retrieve. You can identify the account by one of the following properties:

• Distinguished name (DN)
• GUID (objectGUID)
• Security identifier (objectSid)
• SAM account name (sAMAccountName)
• Username (userPrincipalName)

This parameter can also get an account object through the pipeline, or you can set this parameter to an account object instance from a variable.

-Name

Specifies the name of the token to retrieve.

If this parameter is omitted, the cmdlet retrieves all tokens that belong to the account specified in the Identity parameter.

-AdaxesService

Specifies the DNS host name of the Adaxes service that will be used to execute this cmdlet.

-Credential

Specifies the user account credentials to run this cmdlet as.

• Adaxes service administrators can retrieve tokens for any account
• Entra users cannot retrieve tokens at all
• Other users can retrieve tokens only for their own account

To specify this parameter, you can type a username, such as j.smith@domain.com or DOMAIN\j.smith or you can specify a PSCredential object. If you specify a username for this parameter, the cmdlet prompts for a password.

You can also create a PSCredential object by using a script or the Get-Credential cmdlet.

By default, the cmdlet uses the credentials of the signed in user when run from an external PowerShell session, and the credentials of the Adaxes service account when run from a script inside Adaxes.

-Server

Specifies the domain or directory server to connect to. The cmdlet will attempt to locate the account from the Identity parameter via the specified server.

You can specify a domain or server in one of the following formats.

Domain names:

• NetBIOS name (e.g. CORP)
• Fully qualified domain name (e.g. corp.contoso.com)

Directory servers:

• NetBIOS name (e.g. DC01)
• Fully qualified host name (e.g. dc01.corp.contoso.com)
• Fully qualified host name and port (e.g. dc01.corp.contoso.com:3268)

The default value is determined in the following order:

• From the Server property of objects passed through the pipeline.
• From the Adaxes PowerShell provider drive, if applicable.
• From the domain of the local computer.

Inputs

None or Softerra.Adaxes.PowerShellModule.Directory.ADAccount

You can pipe account objects from Adaxes cmdlets (e.g. Get-AdmUser) to the Identity parameter.

Derived types, such as the following are also accepted:

• Softerra.Adaxes.PowerShellModule.Directory.ADUser
• Softerra.Adaxes.PowerShellModule.Directory.ADComputer

Outputs

Softerra.Adaxes.AccessControl.AccountToken

Returns one or more access token objects.

See also

• REST API overview
• New-AdmAccountToken
• Remove-AdmAccountToken
• IAccountTokenOps
• AccountToken