From 7a495021803b600fc600fb91f0137b2175d656b6 Mon Sep 17 00:00:00 2001 From: Sean Wheeler Date: Wed, 7 Feb 2024 10:40:06 -0600 Subject: [PATCH] Initialize content for Windows Server 2025 (preview) --- .../winserver2016-ps/module-compatibility.md | 4 +- .../docs-conceptual/winserver2016-ps/toc.yml | 2 +- .../winserver2019-ps/module-compatibility.md | 2 +- .../docs-conceptual/winserver2019-ps/toc.yml | 2 +- .../winserver2022-ps/get-started.md | 12 +- .../winserver2022-ps/module-compatibility.md | 4 +- .../docs-conceptual/winserver2022-ps/toc.yml | 2 +- .../winserver2025-ps/get-started.md | 145 ++ .../winserver2025-ps/module-compatibility.md | 214 ++ .../docs-conceptual/winserver2025-ps/toc.yml | 5 + .../Disable-DiagnosticDataViewing.md | 49 + .../Enable-DiagnosticDataViewing.md | 47 + .../Get-DiagnosticData.md | 168 ++ .../Get-DiagnosticDataTypes.md | 51 + .../Get-DiagnosticDataViewingSetting.md | 46 + .../Get-DiagnosticStoreCapacity.md | 94 + .../Microsoft.DiagnosticDataViewer.md | 45 + .../Set-DiagnosticStoreCapacity.md | 97 + ...sable-ServerManagerStandardUserRemoting.md | 139 ++ ...nable-ServerManagerStandardUserRemoting.md | 135 ++ .../Export-SmigServerSetting.md | 258 +++ .../Get-SmigServerFeature.md | 166 ++ .../Get-WindowsFeature.md | 193 ++ .../Import-SmigServerSetting.md | 385 ++++ .../Install-WindowsFeature.md | 360 +++ ...crosoft.Windows.ServerManager.Migration.md | 31 + .../Receive-SmigServerData.md | 138 ++ .../Send-SmigServerData.md | 297 +++ .../ServerManager.md | 36 + .../Uninstall-WindowsFeature.md | 277 +++ ...sable-ServerManagerStandardUserRemoting.md | 173 ++ ...nable-ServerManagerStandardUserRemoting.md | 183 ++ .../ServerManager/Get-WindowsFeature.md | 220 ++ .../ServerManager/Install-WindowsFeature.md | 441 ++++ .../ServerManager/ServerManager.md | 45 + .../ServerManager/Uninstall-WindowsFeature.md | 312 +++ .../activedirectory/ActiveDirectory.md | 460 ++++ .../Add-ADCentralAccessPolicyMember.md | 284 +++ .../Add-ADComputerServiceAccount.md | 341 +++ ...mainControllerPasswordReplicationPolicy.md | 328 +++ .../Add-ADFineGrainedPasswordPolicySubject.md | 365 +++ .../activedirectory/Add-ADGroupMember.md | 441 ++++ .../Add-ADPrincipalGroupMembership.md | 400 ++++ .../Add-ADResourcePropertyListMember.md | 276 +++ .../Clear-ADAccountExpiration.md | 329 +++ .../Clear-ADClaimTransformLink.md | 295 +++ .../activedirectory/Disable-ADAccount.md | 346 +++ .../Disable-ADOptionalFeature.md | 357 +++ .../activedirectory/Enable-ADAccount.md | 337 +++ .../Enable-ADOptionalFeature.md | 329 +++ .../Get-ADAccountAuthorizationGroup.md | 354 +++ ...countResultantPasswordReplicationPolicy.md | 327 +++ .../Get-ADAuthenticationPolicy.md | 385 ++++ .../Get-ADAuthenticationPolicySilo.md | 368 +++ .../Get-ADCentralAccessPolicy.md | 343 +++ .../Get-ADCentralAccessRule.md | 345 +++ .../Get-ADClaimTransformPolicy.md | 313 +++ .../activedirectory/Get-ADClaimType.md | 322 +++ .../activedirectory/Get-ADComputer.md | 676 ++++++ .../Get-ADComputerServiceAccount.md | 223 ++ .../Get-ADDCCloningExcludedApplicationList.md | 122 + .../Get-ADDefaultDomainPasswordPolicy.md | 233 ++ .../activedirectory/Get-ADDomain.md | 274 +++ .../activedirectory/Get-ADDomainController.md | 481 ++++ ...mainControllerPasswordReplicationPolicy.md | 252 ++ ...ontrollerPasswordReplicationPolicyUsage.md | 268 +++ .../Get-ADFineGrainedPasswordPolicy.md | 485 ++++ .../Get-ADFineGrainedPasswordPolicySubject.md | 177 ++ .../activedirectory/Get-ADForest.md | 273 +++ .../activedirectory/Get-ADGroup.md | 500 ++++ .../activedirectory/Get-ADGroupMember.md | 343 +++ .../activedirectory/Get-ADObject.md | 545 +++++ .../activedirectory/Get-ADOptionalFeature.md | 403 ++++ .../Get-ADOrganizationalUnit.md | 469 ++++ .../Get-ADPrincipalGroupMembership.md | 389 ++++ .../Get-ADReplicationAttributeMetadata.md | 260 +++ .../Get-ADReplicationConnection.md | 244 ++ .../Get-ADReplicationFailure.md | 245 ++ .../Get-ADReplicationPartnerMetadata.md | 297 +++ .../Get-ADReplicationQueueOperation.md | 198 ++ .../activedirectory/Get-ADReplicationSite.md | 265 +++ .../Get-ADReplicationSiteLink.md | 272 +++ .../Get-ADReplicationSiteLinkBridge.md | 252 ++ .../Get-ADReplicationSubnet.md | 265 +++ ...et-ADReplicationUpToDatenessVectorTable.md | 282 +++ .../activedirectory/Get-ADResourceProperty.md | 307 +++ .../Get-ADResourcePropertyList.md | 315 +++ .../Get-ADResourcePropertyValueType.md | 277 +++ .../activedirectory/Get-ADRootDSE.md | 237 ++ .../activedirectory/Get-ADServiceAccount.md | 457 ++++ .../activedirectory/Get-ADTrust.md | 302 +++ .../activedirectory/Get-ADUser.md | 473 ++++ .../Get-ADUserResultantPasswordPolicy.md | 238 ++ .../Grant-ADAuthenticationPolicySiloAccess.md | 240 ++ .../Install-ADServiceAccount.md | 245 ++ .../activedirectory/Move-ADDirectoryServer.md | 252 ++ ...ve-ADDirectoryServerOperationMasterRole.md | 335 +++ .../activedirectory/Move-ADObject.md | 365 +++ .../New-ADAuthenticationPolicy.md | 488 ++++ .../New-ADAuthenticationPolicySilo.md | 349 +++ .../New-ADCentralAccessPolicy.md | 319 +++ .../New-ADCentralAccessRule.md | 323 +++ .../New-ADClaimTransformPolicy.md | 410 ++++ .../activedirectory/New-ADClaimType.md | 567 +++++ .../activedirectory/New-ADComputer.md | 968 ++++++++ .../New-ADDCCloneConfigFile.md | 412 ++++ .../New-ADFineGrainedPasswordPolicy.md | 627 +++++ .../activedirectory/New-ADGroup.md | 490 ++++ .../activedirectory/New-ADObject.md | 441 ++++ .../New-ADOrganizationalUnit.md | 552 +++++ .../activedirectory/New-ADReplicationSite.md | 608 +++++ .../New-ADReplicationSiteLink.md | 404 ++++ .../New-ADReplicationSiteLinkBridge.md | 332 +++ .../New-ADReplicationSubnet.md | 333 +++ .../activedirectory/New-ADResourceProperty.md | 477 ++++ .../New-ADResourcePropertyList.md | 288 +++ .../activedirectory/New-ADServiceAccount.md | 862 +++++++ .../activedirectory/New-ADUser.md | 1508 ++++++++++++ .../Remove-ADAuthenticationPolicy.md | 208 ++ .../Remove-ADAuthenticationPolicySilo.md | 217 ++ .../Remove-ADCentralAccessPolicy.md | 207 ++ .../Remove-ADCentralAccessPolicyMember.md | 256 +++ .../Remove-ADCentralAccessRule.md | 209 ++ .../Remove-ADClaimTransformPolicy.md | 217 ++ .../activedirectory/Remove-ADClaimType.md | 221 ++ .../activedirectory/Remove-ADComputer.md | 282 +++ .../Remove-ADComputerServiceAccount.md | 299 +++ ...mainControllerPasswordReplicationPolicy.md | 308 +++ .../Remove-ADFineGrainedPasswordPolicy.md | 224 ++ ...move-ADFineGrainedPasswordPolicySubject.md | 298 +++ .../activedirectory/Remove-ADGroup.md | 272 +++ .../activedirectory/Remove-ADGroupMember.md | 382 ++++ .../activedirectory/Remove-ADObject.md | 359 +++ .../Remove-ADOrganizationalUnit.md | 301 +++ .../Remove-ADPrincipalGroupMembership.md | 332 +++ .../Remove-ADReplicationSite.md | 219 ++ .../Remove-ADReplicationSiteLink.md | 207 ++ .../Remove-ADReplicationSiteLinkBridge.md | 190 ++ .../Remove-ADReplicationSubnet.md | 210 ++ .../Remove-ADResourceProperty.md | 197 ++ .../Remove-ADResourcePropertyList.md | 203 ++ .../Remove-ADResourcePropertyListMember.md | 253 +++ .../Remove-ADServiceAccount.md | 257 +++ .../activedirectory/Remove-ADUser.md | 272 +++ .../activedirectory/Rename-ADObject.md | 335 +++ .../Reset-ADServiceAccountPassword.md | 183 ++ .../activedirectory/Restore-ADObject.md | 362 +++ ...Revoke-ADAuthenticationPolicySiloAccess.md | 259 +++ .../activedirectory/Search-ADAccount.md | 604 +++++ .../Set-ADAccountAuthenticationPolicySilo.md | 273 +++ .../activedirectory/Set-ADAccountControl.md | 572 +++++ .../Set-ADAccountExpiration.md | 345 +++ .../activedirectory/Set-ADAccountPassword.md | 359 +++ .../Set-ADAuthenticationPolicy.md | 616 +++++ .../Set-ADAuthenticationPolicySilo.md | 491 ++++ .../Set-ADCentralAccessPolicy.md | 400 ++++ .../Set-ADCentralAccessRule.md | 491 ++++ .../Set-ADClaimTransformLink.md | 277 +++ .../Set-ADClaimTransformPolicy.md | 536 +++++ .../activedirectory/Set-ADClaimType.md | 596 +++++ .../activedirectory/Set-ADComputer.md | 1091 +++++++++ .../Set-ADDefaultDomainPasswordPolicy.md | 484 ++++ .../activedirectory/Set-ADDomain.md | 522 +++++ .../activedirectory/Set-ADDomainMode.md | 272 +++ .../Set-ADFineGrainedPasswordPolicy.md | 736 ++++++ .../activedirectory/Set-ADForest.md | 351 +++ .../activedirectory/Set-ADForestMode.md | 263 +++ .../activedirectory/Set-ADGroup.md | 599 +++++ .../activedirectory/Set-ADObject.md | 603 +++++ .../Set-ADOrganizationalUnit.md | 629 +++++ .../Set-ADReplicationConnection.md | 433 ++++ .../activedirectory/Set-ADReplicationSite.md | 709 ++++++ .../Set-ADReplicationSiteLink.md | 478 ++++ .../Set-ADReplicationSiteLinkBridge.md | 406 ++++ .../Set-ADReplicationSubnet.md | 406 ++++ .../activedirectory/Set-ADResourceProperty.md | 478 ++++ .../Set-ADResourcePropertyList.md | 391 ++++ .../activedirectory/Set-ADServiceAccount.md | 859 +++++++ .../activedirectory/Set-ADUser.md | 1649 ++++++++++++++ .../Show-ADAuthenticationPolicyExpression.md | 245 ++ .../activedirectory/Sync-ADObject.md | 242 ++ .../activedirectory/Test-ADServiceAccount.md | 121 + .../Uninstall-ADServiceAccount.md | 180 ++ .../activedirectory/Unlock-ADAccount.md | 299 +++ .../adcsadministration/ADCSAdministration.md | 56 + .../Add-CAAuthorityInformationAccess.md | 189 ++ .../Add-CACrlDistributionPoint.md | 249 ++ .../adcsadministration/Add-CATemplate.md | 127 ++ .../Backup-CARoleService.md | 195 ++ .../Confirm-CAAttestationIdentityKeyInfo.md | 115 + .../Confirm-CAEndorsementKeyInfo.md | 111 + .../Get-CAAuthorityInformationAccess.md | 62 + .../Get-CACrlDistributionPoint.md | 66 + .../adcsadministration/Get-CATemplate.md | 56 + .../Remove-CAAuthorityInformationAccess.md | 182 ++ .../Remove-CACrlDistributionPoint.md | 223 ++ .../adcsadministration/Remove-CATemplate.md | 147 ++ .../Restore-CARoleService.md | 195 ++ .../adcsdeployment/ADCSDeployment.md | 68 + .../Install-AdcsCertificationAuthority.md | 607 +++++ .../Install-AdcsEnrollmentPolicyWebService.md | 244 ++ .../Install-AdcsEnrollmentWebService.md | 350 +++ ...tall-AdcsNetworkDeviceEnrollmentService.md | 469 ++++ .../Install-AdcsOnlineResponder.md | 151 ++ .../Install-AdcsWebEnrollment.md | 172 ++ .../Uninstall-AdcsCertificationAuthority.md | 112 + ...ninstall-AdcsEnrollmentPolicyWebService.md | 186 ++ .../Uninstall-AdcsEnrollmentWebService.md | 190 ++ ...tall-AdcsNetworkDeviceEnrollmentService.md | 110 + .../Uninstall-AdcsOnlineResponder.md | 108 + .../Uninstall-AdcsWebEnrollment.md | 110 + .../addsdeployment/ADDSDeployment.md | 58 + ...Add-ADDSReadOnlyDomainControllerAccount.md | 324 +++ .../addsdeployment/Install-ADDSDomain.md | 589 +++++ .../Install-ADDSDomainController.md | 741 ++++++ .../addsdeployment/Install-ADDSForest.md | 471 ++++ .../Test-ADDSDomainControllerInstallation.md | 691 ++++++ ...Test-ADDSDomainControllerUninstallation.md | 335 +++ .../Test-ADDSDomainInstallation.md | 536 +++++ .../Test-ADDSForestInstallation.md | 421 ++++ ...ReadOnlyDomainControllerAccountCreation.md | 262 +++ .../Uninstall-ADDSDomainController.md | 380 ++++ docset/winserver2025-ps/adfs/ADFS.md | 527 +++++ .../adfs/Add-AdfsAttributeStore.md | 187 ++ .../adfs/Add-AdfsCertificate.md | 161 ++ .../adfs/Add-AdfsClaimDescription.md | 215 ++ .../adfs/Add-AdfsClaimsProviderTrust.md | 708 ++++++ .../adfs/Add-AdfsClaimsProviderTrustsGroup.md | 215 ++ .../winserver2025-ps/adfs/Add-AdfsClient.md | 332 +++ .../Add-AdfsDeviceRegistrationUpnSuffix.md | 109 + .../winserver2025-ps/adfs/Add-AdfsFarmNode.md | 256 +++ .../adfs/Add-AdfsLocalClaimsProviderTrust.md | 372 +++ .../adfs/Add-AdfsNativeClientApplication.md | 233 ++ ...Add-AdfsNonClaimsAwareRelyingPartyTrust.md | 298 +++ .../adfs/Add-AdfsRelyingPartyTrust.md | 914 ++++++++ .../adfs/Add-AdfsRelyingPartyTrustsGroup.md | 365 +++ .../adfs/Add-AdfsScopeDescription.md | 131 ++ .../adfs/Add-AdfsServerApplication.md | 327 +++ .../adfs/Add-AdfsTrustedFederationPartner.md | 123 + .../adfs/Add-AdfsWebApiApplication.md | 546 +++++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 290 +++ .../adfs/Disable-AdfsApplicationGroup.md | 166 ++ .../adfs/Disable-AdfsCertificateAuthority.md | 94 + .../adfs/Disable-AdfsClaimsProviderTrust.md | 203 ++ .../adfs/Disable-AdfsClient.md | 172 ++ .../adfs/Disable-AdfsDeviceRegistration.md | 84 + .../adfs/Disable-AdfsEndpoint.md | 164 ++ .../Disable-AdfsLocalClaimsProviderTrust.md | 162 ++ ...ble-AdfsNonClaimsAwareRelyingPartyTrust.md | 179 ++ .../adfs/Disable-AdfsRelyingPartyTrust.md | 167 ++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 108 + .../adfs/Enable-AdfsApplicationGroup.md | 166 ++ .../adfs/Enable-AdfsClaimsProviderTrust.md | 202 ++ .../adfs/Enable-AdfsClient.md | 173 ++ .../adfs/Enable-AdfsDeviceRegistration.md | 123 + .../adfs/Enable-AdfsEndpoint.md | 163 ++ .../Enable-AdfsLocalClaimsProviderTrust.md | 162 ++ ...ble-AdfsNonClaimsAwareRelyingPartyTrust.md | 178 ++ .../adfs/Enable-AdfsRelyingPartyTrust.md | 177 ++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 107 + ...AuthenticationProviderConfigurationData.md | 121 + .../adfs/Export-AdfsDeploymentSQLScript.md | 109 + .../adfs/Export-AdfsWebContent.md | 123 + .../adfs/Export-AdfsWebTheme.md | 164 ++ .../adfs/Get-AdfsAccessControlPolicy.md | 75 + .../Get-AdfsAdditionalAuthenticationRule.md | 61 + .../adfs/Get-AdfsApplicationGroup.md | 116 + .../adfs/Get-AdfsApplicationPermission.md | 108 + .../adfs/Get-AdfsAttributeStore.md | 69 + .../adfs/Get-AdfsAuthenticationProvider.md | 101 + ...et-AdfsAuthenticationProviderWebContent.md | 79 + .../adfs/Get-AdfsAzureMfaConfigured.md | 70 + .../adfs/Get-AdfsCertificate.md | 104 + .../adfs/Get-AdfsCertificateAuthority.md | 47 + .../adfs/Get-AdfsClaimDescription.md | 120 + .../adfs/Get-AdfsClaimsProviderTrust.md | 128 ++ .../adfs/Get-AdfsClaimsProviderTrustsGroup.md | 58 + .../winserver2025-ps/adfs/Get-AdfsClient.md | 176 ++ .../adfs/Get-AdfsDeviceRegistration.md | 71 + .../Get-AdfsDeviceRegistrationUpnSuffix.md | 60 + .../winserver2025-ps/adfs/Get-AdfsEndpoint.md | 110 + .../adfs/Get-AdfsFarmInformation.md | 79 + .../Get-AdfsGlobalAuthenticationPolicy.md | 57 + .../adfs/Get-AdfsGlobalWebContent.md | 118 + .../adfs/Get-AdfsLocalClaimsProviderTrust.md | 86 + .../adfs/Get-AdfsNativeClientApplication.md | 157 ++ ...Get-AdfsNonClaimsAwareRelyingPartyTrust.md | 131 ++ .../adfs/Get-AdfsProperties.md | 217 ++ .../adfs/Get-AdfsRegistrationHosts.md | 58 + .../adfs/Get-AdfsRelyingPartyTrust.md | 141 ++ .../adfs/Get-AdfsRelyingPartyTrustsGroup.md | 58 + .../adfs/Get-AdfsRelyingPartyWebContent.md | 108 + .../adfs/Get-AdfsRelyingPartyWebTheme.md | 65 + .../adfs/Get-AdfsScopeDescription.md | 68 + .../adfs/Get-AdfsServerApplication.md | 186 ++ .../adfs/Get-AdfsSslCertificate.md | 54 + .../adfs/Get-AdfsSyncProperties.md | 50 + .../adfs/Get-AdfsTrustedFederationPartner.md | 81 + .../adfs/Get-AdfsWebApiApplication.md | 176 ++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 84 + .../adfs/Get-AdfsWebConfig.md | 66 + .../winserver2025-ps/adfs/Get-AdfsWebTheme.md | 110 + .../adfs/Grant-AdfsApplicationPermission.md | 188 ++ ...AuthenticationProviderConfigurationData.md | 118 + .../adfs/Import-AdfsWebContent.md | 123 + .../adfs/Initialize-ADDeviceRegistration.md | 192 ++ .../winserver2025-ps/adfs/Install-AdfsFarm.md | 385 ++++ .../adfs/Invoke-AdfsFarmBehaviorLevelRaise.md | 184 ++ .../adfs/New-AdfsAccessControlPolicy.md | 241 ++ .../adfs/New-AdfsApplicationGroup.md | 165 ++ .../adfs/New-AdfsAzureMfaTenantCertificate.md | 134 ++ .../adfs/New-AdfsClaimRuleSet.md | 111 + .../adfs/New-AdfsContactPerson.md | 135 ++ .../New-AdfsLdapAttributeToClaimMapping.md | 82 + .../adfs/New-AdfsLdapServerConnection.md | 142 ++ .../adfs/New-AdfsOrganization.md | 101 + .../adfs/New-AdfsSamlEndpoint.md | 162 ++ .../winserver2025-ps/adfs/New-AdfsWebTheme.md | 263 +++ .../adfs/Publish-SslCertificate.md | 90 + .../Register-AdfsAuthenticationProvider.md | 106 + .../adfs/Remove-AdfsAccessControlPolicy.md | 133 ++ .../adfs/Remove-AdfsApplicationGroup.md | 166 ++ .../adfs/Remove-AdfsAttributeStore.md | 147 ++ ...ve-AdfsAuthenticationProviderWebContent.md | 136 ++ .../adfs/Remove-AdfsCertificate.md | 155 ++ .../adfs/Remove-AdfsClaimDescription.md | 193 ++ .../adfs/Remove-AdfsClaimsProviderTrust.md | 203 ++ .../Remove-AdfsClaimsProviderTrustsGroup.md | 89 + .../adfs/Remove-AdfsClient.md | 172 ++ .../Remove-AdfsDeviceRegistrationUpnSuffix.md | 121 + .../adfs/Remove-AdfsFarmNode.md | 91 + .../adfs/Remove-AdfsGlobalWebContent.md | 131 ++ .../Remove-AdfsLocalClaimsProviderTrust.md | 162 ++ .../Remove-AdfsNativeClientApplication.md | 162 ++ ...ove-AdfsNonClaimsAwareRelyingPartyTrust.md | 158 ++ .../adfs/Remove-AdfsRelyingPartyTrust.md | 177 ++ .../Remove-AdfsRelyingPartyTrustsGroup.md | 89 + .../adfs/Remove-AdfsRelyingPartyWebContent.md | 145 ++ .../adfs/Remove-AdfsRelyingPartyWebTheme.md | 118 + .../adfs/Remove-AdfsScopeDescription.md | 120 + .../adfs/Remove-AdfsServerApplication.md | 149 ++ .../Remove-AdfsTrustedFederationPartner.md | 151 ++ .../adfs/Remove-AdfsWebApiApplication.md | 161 ++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 93 + .../adfs/Remove-AdfsWebTheme.md | 135 ++ .../adfs/Restore-AdfsFarmBehaviorLevel.md | 139 ++ .../adfs/Revoke-AdfsApplicationPermission.md | 150 ++ .../adfs/Revoke-AdfsProxyTrust.md | 84 + .../adfs/Set-AdfsAccessControlPolicy.md | 227 ++ .../Set-AdfsAdditionalAuthenticationRule.md | 141 ++ .../adfs/Set-AdfsAlternateTlsClientBinding.md | 130 ++ .../adfs/Set-AdfsApplicationGroup.md | 214 ++ .../adfs/Set-AdfsApplicationPermission.md | 246 ++ .../adfs/Set-AdfsAttributeStore.md | 169 ++ ...et-AdfsAuthenticationProviderWebContent.md | 204 ++ .../adfs/Set-AdfsAzureMfaTenant.md | 124 + .../adfs/Set-AdfsCertSharingContainer.md | 107 + .../adfs/Set-AdfsCertificate.md | 165 ++ .../adfs/Set-AdfsCertificateAuthority.md | 265 +++ .../adfs/Set-AdfsClaimDescription.md | 307 +++ .../adfs/Set-AdfsClaimsProviderTrust.md | 809 +++++++ .../winserver2025-ps/adfs/Set-AdfsClient.md | 419 ++++ .../adfs/Set-AdfsDeviceRegistration.md | 326 +++ .../Set-AdfsDeviceRegistrationUpnSuffix.md | 114 + .../winserver2025-ps/adfs/Set-AdfsEndpoint.md | 184 ++ .../adfs/Set-AdfsFarmInformation.md | 94 + .../Set-AdfsGlobalAuthenticationPolicy.md | 242 ++ .../adfs/Set-AdfsGlobalWebContent.md | 508 +++++ .../adfs/Set-AdfsLocalClaimsProviderTrust.md | 251 ++ .../adfs/Set-AdfsNativeClientApplication.md | 255 +++ ...Set-AdfsNonClaimsAwareRelyingPartyTrust.md | 346 +++ .../adfs/Set-AdfsProperties.md | 1223 ++++++++++ .../adfs/Set-AdfsRegistrationHosts.md | 102 + .../adfs/Set-AdfsRelyingPartyTrust.md | 962 ++++++++ .../adfs/Set-AdfsRelyingPartyWebContent.md | 468 ++++ .../adfs/Set-AdfsRelyingPartyWebTheme.md | 258 +++ .../adfs/Set-AdfsScopeDescription.md | 142 ++ .../adfs/Set-AdfsServerApplication.md | 381 ++++ .../adfs/Set-AdfsSslCertificate.md | 115 + .../adfs/Set-AdfsSyncProperties.md | 132 ++ .../adfs/Set-AdfsTrustedFederationPartner.md | 182 ++ .../adfs/Set-AdfsWebApiApplication.md | 574 +++++ ...dfsWebApplicationProxyRelyingPartyTrust.md | 331 +++ .../adfs/Set-AdfsWebConfig.md | 209 ++ .../winserver2025-ps/adfs/Set-AdfsWebTheme.md | 288 +++ .../adfs/Test-AdfsFarmBehaviorLevelRaise.md | 139 ++ .../adfs/Test-AdfsFarmBehaviorLevelRestore.md | 108 + .../adfs/Test-AdfsFarmInstallation.md | 334 +++ .../adfs/Test-AdfsFarmJoin.md | 223 ++ .../Unregister-AdfsAuthenticationProvider.md | 99 + .../adfs/Update-AdfsCertificate.md | 147 ++ .../adfs/Update-AdfsClaimsProviderTrust.md | 210 ++ .../adfs/Update-AdfsRelyingPartyTrust.md | 196 ++ docset/winserver2025-ps/adrms/ADRMS.md | 26 + .../winserver2025-ps/adrms/Install-ADRMS.md | 160 ++ .../winserver2025-ps/adrms/Uninstall-ADRMS.md | 140 ++ docset/winserver2025-ps/adrms/Update-ADRMS.md | 190 ++ .../winserver2025-ps/adrmsadmin/ADRMSAdmin.md | 80 + .../Export-RmsReportDefinitionLanguage.md | 147 ++ .../adrmsadmin/Export-RmsTPD.md | 188 ++ .../adrmsadmin/Export-RmsTUD.md | 135 ++ .../adrmsadmin/Get-RmsCertChain.md | 130 ++ .../adrmsadmin/Get-RmsCertInfo.md | 133 ++ .../adrmsadmin/Get-RmsChildCert.md | 216 ++ .../adrmsadmin/Get-RmsEncryptedIL.md | 130 ++ .../adrmsadmin/Get-RmsRequestInfo.md | 127 ++ .../adrmsadmin/Get-RmsSvcAccount.md | 102 + .../adrmsadmin/Get-RmsSystemHealthReport.md | 267 +++ .../adrmsadmin/Get-RmsUserRequestReport.md | 221 ++ .../adrmsadmin/Import-RmsTPD.md | 189 ++ .../adrmsadmin/Import-RmsTUD.md | 195 ++ .../adrmsadmin/Initialize-RmsCryptoMode2.md | 188 ++ .../adrmsadmin/Install-RmsMfgEnrollment.md | 138 ++ .../adrmsadmin/Install-RmsMfgSupport.md | 117 + .../adrmsadmin/Set-RmsSvcAccount.md | 166 ++ .../adrmsadmin/Uninstall-RmsMfgEnrollment.md | 138 ++ .../adrmsadmin/Uninstall-RmsMfgSupport.md | 101 + .../adrmsadmin/Update-RmsCluster.md | 119 + .../adrmsadmin/Update-RmsMfgEnrollment.md | 206 ++ .../appbackgroundtask/AppBackgroundTask.md | 36 + .../Disable-AppBackgroundTaskDiagnosticLog.md | 80 + .../Enable-AppBackgroundTaskDiagnosticLog.md | 80 + .../Get-AppBackgroundTask.md | 155 ++ .../Set-AppBackgroundTaskResourcePolicy.md | 106 + .../Start-AppBackgroundTask.md | 156 ++ .../Unregister-AppBackgroundTask.md | 156 ++ .../winserver2025-ps/applocker/AppLocker.md | 33 + .../applocker/Get-AppLockerFileInformation.md | 301 +++ .../applocker/Get-AppLockerPolicy.md | 177 ++ .../applocker/New-AppLockerPolicy.md | 267 +++ .../applocker/Set-AppLockerPolicy.md | 183 ++ .../applocker/Test-AppLockerPolicy.md | 205 ++ .../Add-AppvClientConnectionGroup.md | 80 + .../appvclient/Add-AppvClientPackage.md | 121 + .../appvclient/Add-AppvPublishingServer.md | 211 ++ .../winserver2025-ps/appvclient/AppvClient.md | 116 + .../appvclient/Disable-Appv.md | 53 + .../Disable-AppvClientConnectionGroup.md | 186 ++ .../appvclient/Enable-Appv.md | 53 + .../Enable-AppvClientConnectionGroup.md | 186 ++ .../appvclient/Get-AppvClientApplication.md | 104 + .../appvclient/Get-AppvClientConfiguration.md | 80 + .../Get-AppvClientConnectionGroup.md | 144 ++ .../appvclient/Get-AppvClientMode.md | 46 + .../appvclient/Get-AppvClientPackage.md | 168 ++ .../appvclient/Get-AppvPublishingServer.md | 117 + .../appvclient/Get-AppvStatus.md | 51 + .../appvclient/Get-AppvVirtualProcess.md | 169 ++ .../Mount-AppvClientConnectionGroup.md | 151 ++ .../appvclient/Mount-AppvClientPackage.md | 202 ++ .../appvclient/Publish-AppvClientPackage.md | 254 +++ .../Remove-AppvClientConnectionGroup.md | 153 ++ .../appvclient/Remove-AppvClientPackage.md | 163 ++ .../appvclient/Remove-AppvPublishingServer.md | 137 ++ .../Repair-AppvClientConnectionGroup.md | 198 ++ .../appvclient/Repair-AppvClientPackage.md | 215 ++ .../appvclient/Send-AppvClientReport.md | 133 ++ .../appvclient/Set-AppvClientConfiguration.md | 549 +++++ .../appvclient/Set-AppvClientMode.md | 82 + .../appvclient/Set-AppvClientPackage.md | 207 ++ .../appvclient/Set-AppvPublishingServer.md | 224 ++ .../appvclient/Start-AppvVirtualProcess.md | 318 +++ .../Stop-AppvClientConnectionGroup.md | 168 ++ .../appvclient/Stop-AppvClientPackage.md | 182 ++ .../appvclient/Sync-AppvPublishingServer.md | 193 ++ .../appvclient/Unpublish-AppvClientPackage.md | 202 ++ .../appvsequencer/AppvSequencer.md | 29 + .../Expand-AppvSequencerPackage.md | 68 + .../New-AppvPackageAccelerator.md | 144 ++ .../appvsequencer/New-AppvSequencerPackage.md | 242 ++ .../Update-AppvSequencerPackage.md | 167 ++ .../appx/Add-AppSharedPackageContainer.md | 122 + .../winserver2025-ps/appx/Add-AppxPackage.md | 688 ++++++ .../winserver2025-ps/appx/Add-AppxVolume.md | 115 + docset/winserver2025-ps/appx/Appx.md | 109 + .../appx/Dismount-AppxVolume.md | 116 + .../appx/Get-AppSharedPackageContainer.md | 114 + .../appx/Get-AppxDefaultVolume.md | 57 + .../appx/Get-AppxLastError.md | 67 + docset/winserver2025-ps/appx/Get-AppxLog.md | 126 + .../winserver2025-ps/appx/Get-AppxPackage.md | 220 ++ .../appx/Get-AppxPackageAutoUpdateSettings.md | 148 ++ .../appx/Get-AppxPackageManifest.md | 129 ++ .../winserver2025-ps/appx/Get-AppxVolume.md | 161 ++ .../appx/Invoke-CommandInDesktopPackage.md | 174 ++ .../winserver2025-ps/appx/Mount-AppxVolume.md | 116 + .../winserver2025-ps/appx/Move-AppxPackage.md | 140 ++ .../appx/Remove-AppSharedPackageContainer.md | 103 + .../appx/Remove-AppxPackage.md | 214 ++ .../Remove-AppxPackageAutoUpdateSettings.md | 123 + .../appx/Remove-AppxVolume.md | 117 + .../appx/Reset-AppSharedPackageContainer.md | 121 + .../appx/Reset-AppxPackage.md | 126 + .../appx/Set-AppxDefaultVolume.md | 112 + .../appx/Set-AppxPackageAutoUpdateSettings.md | 395 ++++ .../assignedaccess/AssignedAccess.md | 28 + .../assignedaccess/Clear-AssignedAccess.md | 91 + .../assignedaccess/Get-AssignedAccess.md | 63 + .../assignedaccess/Set-AssignedAccess.md | 183 ++ .../bestpractices/BestPractices.md | 29 + .../bestpractices/Get-BpaModel.md | 139 ++ .../bestpractices/Get-BpaResult.md | 214 ++ .../bestpractices/Invoke-BpaModel.md | 317 +++ .../bestpractices/Set-BpaResult.md | 135 ++ .../bitlocker/Add-BitLockerKeyProtector.md | 474 ++++ .../bitlocker/Backup-BitLockerKeyProtector.md | 144 ++ .../BackupToAAD-BitLockerKeyProtector.md | 121 + .../winserver2025-ps/bitlocker/BitLocker.md | 59 + .../bitlocker/Clear-BitLockerAutoUnlock.md | 66 + .../bitlocker/Disable-BitLocker.md | 131 ++ .../bitlocker/Disable-BitLockerAutoUnlock.md | 114 + .../bitlocker/Enable-BitLocker.md | 620 +++++ .../bitlocker/Enable-BitLockerAutoUnlock.md | 109 + .../bitlocker/Get-BitLockerVolume.md | 136 ++ .../bitlocker/Lock-BitLocker.md | 133 ++ .../bitlocker/Remove-BitLockerKeyProtector.md | 155 ++ .../bitlocker/Resume-BitLocker.md | 125 + .../bitlocker/Suspend-BitLocker.md | 144 ++ .../bitlocker/Unlock-BitLocker.md | 206 ++ .../bitstransfer/Add-BitsFile.md | 205 ++ .../bitstransfer/BitsTransfer.md | 41 + .../bitstransfer/Complete-BitsTransfer.md | 139 ++ .../bitstransfer/Get-BitsTransfer.md | 180 ++ .../bitstransfer/Remove-BitsTransfer.md | 138 ++ .../bitstransfer/Resume-BitsTransfer.md | 177 ++ .../bitstransfer/Set-BitsTransfer.md | 753 ++++++ .../bitstransfer/Start-BitsTransfer.md | 923 ++++++++ .../bitstransfer/Suspend-BitsTransfer.md | 130 ++ .../booteventcollector/BootEventCollector.md | 114 + .../Checkpoint-SbecActiveConfig.md | 190 ++ .../Clear-SbecProviderCache.md | 48 + .../Disable-SbecAutologger.md | 258 +++ .../booteventcollector/Disable-SbecBcd.md | 220 ++ .../Enable-SbecAutologger.md | 310 +++ .../booteventcollector/Enable-SbecBcd.md | 311 +++ .../Enable-SbecBootImage.md | 146 ++ .../booteventcollector/Enable-SbecWdsBcd.md | 212 ++ .../Get-SbecActiveConfig.md | 132 ++ .../Get-SbecBackupConfig.md | 143 ++ .../booteventcollector/Get-SbecDestination.md | 118 + .../booteventcollector/Get-SbecForwarding.md | 108 + .../booteventcollector/Get-SbecHistory.md | 117 + .../Get-SbecLocalizedMessage.md | 67 + .../booteventcollector/Get-SbecLogSession.md | 107 + .../Get-SbecTraceProviders.md | 71 + .../New-SbecUnattendFragment.md | 225 ++ .../Redo-SbecActiveConfig.md | 180 ++ .../Restore-SbecBackupConfig.md | 269 +++ .../booteventcollector/Save-SbecInstance.md | 95 + .../booteventcollector/Save-SbecLogSession.md | 94 + .../Set-SbecActiveConfig.md | 218 ++ .../booteventcollector/Set-SbecLogSession.md | 358 +++ .../booteventcollector/Start-SbecInstance.md | 91 + .../Start-SbecLogSession.md | 439 ++++ .../Start-SbecNtKernelLogSession.md | 206 ++ .../Start-SbecSimpleLogSession.md | 368 +++ .../booteventcollector/Stop-SbecInstance.md | 168 ++ .../booteventcollector/Stop-SbecLogSession.md | 93 + .../Test-SbecActiveConfig.md | 132 ++ .../booteventcollector/Test-SbecConfig.md | 174 ++ .../Undo-SbecActiveConfig.md | 177 ++ .../branchcache/Add-BCDataCacheExtension.md | 236 ++ .../branchcache/BranchCache.md | 114 + .../branchcache/Clear-BCCache.md | 155 ++ .../branchcache/Disable-BC.md | 155 ++ .../branchcache/Disable-BCDowngrading.md | 156 ++ .../branchcache/Disable-BCServeOnBattery.md | 155 ++ .../branchcache/Enable-BCDistributed.md | 157 ++ .../branchcache/Enable-BCDowngrading.md | 174 ++ .../branchcache/Enable-BCHostedClient.md | 233 ++ .../branchcache/Enable-BCHostedServer.md | 169 ++ .../branchcache/Enable-BCLocal.md | 158 ++ .../branchcache/Enable-BCServeOnBattery.md | 155 ++ .../branchcache/Export-BCCachePackage.md | 228 ++ .../branchcache/Export-BCSecretKey.md | 187 ++ .../branchcache/Get-BCClientConfiguration.md | 112 + .../Get-BCContentServerConfiguration.md | 113 + .../branchcache/Get-BCDataCache.md | 112 + .../branchcache/Get-BCDataCacheExtension.md | 113 + .../branchcache/Get-BCHashCache.md | 112 + .../Get-BCHostedCacheServerConfiguration.md | 113 + .../branchcache/Get-BCNetworkConfiguration.md | 110 + .../branchcache/Get-BCStatus.md | 109 + .../branchcache/Import-BCCachePackage.md | 177 ++ .../branchcache/Import-BCSecretKey.md | 193 ++ .../branchcache/Publish-BCFileContent.md | 260 +++ .../branchcache/Publish-BCWebContent.md | 261 +++ .../Remove-BCDataCacheExtension.md | 202 ++ .../winserver2025-ps/branchcache/Reset-BC.md | 185 ++ .../branchcache/Set-BCAuthentication.md | 175 ++ .../branchcache/Set-BCCache.md | 290 +++ .../branchcache/Set-BCDataCacheEntryMaxAge.md | 173 ++ .../branchcache/Set-BCMinSMBLatency.md | 185 ++ .../branchcache/Set-BCSecretKey.md | 176 ++ .../Add-CauClusterRole.md | 784 +++++++ .../ClusterAwareUpdating.md | 74 + .../Disable-CauClusterRole.md | 152 ++ .../Enable-CauClusterRole.md | 154 ++ .../clusterawareupdating/Export-CauReport.md | 203 ++ .../Get-CauClusterRole.md | 101 + .../clusterawareupdating/Get-CauPlugin.md | 87 + .../clusterawareupdating/Get-CauReport.md | 226 ++ .../clusterawareupdating/Get-CauRun.md | 192 ++ .../clusterawareupdating/Invoke-CauRun.md | 670 ++++++ .../clusterawareupdating/Invoke-CauScan.md | 261 +++ .../Register-CauPlugin.md | 121 + .../Remove-CauClusterRole.md | 158 ++ .../Save-CauDebugTrace.md | 149 ++ .../Set-CauClusterRole.md | 799 +++++++ .../clusterawareupdating/Stop-CauRun.md | 132 ++ .../clusterawareupdating/Test-CauSetup.md | 96 + .../Unregister-CauPlugin.md | 112 + .../configci/Add-SignerRule.md | 189 ++ docset/winserver2025-ps/configci/ConfigCI.md | 66 + .../configci/ConvertFrom-CIPolicy.md | 85 + .../configci/Edit-CIPolicyRule.md | 269 +++ .../winserver2025-ps/configci/Get-CIPolicy.md | 106 + .../configci/Get-CIPolicyIdInfo.md | 82 + .../configci/Get-CIPolicyInfo.md | 41 + .../configci/Get-SystemDriver.md | 249 ++ .../configci/Merge-CIPolicy.md | 171 ++ .../winserver2025-ps/configci/New-CIPolicy.md | 676 ++++++ .../configci/New-CIPolicyRule.md | 494 ++++ .../configci/Remove-CIPolicyRule.md | 73 + .../configci/Set-CIPolicyIdInfo.md | 155 ++ .../configci/Set-CIPolicySetting.md | 181 ++ .../configci/Set-CIPolicyVersion.md | 93 + .../configci/Set-HVCIOptions.md | 160 ++ .../configci/Set-RuleOption.md | 158 ++ docset/winserver2025-ps/dcbqos/DcbQoS.md | 59 + .../dcbqos/Disable-NetQosFlowControl.md | 233 ++ .../dcbqos/Enable-NetQosFlowControl.md | 238 ++ .../dcbqos/Get-NetQosDcbxSetting.md | 155 ++ .../dcbqos/Get-NetQosFlowControl.md | 180 ++ .../dcbqos/Get-NetQosTrafficClass.md | 173 ++ .../dcbqos/New-NetQosTrafficClass.md | 246 ++ .../dcbqos/Remove-NetQosTrafficClass.md | 239 ++ .../dcbqos/Set-NetQosDcbxSetting.md | 245 ++ .../dcbqos/Set-NetQosFlowControl.md | 266 +++ .../dcbqos/Set-NetQosTrafficClass.md | 299 +++ .../dcbqos/Switch-NetQosDcbxSetting.md | 170 ++ .../dcbqos/Switch-NetQosFlowControl.md | 170 ++ .../dcbqos/Switch-NetQosTrafficClass.md | 170 ++ .../deduplication/Deduplication.md | 84 + .../deduplication/Disable-DedupVolume.md | 197 ++ .../deduplication/Enable-DedupVolume.md | 226 ++ .../deduplication/Expand-DedupFile.md | 147 ++ .../deduplication/Get-DedupJob.md | 182 ++ .../deduplication/Get-DedupMetadata.md | 183 ++ .../deduplication/Get-DedupSchedule.md | 198 ++ .../deduplication/Get-DedupStatus.md | 156 ++ .../deduplication/Get-DedupVolume.md | 195 ++ .../Measure-DedupFileMetadata.md | 140 ++ .../deduplication/New-DedupSchedule.md | 511 +++++ .../deduplication/Remove-DedupSchedule.md | 202 ++ .../deduplication/Set-DedupSchedule.md | 528 +++++ .../deduplication/Set-DedupVolume.md | 503 ++++ .../deduplication/Start-DedupJob.md | 407 ++++ .../deduplication/Stop-DedupJob.md | 251 ++ .../deduplication/Update-DedupStatus.md | 191 ++ .../defender/Add-MpPreference.md | 358 +++ docset/winserver2025-ps/defender/Defender.md | 70 + .../defender/Get-MpComputerStatus.md | 149 ++ .../defender/Get-MpPreference.md | 128 ++ .../winserver2025-ps/defender/Get-MpThreat.md | 149 ++ .../defender/Get-MpThreatCatalog.md | 148 ++ .../defender/Get-MpThreatDetection.md | 176 ++ .../defender/Remove-MpPreference.md | 1637 +++++++++++++ .../defender/Remove-MpThreat.md | 108 + .../defender/Set-MpPreference.md | 2018 +++++++++++++++++ .../winserver2025-ps/defender/Start-MpScan.md | 141 ++ .../defender/Start-MpWDOScan.md | 103 + .../defender/Update-MpSignature.md | 138 ++ .../Backup-DHASConfiguration.md | 83 + .../DeviceHealthAttestation.md | 62 + .../Get-DHASActiveEncryptionCertificate.md | 53 + .../Get-DHASActiveSigningCertificate.md | 53 + .../Get-DHASCertificateChainPolicy.md | 63 + .../Get-DHASInactiveEncryptionCertificate.md | 53 + .../Get-DHASInactiveSigningCertificate.md | 50 + .../Install-DeviceHealthAttestation.md | 225 ++ ...emove-DHASInactiveEncryptionCertificate.md | 112 + .../Remove-DHASInactiveSigningCertificate.md | 114 + .../Restore-DHASConfiguration.md | 105 + .../Set-DHASActiveEncryptionCertificate.md | 116 + .../Set-DHASActiveSigningCertificate.md | 116 + .../Set-DHASCertificateChainPolicy.md | 203 ++ .../Set-DHASSupportedAuthenticationSchema.md | 117 + .../Uninstall-DeviceHealthAttestation.md | 117 + docset/winserver2025-ps/dfsn/DFSN.md | 111 + .../winserver2025-ps/dfsn/Get-DfsnAccess.md | 152 ++ .../winserver2025-ps/dfsn/Get-DfsnFolder.md | 161 ++ .../dfsn/Get-DfsnFolderTarget.md | 174 ++ docset/winserver2025-ps/dfsn/Get-DfsnRoot.md | 218 ++ .../dfsn/Get-DfsnRootTarget.md | 175 ++ .../dfsn/Get-DfsnServerConfiguration.md | 152 ++ .../winserver2025-ps/dfsn/Grant-DfsnAccess.md | 211 ++ .../winserver2025-ps/dfsn/Move-DfsnFolder.md | 225 ++ .../winserver2025-ps/dfsn/New-DfsnFolder.md | 393 ++++ .../dfsn/New-DfsnFolderTarget.md | 280 +++ docset/winserver2025-ps/dfsn/New-DfsnRoot.md | 499 ++++ .../dfsn/New-DfsnRootTarget.md | 273 +++ .../dfsn/Remove-DfsnAccess.md | 200 ++ .../dfsn/Remove-DfsnFolder.md | 205 ++ .../dfsn/Remove-DfsnFolderTarget.md | 221 ++ .../winserver2025-ps/dfsn/Remove-DfsnRoot.md | 205 ++ .../dfsn/Remove-DfsnRootTarget.md | 220 ++ .../dfsn/Revoke-DfsnAccess.md | 211 ++ .../winserver2025-ps/dfsn/Set-DfsnFolder.md | 296 +++ .../dfsn/Set-DfsnFolderTarget.md | 283 +++ docset/winserver2025-ps/dfsn/Set-DfsnRoot.md | 391 ++++ .../dfsn/Set-DfsnRootTarget.md | 280 +++ .../dfsn/Set-DfsnServerConfiguration.md | 303 +++ .../dfsr/Add-DfsrConnection.md | 376 +++ .../winserver2025-ps/dfsr/Add-DfsrMember.md | 223 ++ .../dfsr/ConvertFrom-DfsrGuid.md | 130 ++ docset/winserver2025-ps/dfsr/DFSR.md | 152 ++ .../winserver2025-ps/dfsr/Export-DfsrClone.md | 271 +++ .../dfsr/Get-DfsReplicatedFolder.md | 119 + .../dfsr/Get-DfsReplicationGroup.md | 146 ++ .../winserver2025-ps/dfsr/Get-DfsrBacklog.md | 210 ++ .../dfsr/Get-DfsrCloneState.md | 97 + .../dfsr/Get-DfsrConnection.md | 137 ++ .../dfsr/Get-DfsrConnectionSchedule.md | 159 ++ .../dfsr/Get-DfsrDelegation.md | 102 + .../winserver2025-ps/dfsr/Get-DfsrFileHash.md | 164 ++ .../dfsr/Get-DfsrGroupSchedule.md | 101 + .../winserver2025-ps/dfsr/Get-DfsrIdRecord.md | 125 + .../winserver2025-ps/dfsr/Get-DfsrMember.md | 123 + .../dfsr/Get-DfsrMembership.md | 152 ++ .../dfsr/Get-DfsrPreservedFiles.md | 163 ++ .../dfsr/Get-DfsrServiceConfiguration.md | 84 + docset/winserver2025-ps/dfsr/Get-DfsrState.md | 85 + .../dfsr/Grant-DfsrDelegation.md | 151 ++ .../winserver2025-ps/dfsr/Import-DfsrClone.md | 216 ++ .../dfsr/New-DfsReplicatedFolder.md | 331 +++ .../dfsr/New-DfsReplicationGroup.md | 200 ++ .../dfsr/Remove-DfsReplicatedFolder.md | 169 ++ .../dfsr/Remove-DfsReplicationGroup.md | 175 ++ .../dfsr/Remove-DfsrConnection.md | 184 ++ .../dfsr/Remove-DfsrMember.md | 170 ++ .../dfsr/Remove-DfsrPropagationTestFile.md | 194 ++ .../dfsr/Reset-DfsrCloneState.md | 103 + .../dfsr/Restore-DfsrPreservedFiles.md | 276 +++ .../dfsr/Revoke-DfsrDelegation.md | 164 ++ .../dfsr/Set-DfsReplicatedFolder.md | 257 +++ .../dfsr/Set-DfsReplicationGroup.md | 147 ++ .../dfsr/Set-DfsrConnection.md | 271 +++ .../dfsr/Set-DfsrConnectionSchedule.md | 310 +++ .../dfsr/Set-DfsrGroupSchedule.md | 256 +++ .../winserver2025-ps/dfsr/Set-DfsrMember.md | 169 ++ .../dfsr/Set-DfsrMembership.md | 500 ++++ .../dfsr/Set-DfsrServiceConfiguration.md | 388 ++++ .../dfsr/Start-DfsrPropagationTest.md | 179 ++ .../dfsr/Suspend-DfsReplicationGroup.md | 169 ++ .../dfsr/Sync-DfsReplicationGroup.md | 169 ++ .../dfsr/Update-DfsrConfigurationFromAD.md | 84 + .../dfsr/Write-DfsrHealthReport.md | 197 ++ .../dfsr/Write-DfsrPropagationReport.md | 215 ++ .../dhcpserver/Add-DhcpServerInDC.md | 239 ++ .../dhcpserver/Add-DhcpServerSecurityGroup.md | 149 ++ .../dhcpserver/Add-DhcpServerv4Class.md | 249 ++ .../Add-DhcpServerv4ExclusionRange.md | 232 ++ .../dhcpserver/Add-DhcpServerv4Failover.md | 419 ++++ .../Add-DhcpServerv4FailoverScope.md | 215 ++ .../dhcpserver/Add-DhcpServerv4Filter.md | 274 +++ .../dhcpserver/Add-DhcpServerv4Lease.md | 431 ++++ ...Add-DhcpServerv4MulticastExclusionRange.md | 217 ++ .../Add-DhcpServerv4MulticastScope.md | 318 +++ .../Add-DhcpServerv4OptionDefinition.md | 320 +++ .../dhcpserver/Add-DhcpServerv4Policy.md | 611 +++++ .../Add-DhcpServerv4PolicyIPRange.md | 250 ++ .../dhcpserver/Add-DhcpServerv4Reservation.md | 321 +++ .../dhcpserver/Add-DhcpServerv4Scope.md | 422 ++++ .../dhcpserver/Add-DhcpServerv4Superscope.md | 239 ++ .../dhcpserver/Add-DhcpServerv6Class.md | 270 +++ .../Add-DhcpServerv6ExclusionRange.md | 230 ++ .../dhcpserver/Add-DhcpServerv6Lease.md | 287 +++ .../Add-DhcpServerv6OptionDefinition.md | 309 +++ .../dhcpserver/Add-DhcpServerv6Reservation.md | 306 +++ .../dhcpserver/Add-DhcpServerv6Scope.md | 342 +++ .../dhcpserver/Backup-DhcpServer.md | 173 ++ .../winserver2025-ps/dhcpserver/DhcpServer.md | 380 ++++ .../dhcpserver/Export-DhcpServer.md | 260 +++ .../dhcpserver/Get-DhcpServerAuditLog.md | 125 + .../dhcpserver/Get-DhcpServerDatabase.md | 125 + .../dhcpserver/Get-DhcpServerDnsCredential.md | 124 + .../dhcpserver/Get-DhcpServerInDC.md | 112 + .../dhcpserver/Get-DhcpServerSetting.md | 133 ++ .../dhcpserver/Get-DhcpServerVersion.md | 128 ++ .../dhcpserver/Get-DhcpServerv4Binding.md | 125 + .../dhcpserver/Get-DhcpServerv4Class.md | 181 ++ .../dhcpserver/Get-DhcpServerv4DnsSetting.md | 196 ++ .../Get-DhcpServerv4ExclusionRange.md | 152 ++ .../dhcpserver/Get-DhcpServerv4Failover.md | 194 ++ .../dhcpserver/Get-DhcpServerv4Filter.md | 150 ++ .../dhcpserver/Get-DhcpServerv4FilterList.md | 125 + .../Get-DhcpServerv4FreeIPAddress.md | 217 ++ .../dhcpserver/Get-DhcpServerv4Lease.md | 287 +++ ...Get-DhcpServerv4MulticastExclusionRange.md | 146 ++ .../Get-DhcpServerv4MulticastLease.md | 136 ++ .../Get-DhcpServerv4MulticastScope.md | 150 ++ ...et-DhcpServerv4MulticastScopeStatistics.md | 144 ++ .../Get-DhcpServerv4OptionDefinition.md | 207 ++ .../dhcpserver/Get-DhcpServerv4OptionValue.md | 352 +++ .../dhcpserver/Get-DhcpServerv4Policy.md | 187 ++ .../Get-DhcpServerv4PolicyIPRange.md | 171 ++ .../dhcpserver/Get-DhcpServerv4Reservation.md | 219 ++ .../dhcpserver/Get-DhcpServerv4Scope.md | 156 ++ .../Get-DhcpServerv4ScopeStatistics.md | 192 ++ .../dhcpserver/Get-DhcpServerv4Statistics.md | 125 + .../dhcpserver/Get-DhcpServerv4Superscope.md | 152 ++ .../Get-DhcpServerv4SuperscopeStatistics.md | 175 ++ .../dhcpserver/Get-DhcpServerv6Binding.md | 125 + .../dhcpserver/Get-DhcpServerv6Class.md | 183 ++ .../dhcpserver/Get-DhcpServerv6DnsSetting.md | 180 ++ .../Get-DhcpServerv6ExclusionRange.md | 151 ++ .../Get-DhcpServerv6FreeIPAddress.md | 216 ++ .../dhcpserver/Get-DhcpServerv6Lease.md | 181 ++ .../Get-DhcpServerv6OptionDefinition.md | 196 ++ .../dhcpserver/Get-DhcpServerv6OptionValue.md | 319 +++ .../dhcpserver/Get-DhcpServerv6Reservation.md | 185 ++ .../dhcpserver/Get-DhcpServerv6Scope.md | 155 ++ .../Get-DhcpServerv6ScopeStatistics.md | 156 ++ .../Get-DhcpServerv6StatelessStatistics.md | 127 ++ .../Get-DhcpServerv6StatelessStore.md | 150 ++ .../dhcpserver/Get-DhcpServerv6Statistics.md | 124 + .../dhcpserver/Import-DhcpServer.md | 359 +++ .../Invoke-DhcpServerv4FailoverReplication.md | 244 ++ .../Remove-DhcpServerDnsCredential.md | 174 ++ .../dhcpserver/Remove-DhcpServerInDC.md | 237 ++ .../dhcpserver/Remove-DhcpServerv4Class.md | 217 ++ .../Remove-DhcpServerv4ExclusionRange.md | 247 ++ .../dhcpserver/Remove-DhcpServerv4Failover.md | 215 ++ .../Remove-DhcpServerv4FailoverScope.md | 240 ++ .../dhcpserver/Remove-DhcpServerv4Filter.md | 195 ++ .../dhcpserver/Remove-DhcpServerv4Lease.md | 334 +++ ...ove-DhcpServerv4MulticastExclusionRange.md | 242 ++ .../Remove-DhcpServerv4MulticastLease.md | 209 ++ .../Remove-DhcpServerv4MulticastScope.md | 227 ++ .../Remove-DhcpServerv4OptionDefinition.md | 221 ++ .../Remove-DhcpServerv4OptionValue.md | 330 +++ .../dhcpserver/Remove-DhcpServerv4Policy.md | 225 ++ .../Remove-DhcpServerv4PolicyIPRange.md | 272 +++ .../Remove-DhcpServerv4Reservation.md | 269 +++ .../dhcpserver/Remove-DhcpServerv4Scope.md | 227 ++ .../Remove-DhcpServerv4Superscope.md | 225 ++ .../dhcpserver/Remove-DhcpServerv6Class.md | 217 ++ .../Remove-DhcpServerv6ExclusionRange.md | 240 ++ .../dhcpserver/Remove-DhcpServerv6Lease.md | 244 ++ .../Remove-DhcpServerv6OptionDefinition.md | 221 ++ .../Remove-DhcpServerv6OptionValue.md | 268 +++ .../Remove-DhcpServerv6Reservation.md | 234 ++ .../dhcpserver/Remove-DhcpServerv6Scope.md | 230 ++ .../Rename-DhcpServerv4Superscope.md | 206 ++ .../dhcpserver/Repair-DhcpServerv4IPRecord.md | 209 ++ .../dhcpserver/Restore-DhcpServer.md | 188 ++ .../dhcpserver/Set-DhcpServerAuditLog.md | 256 +++ .../dhcpserver/Set-DhcpServerDatabase.md | 249 ++ .../dhcpserver/Set-DhcpServerDnsCredential.md | 203 ++ .../dhcpserver/Set-DhcpServerSetting.md | 240 ++ .../dhcpserver/Set-DhcpServerv4Binding.md | 205 ++ .../dhcpserver/Set-DhcpServerv4Class.md | 249 ++ .../dhcpserver/Set-DhcpServerv4DnsSetting.md | 386 ++++ .../dhcpserver/Set-DhcpServerv4Failover.md | 381 ++++ .../dhcpserver/Set-DhcpServerv4FilterList.md | 204 ++ .../Set-DhcpServerv4MulticastScope.md | 323 +++ .../Set-DhcpServerv4OptionDefinition.md | 258 +++ .../dhcpserver/Set-DhcpServerv4OptionValue.md | 490 ++++ .../dhcpserver/Set-DhcpServerv4Policy.md | 579 +++++ .../dhcpserver/Set-DhcpServerv4Reservation.md | 257 +++ .../dhcpserver/Set-DhcpServerv4Scope.md | 414 ++++ .../dhcpserver/Set-DhcpServerv6Binding.md | 212 ++ .../dhcpserver/Set-DhcpServerv6Class.md | 267 +++ .../dhcpserver/Set-DhcpServerv6DnsSetting.md | 289 +++ .../Set-DhcpServerv6OptionDefinition.md | 258 +++ .../dhcpserver/Set-DhcpServerv6OptionValue.md | 402 ++++ .../dhcpserver/Set-DhcpServerv6Reservation.md | 254 +++ .../dhcpserver/Set-DhcpServerv6Scope.md | 326 +++ .../Set-DhcpServerv6StatelessStore.md | 230 ++ .../DirectAccessClientComponents.md | 53 + .../Disable-DAManualEntryPointSelection.md | 148 ++ .../Enable-DAManualEntryPointSelection.md | 164 ++ .../Get-DAClientExperienceConfiguration.md | 156 ++ .../Get-DAEntryPointTableItem.md | 203 ++ .../New-DAEntryPointTableItem.md | 318 +++ .../Remove-DAEntryPointTableItem.md | 260 +++ .../Rename-DAEntryPointTableItem.md | 267 +++ .../Reset-DAClientExperienceConfiguration.md | 393 ++++ .../Reset-DAEntryPointTableItem.md | 303 +++ .../Set-DAClientExperienceConfiguration.md | 450 ++++ .../Set-DAEntryPointTableItem.md | 369 +++ .../dism/Add-AppxProvisionedPackage.md | 370 +++ .../dism/Add-WindowsCapability.md | 248 ++ .../dism/Add-WindowsDriver.md | 273 +++ .../winserver2025-ps/dism/Add-WindowsImage.md | 320 +++ .../dism/Add-WindowsPackage.md | 283 +++ .../dism/Clear-WindowsCorruptMountPoint.md | 118 + docset/winserver2025-ps/dism/DISM.md | 192 ++ .../dism/Disable-WindowsOptionalFeature.md | 294 +++ .../dism/Dismount-WindowsImage.md | 221 ++ .../dism/Enable-WindowsOptionalFeature.md | 336 +++ .../dism/Expand-WindowsCustomDataImage.md | 163 ++ .../dism/Expand-WindowsImage.md | 343 +++ .../dism/Export-WindowsCapabilitySource.md | 215 ++ .../dism/Export-WindowsDriver.md | 215 ++ .../dism/Export-WindowsImage.md | 317 +++ .../dism/Get-AppxProvisionedPackage.md | 199 ++ .../dism/Get-NonRemovableAppsPolicy.md | 204 ++ .../winserver2025-ps/dism/Get-WIMBootEntry.md | 127 ++ .../dism/Get-WindowsCapability.md | 243 ++ .../dism/Get-WindowsDriver.md | 248 ++ .../dism/Get-WindowsEdition.md | 218 ++ .../winserver2025-ps/dism/Get-WindowsImage.md | 231 ++ .../dism/Get-WindowsImageContent.md | 200 ++ .../dism/Get-WindowsOptionalFeature.md | 283 +++ .../dism/Get-WindowsPackage.md | 241 ++ .../dism/Get-WindowsReservedStorageState.md | 113 + .../dism/Mount-WindowsImage.md | 327 +++ .../dism/New-WindowsCustomImage.md | 186 ++ .../winserver2025-ps/dism/New-WindowsImage.md | 347 +++ .../dism/Optimize-AppXProvisionedPackages.md | 199 ++ .../dism/Optimize-WindowsImage.md | 187 ++ .../dism/Remove-AppxProvisionedPackage.md | 233 ++ .../dism/Remove-WindowsCapability.md | 210 ++ .../dism/Remove-WindowsDriver.md | 196 ++ .../dism/Remove-WindowsImage.md | 218 ++ .../dism/Remove-WindowsPackage.md | 258 +++ .../dism/Repair-WindowsImage.md | 384 ++++ .../dism/Save-WindowsImage.md | 197 ++ .../dism/Set-AppXProvisionedDataFile.md | 246 ++ .../dism/Set-NonRemovableAppsPolicy.md | 246 ++ .../dism/Set-WindowsEdition.md | 193 ++ .../dism/Set-WindowsProductKey.md | 185 ++ .../dism/Set-WindowsReservedStorageState.md | 132 ++ .../dism/Split-WindowsImage.md | 204 ++ .../dism/Start-OSUninstall.md | 211 ++ .../dism/Update-WIMBootEntry.md | 160 ++ .../dism/Use-WindowsUnattend.md | 234 ++ .../Add-DnsClientDohServerAddress.md | 221 ++ .../dnsclient/Add-DnsClientNrptRule.md | 528 +++++ .../dnsclient/Clear-DnsClientCache.md | 141 ++ .../winserver2025-ps/dnsclient/DnsClient.md | 80 + .../dnsclient/Get-DnsClient.md | 228 ++ .../dnsclient/Get-DnsClientCache.md | 257 +++ .../Get-DnsClientDohServerAddress.md | 140 ++ .../dnsclient/Get-DnsClientGlobalSetting.md | 126 + .../dnsclient/Get-DnsClientNrptGlobal.md | 184 ++ .../dnsclient/Get-DnsClientNrptPolicy.md | 273 +++ .../dnsclient/Get-DnsClientNrptRule.md | 287 +++ .../dnsclient/Get-DnsClientServerAddress.md | 178 ++ .../dnsclient/Register-DnsClient.md | 144 ++ .../Remove-DnsClientDohServerAddress.md | 203 ++ .../dnsclient/Remove-DnsClientNrptRule.md | 297 +++ .../dnsclient/Resolve-DnsName.md | 393 ++++ .../dnsclient/Set-DnsClient.md | 301 +++ .../Set-DnsClientDohServerAddress.md | 270 +++ .../dnsclient/Set-DnsClientGlobalSetting.md | 241 ++ .../dnsclient/Set-DnsClientNrptGlobal.md | 280 +++ .../dnsclient/Set-DnsClientNrptRule.md | 507 +++++ .../dnsclient/Set-DnsClientServerAddress.md | 292 +++ .../dnsserver/Add-DnsServerClientSubnet.md | 254 +++ .../Add-DnsServerConditionalForwarderZone.md | 331 +++ .../Add-DnsServerDirectoryPartition.md | 230 ++ .../dnsserver/Add-DnsServerForwarder.md | 201 ++ .../dnsserver/Add-DnsServerPrimaryZone.md | 412 ++++ .../Add-DnsServerQueryResolutionPolicy.md | 903 ++++++++ .../dnsserver/Add-DnsServerRecursionScope.md | 234 ++ .../dnsserver/Add-DnsServerResourceRecord.md | 1596 +++++++++++++ .../dnsserver/Add-DnsServerResourceRecordA.md | 322 +++ .../Add-DnsServerResourceRecordAAAA.md | 314 +++ .../Add-DnsServerResourceRecordCName.md | 306 +++ .../Add-DnsServerResourceRecordDS.md | 333 +++ .../Add-DnsServerResourceRecordDnsKey.md | 346 +++ .../Add-DnsServerResourceRecordMX.md | 320 +++ .../Add-DnsServerResourceRecordPtr.md | 320 +++ ...ServerResponseRateLimitingExceptionlist.md | 295 +++ .../dnsserver/Add-DnsServerRootHint.md | 237 ++ .../dnsserver/Add-DnsServerSecondaryZone.md | 284 +++ .../dnsserver/Add-DnsServerSigningKey.md | 408 ++++ .../dnsserver/Add-DnsServerStubZone.md | 346 +++ .../dnsserver/Add-DnsServerTrustAnchor.md | 365 +++ .../Add-DnsServerVirtualizationInstance.md | 225 ++ .../dnsserver/Add-DnsServerZoneDelegation.md | 300 +++ .../dnsserver/Add-DnsServerZoneScope.md | 252 ++ .../Add-DnsServerZoneTransferPolicy.md | 583 +++++ .../dnsserver/Clear-DnsServerCache.md | 187 ++ .../dnsserver/Clear-DnsServerStatistics.md | 206 ++ .../ConvertTo-DnsServerPrimaryZone.md | 308 +++ .../ConvertTo-DnsServerSecondaryZone.md | 240 ++ .../dnsserver/Disable-DnsServerPolicy.md | 244 ++ .../Disable-DnsServerSigningKeyRollover.md | 219 ++ .../winserver2025-ps/dnsserver/DnsServer.md | 412 ++++ .../dnsserver/Enable-DnsServerPolicy.md | 244 ++ .../Enable-DnsServerSigningKeyRollover.md | 254 +++ .../Export-DnsServerDnsSecPublicKey.md | 321 +++ .../dnsserver/Export-DnsServerZone.md | 213 ++ .../dnsserver/Get-DnsServer.md | 136 ++ .../dnsserver/Get-DnsServerCache.md | 134 ++ .../dnsserver/Get-DnsServerClientSubnet.md | 166 ++ .../dnsserver/Get-DnsServerDiagnostics.md | 152 ++ .../Get-DnsServerDirectoryPartition.md | 189 ++ .../Get-DnsServerDnsSecZoneSetting.md | 346 +++ .../dnsserver/Get-DnsServerDsSetting.md | 130 ++ .../dnsserver/Get-DnsServerEDns.md | 124 + .../dnsserver/Get-DnsServerForwarder.md | 128 ++ .../dnsserver/Get-DnsServerGlobalNameZone.md | 132 ++ .../Get-DnsServerGlobalQueryBlockList.md | 124 + .../Get-DnsServerQueryResolutionPolicy.md | 395 ++++ .../dnsserver/Get-DnsServerRecursion.md | 130 ++ .../dnsserver/Get-DnsServerRecursionScope.md | 159 ++ .../dnsserver/Get-DnsServerResourceRecord.md | 334 +++ .../Get-DnsServerResponseRateLimiting.md | 163 ++ ...ServerResponseRateLimitingExceptionlist.md | 151 ++ .../dnsserver/Get-DnsServerRootHint.md | 139 ++ .../dnsserver/Get-DnsServerScavenging.md | 125 + .../dnsserver/Get-DnsServerSetting.md | 218 ++ .../dnsserver/Get-DnsServerSigningKey.md | 164 ++ .../dnsserver/Get-DnsServerStatistics.md | 234 ++ .../dnsserver/Get-DnsServerTrustAnchor.md | 143 ++ .../dnsserver/Get-DnsServerTrustPoint.md | 139 ++ .../Get-DnsServerVirtualizationInstance.md | 179 ++ .../dnsserver/Get-DnsServerZone.md | 166 ++ .../dnsserver/Get-DnsServerZoneAging.md | 144 ++ .../dnsserver/Get-DnsServerZoneDelegation.md | 196 ++ .../dnsserver/Get-DnsServerZoneScope.md | 173 ++ .../Get-DnsServerZoneTransferPolicy.md | 205 ++ .../Import-DnsServerResourceRecordDS.md | 216 ++ .../dnsserver/Import-DnsServerRootHint.md | 199 ++ .../dnsserver/Import-DnsServerTrustAnchor.md | 223 ++ .../Invoke-DnsServerSigningKeyRollover.md | 219 ++ .../dnsserver/Invoke-DnsServerZoneSign.md | 247 ++ .../dnsserver/Invoke-DnsServerZoneUnsign.md | 202 ++ .../Register-DnsServerDirectoryPartition.md | 200 ++ .../dnsserver/Remove-DnsServerClientSubnet.md | 228 ++ .../Remove-DnsServerDirectoryPartition.md | 209 ++ .../dnsserver/Remove-DnsServerForwarder.md | 206 ++ .../Remove-DnsServerQueryResolutionPolicy.md | 263 +++ .../Remove-DnsServerRecursionScope.md | 209 ++ .../Remove-DnsServerResourceRecord.md | 406 ++++ ...ServerResponseRateLimitingExceptionlist.md | 207 ++ .../dnsserver/Remove-DnsServerRootHint.md | 260 +++ .../dnsserver/Remove-DnsServerSigningKey.md | 236 ++ .../dnsserver/Remove-DnsServerTrustAnchor.md | 249 ++ .../Remove-DnsServerVirtualizationInstance.md | 224 ++ .../dnsserver/Remove-DnsServerZone.md | 232 ++ .../Remove-DnsServerZoneDelegation.md | 298 +++ .../dnsserver/Remove-DnsServerZoneScope.md | 242 ++ .../Remove-DnsServerZoneTransferPolicy.md | 259 +++ .../Reset-DnsServerZoneKeyMasterRole.md | 234 ++ .../dnsserver/Restore-DnsServerPrimaryZone.md | 211 ++ .../Restore-DnsServerSecondaryZone.md | 209 ++ .../dnsserver/Resume-DnsServerZone.md | 212 ++ .../dnsserver/Set-DnsServer.md | 255 +++ .../dnsserver/Set-DnsServerCache.md | 311 +++ .../dnsserver/Set-DnsServerClientSubnet.md | 285 +++ .../Set-DnsServerConditionalForwarderZone.md | 301 +++ .../dnsserver/Set-DnsServerDiagnostics.md | 752 ++++++ .../Set-DnsServerDnsSecZoneSetting.md | 535 +++++ .../dnsserver/Set-DnsServerDsSetting.md | 302 +++ .../dnsserver/Set-DnsServerEDns.md | 218 ++ .../dnsserver/Set-DnsServerForwarder.md | 252 ++ .../dnsserver/Set-DnsServerGlobalNameZone.md | 337 +++ .../Set-DnsServerGlobalQueryBlockList.md | 220 ++ .../dnsserver/Set-DnsServerPrimaryZone.md | 454 ++++ .../Set-DnsServerQueryResolutionPolicy.md | 565 +++++ .../dnsserver/Set-DnsServerRecursion.md | 267 +++ .../dnsserver/Set-DnsServerRecursionScope.md | 224 ++ .../dnsserver/Set-DnsServerResourceRecord.md | 276 +++ .../Set-DnsServerResourceRecordAging.md | 237 ++ .../Set-DnsServerResponseRateLimiting.md | 381 ++++ ...ServerResponseRateLimitingExceptionlist.md | 292 +++ .../dnsserver/Set-DnsServerRootHint.md | 203 ++ .../dnsserver/Set-DnsServerScavenging.md | 280 +++ .../dnsserver/Set-DnsServerSecondaryZone.md | 237 ++ .../dnsserver/Set-DnsServerSetting.md | 184 ++ .../dnsserver/Set-DnsServerSigningKey.md | 293 +++ .../dnsserver/Set-DnsServerStubZone.md | 287 +++ .../Set-DnsServerVirtualizationInstance.md | 224 ++ .../dnsserver/Set-DnsServerZoneAging.md | 271 +++ .../dnsserver/Set-DnsServerZoneDelegation.md | 297 +++ .../Set-DnsServerZoneTransferPolicy.md | 438 ++++ .../dnsserver/Show-DnsServerCache.md | 187 ++ .../Show-DnsServerKeyStorageProvider.md | 122 + .../dnsserver/Start-DnsServerScavenging.md | 181 ++ .../dnsserver/Start-DnsServerZoneTransfer.md | 208 ++ .../Step-DnsServerSigningKeyRollover.md | 253 +++ .../dnsserver/Suspend-DnsServerZone.md | 213 ++ .../dnsserver/Sync-DnsServerZone.md | 196 ++ .../dnsserver/Test-DnsServer.md | 220 ++ .../Test-DnsServerDnsSecZoneSetting.md | 142 ++ .../Unregister-DnsServerDirectoryPartition.md | 208 ++ .../dnsserver/Update-DnsServerTrustPoint.md | 167 ++ .../Add-EtwTraceProvider.md | 292 +++ .../EventTracingManagement.md | 62 + .../Get-AutologgerConfig.md | 143 ++ .../Get-EtwTraceProvider.md | 210 ++ .../Get-EtwTraceSession.md | 130 ++ .../New-AutologgerConfig.md | 403 ++++ .../New-EtwTraceSession.md | 325 +++ .../Remove-AutologgerConfig.md | 200 ++ .../Remove-EtwTraceProvider.md | 241 ++ .../Save-EtwTraceSession.md | 192 ++ .../Send-EtwTraceSession.md | 227 ++ .../Set-EtwTraceProvider.md | 320 +++ .../Start-EtwTraceSession.md | 352 +++ .../Stop-EtwTraceSession.md | 194 ++ .../Update-AutologgerConfig.md | 413 ++++ .../Update-EtwTraceSession.md | 333 +++ .../failoverclusters/Add-ClusterCheckpoint.md | 203 ++ .../failoverclusters/Add-ClusterDisk.md | 139 ++ .../Add-ClusterFileServerRole.md | 215 ++ .../Add-ClusterGenericApplicationRole.md | 278 +++ .../Add-ClusterGenericScriptRole.md | 236 ++ .../Add-ClusterGenericServiceRole.md | 243 ++ .../failoverclusters/Add-ClusterGroup.md | 135 ++ .../Add-ClusterGroupSetDependency.md | 195 ++ .../Add-ClusterGroupToAffinityRule.md | 225 ++ .../failoverclusters/Add-ClusterGroupToSet.md | 194 ++ .../failoverclusters/Add-ClusterNode.md | 160 ++ .../failoverclusters/Add-ClusterResource.md | 170 ++ .../Add-ClusterResourceDependency.md | 137 ++ .../Add-ClusterResourceType.md | 161 ++ .../Add-ClusterScaleOutFileServerRole.md | 181 ++ .../Add-ClusterSharedVolume.md | 115 + .../Add-ClusterSharedVolumeToAffinityRule.md | 227 ++ .../Add-ClusterVMMonitoredItem.md | 283 +++ .../Add-ClusterVirtualMachineRole.md | 196 ++ .../Add-ClusteriSCSITargetServerRole.md | 197 ++ .../failoverclusters/Block-ClusterAccess.md | 145 ++ .../Clear-ClusterDiskReservation.md | 157 ++ .../failoverclusters/Clear-ClusterNode.md | 206 ++ .../Disable-ClusterStorageSpacesDirect.md | 173 ++ .../Enable-ClusterStorageSpacesDirect.md | 324 +++ .../failoverclusters/FailoverClusters.md | 365 +++ .../failoverclusters/Get-Cluster.md | 172 ++ .../failoverclusters/Get-ClusterAccess.md | 116 + .../Get-ClusterAffinityRule.md | 151 ++ .../Get-ClusterAvailableDisk.md | 138 ++ .../failoverclusters/Get-ClusterCheckpoint.md | 176 ++ .../Get-ClusterDiagnosticInfo.md | 160 ++ .../Get-ClusterFaultDomain.md | 171 ++ .../Get-ClusterFaultDomainXML.md | 135 ++ .../failoverclusters/Get-ClusterGroup.md | 166 ++ .../failoverclusters/Get-ClusterGroupSet.md | 154 ++ .../Get-ClusterGroupSetDependency.md | 186 ++ .../failoverclusters/Get-ClusterLog.md | 216 ++ .../failoverclusters/Get-ClusterNetwork.md | 116 + .../Get-ClusterNetworkInterface.md | 152 ++ .../failoverclusters/Get-ClusterNode.md | 142 ++ .../failoverclusters/Get-ClusterOwnerNode.md | 158 ++ .../failoverclusters/Get-ClusterParameter.md | 152 ++ .../failoverclusters/Get-ClusterQuorum.md | 104 + .../failoverclusters/Get-ClusterResource.md | 204 ++ .../Get-ClusterResourceDependency.md | 143 ++ .../Get-ClusterResourceDependencyReport.md | 155 ++ .../Get-ClusterResourceType.md | 120 + .../Get-ClusterSharedVolume.md | 128 ++ .../Get-ClusterSharedVolumeState.md | 124 + .../Get-ClusterStorageSpacesDirect.md | 150 ++ .../Get-ClusterVMMonitoredItem.md | 171 ++ .../failoverclusters/Grant-ClusterAccess.md | 156 ++ .../failoverclusters/Move-ClusterGroup.md | 198 ++ .../failoverclusters/Move-ClusterResource.md | 138 ++ .../Move-ClusterSharedVolume.md | 167 ++ .../Move-ClusterVirtualMachineRole.md | 270 +++ .../failoverclusters/New-Cluster.md | 312 +++ .../New-ClusterAffinityRule.md | 177 ++ .../New-ClusterFaultDomain.md | 229 ++ .../failoverclusters/New-ClusterGroupSet.md | 171 ++ .../New-ClusterNameAccount.md | 192 ++ .../failoverclusters/Remove-Cluster.md | 191 ++ .../failoverclusters/Remove-ClusterAccess.md | 111 + .../Remove-ClusterAffinityRule.md | 228 ++ .../Remove-ClusterCheckpoint.md | 219 ++ .../Remove-ClusterFaultDomain.md | 246 ++ .../failoverclusters/Remove-ClusterGroup.md | 219 ++ .../Remove-ClusterGroupFromAffinityRule.md | 224 ++ .../Remove-ClusterGroupFromSet.md | 192 ++ .../Remove-ClusterGroupSet.md | 212 ++ .../Remove-ClusterGroupSetDependency.md | 195 ++ .../failoverclusters/Remove-ClusterNode.md | 230 ++ .../Remove-ClusterResource.md | 179 ++ .../Remove-ClusterResourceDependency.md | 184 ++ .../Remove-ClusterResourceType.md | 144 ++ .../Remove-ClusterSharedVolume.md | 156 ++ ...ove-ClusterSharedVolumeFromAffinityRule.md | 225 ++ .../Remove-ClusterVMMonitoredItem.md | 238 ++ .../Repair-ClusterStorageSpacesDirect.md | 237 ++ .../Reset-ClusterVMMonitoredState.md | 83 + .../failoverclusters/Resume-ClusterNode.md | 170 ++ .../Resume-ClusterResource.md | 153 ++ .../Set-ClusterAffinityRule.md | 261 +++ .../Set-ClusterFaultDomain.md | 282 +++ .../Set-ClusterFaultDomainXML.md | 185 ++ .../failoverclusters/Set-ClusterGroupSet.md | 253 +++ .../failoverclusters/Set-ClusterLog.md | 144 ++ .../failoverclusters/Set-ClusterOwnerNode.md | 157 ++ .../failoverclusters/Set-ClusterParameter.md | 208 ++ .../failoverclusters/Set-ClusterQuorum.md | 254 +++ .../Set-ClusterResourceDependency.md | 165 ++ .../Set-ClusterStorageSpacesDirect.md | 218 ++ .../Set-ClusterStorageSpacesDirectDisk.md | 209 ++ .../failoverclusters/Start-Cluster.md | 132 ++ .../failoverclusters/Start-ClusterGroup.md | 174 ++ .../failoverclusters/Start-ClusterNode.md | 235 ++ .../failoverclusters/Start-ClusterResource.md | 184 ++ .../failoverclusters/Stop-Cluster.md | 188 ++ .../failoverclusters/Stop-ClusterGroup.md | 153 ++ .../failoverclusters/Stop-ClusterNode.md | 180 ++ .../failoverclusters/Stop-ClusterResource.md | 160 ++ .../failoverclusters/Suspend-ClusterNode.md | 257 +++ .../Suspend-ClusterResource.md | 220 ++ .../failoverclusters/Test-Cluster.md | 365 +++ .../Test-ClusterResourceFailure.md | 109 + .../Update-ClusterFunctionalLevel.md | 176 ++ .../Update-ClusterIPResource.md | 164 ++ .../Update-ClusterNetworkNameResource.md | 111 + ...date-ClusterVirtualMachineConfiguration.md | 144 ++ .../FileServerResourceManager.md | 254 +++ .../Get-FsrmAdrSetting.md | 131 ++ .../Get-FsrmAutoQuota.md | 149 ++ .../Get-FsrmClassification.md | 117 + ...et-FsrmClassificationPropertyDefinition.md | 143 ++ .../Get-FsrmClassificationRule.md | 138 ++ .../Get-FsrmEffectiveNamespace.md | 156 ++ .../Get-FsrmFileGroup.md | 138 ++ .../Get-FsrmFileManagementJob.md | 143 ++ .../Get-FsrmFileScreen.md | 139 ++ .../Get-FsrmFileScreenException.md | 137 ++ .../Get-FsrmFileScreenTemplate.md | 137 ++ .../Get-FsrmMacro.md | 157 ++ .../Get-FsrmMgmtProperty.md | 242 ++ .../Get-FsrmQuota.md | 149 ++ .../Get-FsrmQuotaTemplate.md | 137 ++ .../Get-FsrmRmsTemplate.md | 140 ++ .../Get-FsrmSetting.md | 111 + .../Get-FsrmStorageReport.md | 150 ++ .../New-FsrmAction.md | 489 ++++ .../New-FsrmAutoQuota.md | 209 ++ ...ew-FsrmClassificationPropertyDefinition.md | 266 +++ .../New-FsrmClassificationPropertyValue.md | 179 ++ .../New-FsrmClassificationRule.md | 377 +++ .../New-FsrmFMJNotification.md | 192 ++ .../New-FsrmFileGroup.md | 217 ++ .../New-FsrmFileManagementJob.md | 503 ++++ .../New-FsrmFileScreen.md | 271 +++ .../New-FsrmFileScreenException.md | 197 ++ .../New-FsrmFileScreenTemplate.md | 245 ++ .../New-FsrmFmjAction.md | 377 +++ .../New-FsrmFmjCondition.md | 273 +++ .../New-FsrmFmjNotificationAction.md | 411 ++++ .../New-FsrmQuota.md | 291 +++ .../New-FsrmQuotaTemplate.md | 245 ++ .../New-FsrmQuotaThreshold.md | 189 ++ .../New-FsrmScheduledTask.md | 234 ++ .../New-FsrmStorageReport.md | 620 +++++ .../Remove-FsrmAutoQuota.md | 205 ++ ...ve-FsrmClassificationPropertyDefinition.md | 205 ++ .../Remove-FsrmClassificationRule.md | 203 ++ .../Remove-FsrmFileGroup.md | 203 ++ .../Remove-FsrmFileManagementJob.md | 208 ++ .../Remove-FsrmFileScreen.md | 205 ++ .../Remove-FsrmFileScreenException.md | 203 ++ .../Remove-FsrmFileScreenTemplate.md | 203 ++ .../Remove-FsrmMgmtProperty.md | 224 ++ .../Remove-FsrmQuota.md | 207 ++ .../Remove-FsrmQuotaTemplate.md | 203 ++ .../Remove-FsrmStorageReport.md | 209 ++ .../Reset-FsrmFileScreen.md | 204 ++ .../Reset-FsrmQuota.md | 203 ++ .../Send-FsrmTestEmail.md | 159 ++ .../Set-FsrmAdrSetting.md | 374 +++ .../Set-FsrmAutoQuota.md | 290 +++ .../Set-FsrmClassification.md | 282 +++ ...et-FsrmClassificationPropertyDefinition.md | 269 +++ .../Set-FsrmClassificationRule.md | 406 ++++ .../Set-FsrmFileGroup.md | 271 +++ .../Set-FsrmFileManagementJob.md | 472 ++++ .../Set-FsrmFileScreen.md | 275 +++ .../Set-FsrmFileScreenException.md | 235 ++ .../Set-FsrmFileScreenTemplate.md | 314 +++ .../Set-FsrmMgmtProperty.md | 195 ++ .../Set-FsrmQuota.md | 285 +++ .../Set-FsrmQuotaTemplate.md | 315 +++ .../Set-FsrmSetting.md | 848 +++++++ .../Set-FsrmStorageReport.md | 578 +++++ .../Start-FsrmClassification.md | 184 ++ .../Start-FsrmFileManagementJob.md | 231 ++ .../Start-FsrmStorageReport.md | 235 ++ .../Stop-FsrmClassification.md | 153 ++ .../Stop-FsrmFileManagementJob.md | 207 ++ .../Stop-FsrmStorageReport.md | 206 ++ .../Update-FsrmAutoQuota.md | 213 ++ ...te-FsrmClassificationPropertyDefinition.md | 146 ++ .../Update-FsrmQuota.md | 211 ++ .../Wait-FsrmClassification.md | 182 ++ .../Wait-FsrmFileManagementJob.md | 223 ++ .../Wait-FsrmStorageReport.md | 226 ++ .../grouppolicy/Backup-GPO.md | 310 +++ .../winserver2025-ps/grouppolicy/Copy-GPO.md | 404 ++++ .../grouppolicy/Get-GPInheritance.md | 258 +++ .../winserver2025-ps/grouppolicy/Get-GPO.md | 276 +++ .../grouppolicy/Get-GPOReport.md | 290 +++ .../grouppolicy/Get-GPPermission.md | 351 +++ .../grouppolicy/Get-GPPrefRegistryValue.md | 388 ++++ .../grouppolicy/Get-GPRegistryValue.md | 328 +++ .../grouppolicy/Get-GPResultantSetOfPolicy.md | 230 ++ .../grouppolicy/Get-GPStarterGPO.md | 253 +++ .../grouppolicy/GroupPolicy.md | 135 ++ .../grouppolicy/Import-GPO.md | 408 ++++ .../grouppolicy/Invoke-GPUpdate.md | 279 +++ .../grouppolicy/New-GPLink.md | 395 ++++ .../winserver2025-ps/grouppolicy/New-GPO.md | 340 +++ .../grouppolicy/New-GPStarterGPO.md | 189 ++ .../grouppolicy/Remove-GPLink.md | 292 +++ .../grouppolicy/Remove-GPO.md | 235 ++ .../grouppolicy/Remove-GPPrefRegistryValue.md | 427 ++++ .../grouppolicy/Remove-GPRegistryValue.md | 329 +++ .../grouppolicy/Rename-GPO.md | 255 +++ .../grouppolicy/Restore-GPO.md | 342 +++ .../grouppolicy/Set-GPInheritance.md | 267 +++ .../grouppolicy/Set-GPLink.md | 381 ++++ .../grouppolicy/Set-GPPermission.md | 428 ++++ .../grouppolicy/Set-GPPrefRegistryValue.md | 664 ++++++ .../grouppolicy/Set-GPRegistryValue.md | 545 +++++ .../Export-HwCertTestCollectionToXml.md | 113 + .../HardwareCertification.md | 38 + .../Import-HwCertTestCollectionFromXml.md | 81 + .../Merge-HwCertTestCollectionFromPackage.md | 164 ++ .../Merge-HwCertTestCollectionFromXml.md | 134 ++ .../New-HwCertProjectDefinitionFile.md | 407 ++++ .../New-HwCertTestCollection.md | 92 + .../New-HwCertTestCollectionExcelReport.md | 118 + .../Add-HgsAttestationCIPolicy.md | 180 ++ .../Add-HgsAttestationDumpPolicy.md | 182 ++ .../Add-HgsAttestationHostGroup.md | 136 ++ .../Add-HgsAttestationTpmHost.md | 204 ++ .../Add-HgsAttestationTpmPolicy.md | 181 ++ .../Disable-HgsAttestationPolicy.md | 135 ++ .../Enable-HgsAttestationPolicy.md | 136 ++ .../Get-HgsAttestationHostGroup.md | 76 + .../Get-HgsAttestationPolicy.md | 164 ++ .../Get-HgsAttestationSignerCertificate.md | 51 + .../Get-HgsAttestationTpmHost.md | 139 ++ .../hgsattestation/HgsAttestation.md | 58 + .../Remove-HgsAttestationHostGroup.md | 97 + .../Remove-HgsAttestationPolicy.md | 131 ++ .../Remove-HgsAttestationTpmHost.md | 129 ++ .../hgsclient/ConvertTo-HgsKeyProtector.md | 156 ++ .../hgsclient/Export-HgsGuardian.md | 95 + .../Get-HgsAttestationBaselinePolicy.md | 130 ++ .../hgsclient/Get-HgsClientConfiguration.md | 126 + .../hgsclient/Get-HgsGuardian.md | 151 ++ .../hgsclient/Grant-HgsKeyProtectorAccess.md | 161 ++ .../winserver2025-ps/hgsclient/HgsClient.md | 54 + .../hgsclient/Import-HgsGuardian.md | 150 ++ .../hgsclient/New-HgsGuardian.md | 277 +++ .../hgsclient/New-HgsKeyProtector.md | 134 ++ .../hgsclient/Remove-HgsGuardian.md | 121 + .../hgsclient/Revoke-HgsKeyProtectorAccess.md | 120 + .../hgsclient/Set-HgsClientConfiguration.md | 185 ++ .../hgsclient/Test-HgsClientConfiguration.md | 100 + .../hgsdiagnostics/Get-HgsTrace.md | 226 ++ .../hgsdiagnostics/Get-HgsTraceFileData.md | 127 ++ .../hgsdiagnostics/HgsDiagnostics.md | 26 + .../hgsdiagnostics/New-HgsTraceTarget.md | 207 ++ .../hgsdiagnostics/Test-HgsTraceTarget.md | 63 + ...yProtectionAttestationSignerCertificate.md | 124 + .../Add-HgsKeyProtectionCertificate.md | 211 ++ .../Export-HgsKeyProtectionState.md | 146 ++ ...yProtectionAttestationSignerCertificate.md | 86 + .../Get-HgsKeyProtectionCertificate.md | 179 ++ .../Get-HgsKeyProtectionConfiguration.md | 55 + .../hgskeyprotection/HgsKeyProtection.md | 50 + .../Import-HgsKeyProtectionState.md | 174 ++ ...yProtectionAttestationSignerCertificate.md | 119 + .../Remove-HgsKeyProtectionCertificate.md | 141 ++ ...ctionAttestationSignerCertificatePolicy.md | 150 ++ .../Set-HgsKeyProtectionCertificate.md | 182 ++ .../Set-HgsKeyProtectionConfiguration.md | 186 ++ .../hgsserver/Clear-HgsServer.md | 135 ++ .../hgsserver/Export-HgsServerState.md | 140 ++ .../hgsserver/Get-HgsServer.md | 48 + .../winserver2025-ps/hgsserver/HgsServer.md | 42 + .../hgsserver/Import-HgsServerState.md | 184 ++ .../hgsserver/Initialize-HgsServer.md | 545 +++++ .../hgsserver/Install-HgsServer.md | 193 ++ .../hgsserver/Set-HgsServer.md | 278 +++ .../hgsserver/Test-HgsServer.md | 172 ++ .../hgsserver/Uninstall-HgsServer.md | 161 ++ .../hnvdiagnostics/Debug-SlbDatapath.md | 171 ++ .../Debug-VirtualMachineQueueOperation.md | 155 ++ .../Disable-MuxEchoResponder.md | 80 + .../hnvdiagnostics/Enable-MuxEchoResponder.md | 84 + .../hnvdiagnostics/Get-CustomerRoute.md | 55 + .../Get-NetworkControllerVipResource.md | 169 ++ .../hnvdiagnostics/Get-PACAMapping.md | 78 + .../hnvdiagnostics/Get-ProviderAddress.md | 71 + .../Get-VMNetworkAdapterPortId.md | 86 + .../Get-VMSwitchExternalPortId.md | 66 + .../hnvdiagnostics/Get-VipHostMapping.md | 168 ++ .../hnvdiagnostics/HNVDiagnostics.md | 68 + .../Test-DipHostReachability.md | 96 + .../Test-EncapOverheadSettings.md | 44 + .../Test-LogicalNetworkConnection.md | 44 + .../Test-LogicalNetworkSupportsJumboPacket.md | 114 + .../hnvdiagnostics/Test-VipReachability.md | 194 ++ .../Test-VirtualNetworkConnection.md | 283 +++ .../hostcomputeservice/Get-ComputeProcess.md | 112 + .../hostcomputeservice/HostComputeService.md | 23 + .../hostcomputeservice/Stop-ComputeProcess.md | 125 + .../hyper-v/Add-VMDvdDrive.md | 302 +++ .../hyper-v/Add-VMFibreChannelHba.md | 296 +++ .../hyper-v/Add-VMGpuPartitionAdapter.md | 399 ++++ .../hyper-v/Add-VMGroupMember.md | 279 +++ .../hyper-v/Add-VMHardDiskDrive.md | 447 ++++ .../hyper-v/Add-VMMigrationNetwork.md | 202 ++ .../hyper-v/Add-VMNetworkAdapter.md | 341 +++ .../hyper-v/Add-VMNetworkAdapterAcl.md | 391 ++++ .../Add-VMNetworkAdapterExtendedAcl.md | 477 ++++ .../hyper-v/Add-VMRemoteFx3dVideoAdapter.md | 193 ++ .../hyper-v/Add-VMScsiController.md | 186 ++ .../hyper-v/Add-VMStoragePath.md | 198 ++ .../winserver2025-ps/hyper-v/Add-VMSwitch.md | 157 ++ .../Add-VMSwitchExtensionPortFeature.md | 310 +++ .../Add-VMSwitchExtensionSwitchFeature.md | 205 ++ .../hyper-v/Add-VMSwitchTeamMember.md | 238 ++ ...dd-VmNetworkAdapterRoutingDomainMapping.md | 329 +++ .../winserver2025-ps/hyper-v/Checkpoint-VM.md | 225 ++ docset/winserver2025-ps/hyper-v/Compare-VM.md | 588 +++++ .../hyper-v/Complete-VMFailover.md | 197 ++ .../hyper-v/Connect-VMNetworkAdapter.md | 287 +++ .../winserver2025-ps/hyper-v/Connect-VMSan.md | 218 ++ .../winserver2025-ps/hyper-v/Convert-VHD.md | 266 +++ .../winserver2025-ps/hyper-v/Copy-VMFile.md | 262 +++ docset/winserver2025-ps/hyper-v/Debug-VM.md | 233 ++ .../hyper-v/Disable-VMConsoleSupport.md | 192 ++ .../hyper-v/Disable-VMEventing.md | 144 ++ .../hyper-v/Disable-VMIntegrationService.md | 223 ++ .../hyper-v/Disable-VMMigration.md | 154 ++ .../Disable-VMRemoteFXPhysicalVideoAdapter.md | 199 ++ .../hyper-v/Disable-VMResourceMetering.md | 200 ++ .../hyper-v/Disable-VMSwitchExtension.md | 178 ++ .../winserver2025-ps/hyper-v/Disable-VMTPM.md | 185 ++ .../hyper-v/Disconnect-VMNetworkAdapter.md | 210 ++ .../hyper-v/Disconnect-VMSan.md | 218 ++ .../winserver2025-ps/hyper-v/Dismount-VHD.md | 205 ++ .../hyper-v/Enable-VMConsoleSupport.md | 192 ++ .../hyper-v/Enable-VMEventing.md | 144 ++ .../hyper-v/Enable-VMIntegrationService.md | 238 ++ .../hyper-v/Enable-VMMigration.md | 162 ++ .../Enable-VMRemoteFXPhysicalVideoAdapter.md | 190 ++ .../hyper-v/Enable-VMReplication.md | 547 +++++ .../hyper-v/Enable-VMResourceMetering.md | 216 ++ .../hyper-v/Enable-VMSwitchExtension.md | 178 ++ .../winserver2025-ps/hyper-v/Enable-VMTPM.md | 185 ++ docset/winserver2025-ps/hyper-v/Export-VM.md | 253 +++ .../hyper-v/Export-VMSnapshot.md | 269 +++ docset/winserver2025-ps/hyper-v/Get-VHD.md | 190 ++ docset/winserver2025-ps/hyper-v/Get-VHDSet.md | 138 ++ .../hyper-v/Get-VHDSnapshot.md | 169 ++ docset/winserver2025-ps/hyper-v/Get-VM.md | 171 ++ docset/winserver2025-ps/hyper-v/Get-VMBios.md | 158 ++ .../winserver2025-ps/hyper-v/Get-VMComPort.md | 178 ++ .../hyper-v/Get-VMConnectAccess.md | 171 ++ .../hyper-v/Get-VMDvdDrive.md | 236 ++ .../hyper-v/Get-VMFibreChannelHba.md | 136 ++ .../hyper-v/Get-VMFirmware.md | 161 ++ .../hyper-v/Get-VMFloppyDiskDrive.md | 156 ++ .../hyper-v/Get-VMGpuPartitionAdapter.md | 157 ++ .../winserver2025-ps/hyper-v/Get-VMGroup.md | 143 ++ .../hyper-v/Get-VMHardDiskDrive.md | 258 +++ docset/winserver2025-ps/hyper-v/Get-VMHost.md | 105 + .../hyper-v/Get-VMHostCluster.md | 105 + .../hyper-v/Get-VMHostNumaNode.md | 121 + .../hyper-v/Get-VMHostNumaNodeStatus.md | 122 + .../hyper-v/Get-VMHostPartitionableGpu.md | 136 ++ .../hyper-v/Get-VMHostSupportedVersion.md | 130 ++ .../hyper-v/Get-VMIdeController.md | 179 ++ .../hyper-v/Get-VMIntegrationService.md | 185 ++ .../hyper-v/Get-VMKeyProtector.md | 167 ++ .../winserver2025-ps/hyper-v/Get-VMMemory.md | 156 ++ .../hyper-v/Get-VMMigrationNetwork.md | 144 ++ .../hyper-v/Get-VMNetworkAdapter.md | 264 +++ .../hyper-v/Get-VMNetworkAdapterAcl.md | 214 ++ .../Get-VMNetworkAdapterExtendedAcl.md | 233 ++ ...t-VMNetworkAdapterFailoverConfiguration.md | 179 ++ ...et-VMNetworkAdapterRoutingDomainMapping.md | 262 +++ .../Get-VMNetworkAdapterTeamMapping.md | 218 ++ .../hyper-v/Get-VMNetworkAdapterVlan.md | 215 ++ .../hyper-v/Get-VMProcessor.md | 156 ++ .../Get-VMRemoteFXPhysicalVideoAdapter.md | 128 ++ .../hyper-v/Get-VMRemoteFx3dVideoAdapter.md | 170 ++ .../hyper-v/Get-VMReplication.md | 302 +++ .../Get-VMReplicationAuthorizationEntry.md | 153 ++ .../hyper-v/Get-VMReplicationServer.md | 112 + .../hyper-v/Get-VMResourcePool.md | 146 ++ docset/winserver2025-ps/hyper-v/Get-VMSan.md | 115 + .../hyper-v/Get-VMScsiController.md | 185 ++ .../hyper-v/Get-VMSecurity.md | 136 ++ .../hyper-v/Get-VMSnapshot.md | 261 +++ .../hyper-v/Get-VMStoragePath.md | 156 ++ .../winserver2025-ps/hyper-v/Get-VMSwitch.md | 177 ++ .../hyper-v/Get-VMSwitchExtension.md | 154 ++ .../hyper-v/Get-VMSwitchExtensionPortData.md | 299 +++ .../Get-VMSwitchExtensionPortFeature.md | 296 +++ .../Get-VMSwitchExtensionSwitchData.md | 228 ++ .../Get-VMSwitchExtensionSwitchFeature.md | 230 ++ .../hyper-v/Get-VMSwitchTeam.md | 140 ++ .../hyper-v/Get-VMSystemSwitchExtension.md | 116 + .../Get-VMSystemSwitchExtensionPortFeature.md | 161 ++ ...et-VMSystemSwitchExtensionSwitchFeature.md | 161 ++ .../winserver2025-ps/hyper-v/Get-VMVideo.md | 167 ++ .../hyper-v/Get-VmNetworkAdapterIsolation.md | 230 ++ .../hyper-v/Grant-VMConnectAccess.md | 205 ++ docset/winserver2025-ps/hyper-v/Hyper-V.md | 671 ++++++ docset/winserver2025-ps/hyper-v/Import-VM.md | 324 +++ .../hyper-v/Import-VMInitialReplication.md | 248 ++ docset/winserver2025-ps/hyper-v/Measure-VM.md | 220 ++ .../hyper-v/Measure-VMReplication.md | 283 +++ .../hyper-v/Measure-VMResourcePool.md | 221 ++ docset/winserver2025-ps/hyper-v/Merge-VHD.md | 215 ++ docset/winserver2025-ps/hyper-v/Mount-VHD.md | 222 ++ docset/winserver2025-ps/hyper-v/Move-VM.md | 481 ++++ .../hyper-v/Move-VMStorage.md | 345 +++ docset/winserver2025-ps/hyper-v/New-VFD.md | 161 ++ docset/winserver2025-ps/hyper-v/New-VHD.md | 389 ++++ docset/winserver2025-ps/hyper-v/New-VM.md | 453 ++++ .../winserver2025-ps/hyper-v/New-VMGroup.md | 172 ++ .../New-VMReplicationAuthorizationEntry.md | 194 ++ .../hyper-v/New-VMResourcePool.md | 207 ++ docset/winserver2025-ps/hyper-v/New-VMSan.md | 215 ++ .../winserver2025-ps/hyper-v/New-VMSwitch.md | 313 +++ .../winserver2025-ps/hyper-v/Optimize-VHD.md | 224 ++ .../hyper-v/Optimize-VHDSet.md | 179 ++ .../hyper-v/Remove-VHDSnapshot.md | 242 ++ docset/winserver2025-ps/hyper-v/Remove-VM.md | 234 ++ .../hyper-v/Remove-VMDvdDrive.md | 226 ++ .../hyper-v/Remove-VMFibreChannelHba.md | 248 ++ .../hyper-v/Remove-VMGpuPartitionAdapter.md | 232 ++ .../hyper-v/Remove-VMGroup.md | 181 ++ .../hyper-v/Remove-VMGroupMember.md | 265 +++ .../hyper-v/Remove-VMHardDiskDrive.md | 245 ++ .../hyper-v/Remove-VMMigrationNetwork.md | 172 ++ .../hyper-v/Remove-VMNetworkAdapter.md | 259 +++ .../hyper-v/Remove-VMNetworkAdapterAcl.md | 399 ++++ .../Remove-VMNetworkAdapterExtendedAcl.md | 326 +++ ...ve-VMNetworkAdapterRoutingDomainMapping.md | 309 +++ .../Remove-VMNetworkAdapterTeamMapping.md | 255 +++ .../Remove-VMRemoteFx3dVideoAdapter.md | 207 ++ .../hyper-v/Remove-VMReplication.md | 234 ++ .../Remove-VMReplicationAuthorizationEntry.md | 217 ++ .../hyper-v/Remove-VMResourcePool.md | 188 ++ .../winserver2025-ps/hyper-v/Remove-VMSan.md | 165 ++ .../hyper-v/Remove-VMSavedState.md | 193 ++ .../hyper-v/Remove-VMScsiController.md | 201 ++ .../hyper-v/Remove-VMSnapshot.md | 286 +++ .../hyper-v/Remove-VMStoragePath.md | 167 ++ .../hyper-v/Remove-VMSwitch.md | 196 ++ .../Remove-VMSwitchExtensionPortFeature.md | 275 +++ .../Remove-VMSwitchExtensionSwitchFeature.md | 198 ++ .../hyper-v/Remove-VMSwitchTeamMember.md | 238 ++ docset/winserver2025-ps/hyper-v/Rename-VM.md | 208 ++ .../hyper-v/Rename-VMGroup.md | 226 ++ .../hyper-v/Rename-VMNetworkAdapter.md | 267 +++ .../hyper-v/Rename-VMResourcePool.md | 197 ++ .../winserver2025-ps/hyper-v/Rename-VMSan.md | 180 ++ .../hyper-v/Rename-VMSnapshot.md | 241 ++ .../hyper-v/Rename-VMSwitch.md | 202 ++ docset/winserver2025-ps/hyper-v/Repair-VM.md | 155 ++ .../hyper-v/Reset-VMReplicationStatistics.md | 236 ++ .../hyper-v/Reset-VMResourceMetering.md | 197 ++ docset/winserver2025-ps/hyper-v/Resize-VHD.md | 234 ++ docset/winserver2025-ps/hyper-v/Restart-VM.md | 297 +++ .../hyper-v/Restore-VMSnapshot.md | 256 +++ docset/winserver2025-ps/hyper-v/Resume-VM.md | 203 ++ .../hyper-v/Resume-VMReplication.md | 316 +++ .../hyper-v/Revoke-VMConnectAccess.md | 204 ++ docset/winserver2025-ps/hyper-v/Save-VM.md | 206 ++ docset/winserver2025-ps/hyper-v/Set-VHD.md | 299 +++ docset/winserver2025-ps/hyper-v/Set-VM.md | 564 +++++ docset/winserver2025-ps/hyper-v/Set-VMBios.md | 269 +++ .../winserver2025-ps/hyper-v/Set-VMComPort.md | 260 +++ .../hyper-v/Set-VMDvdDrive.md | 313 +++ .../hyper-v/Set-VMFibreChannelHba.md | 366 +++ .../hyper-v/Set-VMFirmware.md | 396 ++++ .../hyper-v/Set-VMFloppyDiskDrive.md | 236 ++ .../hyper-v/Set-VMGpuPartitionAdapter.md | 418 ++++ .../hyper-v/Set-VMHardDiskDrive.md | 453 ++++ docset/winserver2025-ps/hyper-v/Set-VMHost.md | 469 ++++ .../hyper-v/Set-VMHostCluster.md | 158 ++ .../hyper-v/Set-VMHostPartitionableGpu.md | 187 ++ .../hyper-v/Set-VMKeyProtector.md | 239 ++ .../winserver2025-ps/hyper-v/Set-VMMemory.md | 336 +++ .../hyper-v/Set-VMMigrationNetwork.md | 218 ++ .../hyper-v/Set-VMNetworkAdapter.md | 855 +++++++ ...t-VMNetworkAdapterFailoverConfiguration.md | 443 ++++ .../Set-VMNetworkAdapterTeamMapping.md | 270 +++ .../hyper-v/Set-VMNetworkAdapterVlan.md | 488 ++++ .../hyper-v/Set-VMProcessor.md | 453 ++++ .../hyper-v/Set-VMRemoteFx3dVideoAdapter.md | 252 ++ .../hyper-v/Set-VMReplication.md | 655 ++++++ .../Set-VMReplicationAuthorizationEntry.md | 231 ++ .../hyper-v/Set-VMReplicationServer.md | 402 ++++ .../hyper-v/Set-VMResourcePool.md | 205 ++ docset/winserver2025-ps/hyper-v/Set-VMSan.md | 234 ++ .../hyper-v/Set-VMSecurity.md | 214 ++ .../hyper-v/Set-VMSecurityPolicy.md | 194 ++ .../winserver2025-ps/hyper-v/Set-VMSwitch.md | 443 ++++ .../Set-VMSwitchExtensionPortFeature.md | 276 +++ .../Set-VMSwitchExtensionSwitchFeature.md | 199 ++ .../hyper-v/Set-VMSwitchTeam.md | 273 +++ .../winserver2025-ps/hyper-v/Set-VMVideo.md | 268 +++ .../hyper-v/Set-VmNetworkAdapterIsolation.md | 362 +++ ...et-VmNetworkAdapterRoutingDomainMapping.md | 365 +++ docset/winserver2025-ps/hyper-v/Start-VM.md | 208 ++ .../hyper-v/Start-VMFailover.md | 312 +++ .../hyper-v/Start-VMInitialReplication.md | 315 +++ .../winserver2025-ps/hyper-v/Start-VMTrace.md | 104 + docset/winserver2025-ps/hyper-v/Stop-VM.md | 266 +++ .../hyper-v/Stop-VMFailover.md | 211 ++ .../hyper-v/Stop-VMInitialReplication.md | 218 ++ .../hyper-v/Stop-VMReplication.md | 228 ++ .../winserver2025-ps/hyper-v/Stop-VMTrace.md | 50 + docset/winserver2025-ps/hyper-v/Suspend-VM.md | 209 ++ .../hyper-v/Suspend-VMReplication.md | 234 ++ docset/winserver2025-ps/hyper-v/Test-VHD.md | 139 ++ .../hyper-v/Test-VMNetworkAdapter.md | 364 +++ .../hyper-v/Test-VMReplicationConnection.md | 206 ++ .../hyper-v/Update-VMVersion.md | 217 ++ .../Clear-IISCentralCertProvider.md | 78 + .../Clear-IISConfigCollection.md | 104 + .../Disable-IISCentralCertProvider.md | 68 + .../Disable-IISSharedConfig.md | 124 + .../Enable-IISCentralCertProvider.md | 154 ++ .../Enable-IISSharedConfig.md | 176 ++ .../Export-IISConfiguration.md | 170 ++ .../iisadministration/Get-IISAppPool.md | 88 + .../Get-IISCentralCertProvider.md | 147 ++ .../Get-IISConfigAttributeValue.md | 99 + .../Get-IISConfigCollection.md | 136 ++ .../Get-IISConfigCollectionElement.md | 101 + .../iisadministration/Get-IISConfigElement.md | 92 + .../iisadministration/Get-IISConfigSection.md | 157 ++ .../iisadministration/Get-IISServerManager.md | 78 + .../iisadministration/Get-IISSharedConfig.md | 57 + .../iisadministration/Get-IISSite.md | 107 + .../iisadministration/Get-IISSiteBinding.md | 116 + .../iisadministration/IISAdministration.md | 118 + .../New-IISConfigCollectionElement.md | 135 ++ .../iisadministration/New-IISSite.md | 223 ++ .../iisadministration/New-IISSiteBinding.md | 220 ++ .../Remove-IISConfigAttribute.md | 100 + .../Remove-IISConfigCollectionElement.md | 123 + .../Remove-IISConfigElement.md | 104 + .../iisadministration/Remove-IISSite.md | 106 + .../Remove-IISSiteBinding.md | 155 ++ .../Reset-IISServerManager.md | 121 + .../Set-IISCentralCertProvider.md | 148 ++ .../Set-IISCentralCertProviderCredential.md | 93 + .../Set-IISConfigAttributeValue.md | 110 + .../iisadministration/Start-IISCommitDelay.md | 55 + .../iisadministration/Start-IISSite.md | 91 + .../iisadministration/Stop-IISCommitDelay.md | 76 + .../iisadministration/Stop-IISSite.md | 112 + .../Copy-UserInternationalSettingsToSystem.md | 86 + ...WinAcceptLanguageFromLanguageListOptOut.md | 58 + .../Get-WinCultureFromLanguageListOptOut.md | 54 + .../Get-WinDefaultInputMethodOverride.md | 56 + .../international/Get-WinHomeLocation.md | 61 + .../international/Get-WinLanguageBarOption.md | 68 + .../international/Get-WinSystemLocale.md | 58 + .../Get-WinUILanguageOverride.md | 62 + .../international/Get-WinUserLanguageList.md | 111 + .../international/International.md | 74 + .../international/New-WinUserLanguageList.md | 111 + .../international/Set-Culture.md | 67 + ...WinAcceptLanguageFromLanguageListOptOut.md | 67 + .../Set-WinCultureFromLanguageListOptOut.md | 66 + .../Set-WinDefaultInputMethodOverride.md | 67 + .../international/Set-WinHomeLocation.md | 70 + .../international/Set-WinLanguageBarOption.md | 89 + .../international/Set-WinSystemLocale.md | 78 + .../Set-WinUILanguageOverride.md | 81 + .../international/Set-WinUserLanguageList.md | 160 ++ .../ipamserver/Add-IpamAddress.md | 796 +++++++ .../ipamserver/Add-IpamAddressSpace.md | 393 ++++ .../ipamserver/Add-IpamBlock.md | 405 ++++ .../ipamserver/Add-IpamCustomField.md | 225 ++ .../Add-IpamCustomFieldAssociation.md | 223 ++ .../ipamserver/Add-IpamCustomValue.md | 218 ++ .../ipamserver/Add-IpamDiscoveryDomain.md | 245 ++ .../ipamserver/Add-IpamRange.md | 673 ++++++ .../ipamserver/Add-IpamServerInventory.md | 282 +++ .../ipamserver/Add-IpamSubnet.md | 453 ++++ .../ipamserver/Disable-IpamCapability.md | 210 ++ .../ipamserver/Enable-IpamCapability.md | 201 ++ .../ipamserver/Export-IpamAddress.md | 270 +++ .../ipamserver/Export-IpamRange.md | 279 +++ .../ipamserver/Export-IpamSubnet.md | 237 ++ .../ipamserver/Find-IpamFreeAddress.md | 187 ++ .../ipamserver/Find-IpamFreeRange.md | 164 ++ .../ipamserver/Find-IpamFreeSubnet.md | 160 ++ .../ipamserver/Get-IpamAddress.md | 455 ++++ .../ipamserver/Get-IpamAddressSpace.md | 256 +++ .../Get-IpamAddressUtilizationThreshold.md | 114 + .../ipamserver/Get-IpamBlock.md | 346 +++ .../ipamserver/Get-IpamCapability.md | 139 ++ .../ipamserver/Get-IpamConfiguration.md | 112 + .../ipamserver/Get-IpamConfigurationEvent.md | 247 ++ .../ipamserver/Get-IpamCustomField.md | 146 ++ .../Get-IpamCustomFieldAssociation.md | 175 ++ .../ipamserver/Get-IpamDatabase.md | 149 ++ .../Get-IpamDhcpConfigurationEvent.md | 202 ++ .../ipamserver/Get-IpamDhcpScope.md | 175 ++ .../ipamserver/Get-IpamDhcpServer.md | 137 ++ .../ipamserver/Get-IpamDhcpSuperscope.md | 167 ++ .../ipamserver/Get-IpamDiscoveryDomain.md | 147 ++ .../Get-IpamDnsConditionalForwarder.md | 165 ++ .../ipamserver/Get-IpamDnsResourceRecord.md | 201 ++ .../ipamserver/Get-IpamDnsServer.md | 137 ++ .../ipamserver/Get-IpamDnsZone.md | 169 ++ .../ipamserver/Get-IpamIpAddressAuditEvent.md | 322 +++ .../ipamserver/Get-IpamRange.md | 423 ++++ .../ipamserver/Get-IpamServerInventory.md | 186 ++ .../ipamserver/Get-IpamSubnet.md | 385 ++++ .../ipamserver/Import-IpamAddress.md | 405 ++++ .../ipamserver/Import-IpamRange.md | 411 ++++ .../ipamserver/Import-IpamSubnet.md | 229 ++ .../ipamserver/Invoke-IpamGpoProvisioning.md | 354 +++ .../Invoke-IpamServerProvisioning.md | 378 +++ .../winserver2025-ps/ipamserver/IpamServer.md | 245 ++ .../ipamserver/Move-IpamDatabase.md | 336 +++ .../ipamserver/Remove-IpamAddress.md | 341 +++ .../ipamserver/Remove-IpamAddressSpace.md | 222 ++ .../ipamserver/Remove-IpamBlock.md | 281 +++ .../Remove-IpamConfigurationEvent.md | 201 ++ .../ipamserver/Remove-IpamCustomField.md | 196 ++ .../Remove-IpamCustomFieldAssociation.md | 255 +++ .../ipamserver/Remove-IpamCustomValue.md | 211 ++ .../Remove-IpamDhcpConfigurationEvent.md | 207 ++ .../ipamserver/Remove-IpamDiscoveryDomain.md | 195 ++ .../Remove-IpamIpAddressAuditEvent.md | 180 ++ .../ipamserver/Remove-IpamRange.md | 351 +++ .../ipamserver/Remove-IpamServerInventory.md | 192 ++ .../ipamserver/Remove-IpamSubnet.md | 371 +++ .../ipamserver/Remove-IpamUtilizationData.md | 146 ++ .../ipamserver/Rename-IpamCustomField.md | 214 ++ .../ipamserver/Rename-IpamCustomValue.md | 228 ++ .../ipamserver/Set-IpamAccessScope.md | 450 ++++ .../ipamserver/Set-IpamAddress.md | 879 +++++++ .../ipamserver/Set-IpamAddressSpace.md | 406 ++++ .../Set-IpamAddressUtilizationThreshold.md | 211 ++ .../ipamserver/Set-IpamBlock.md | 457 ++++ .../ipamserver/Set-IpamConfiguration.md | 313 +++ .../Set-IpamCustomFieldAssociation.md | 249 ++ .../ipamserver/Set-IpamDatabase.md | 301 +++ .../ipamserver/Set-IpamDiscoveryDomain.md | 244 ++ .../ipamserver/Set-IpamRange.md | 820 +++++++ .../ipamserver/Set-IpamServerInventory.md | 319 +++ .../ipamserver/Set-IpamSubnet.md | 504 ++++ .../ipamserver/Update-IpamServer.md | 205 ++ .../iscsi/Connect-IscsiTarget.md | 378 +++ .../iscsi/Disconnect-IscsiTarget.md | 224 ++ .../iscsi/Get-IscsiConnection.md | 371 +++ .../iscsi/Get-IscsiSession.md | 372 +++ .../winserver2025-ps/iscsi/Get-IscsiTarget.md | 240 ++ .../iscsi/Get-IscsiTargetPortal.md | 300 +++ .../iscsi/New-IscsiTargetPortal.md | 269 +++ .../iscsi/Register-IscsiSession.md | 217 ++ .../iscsi/Remove-IscsiTargetPortal.md | 260 +++ .../iscsi/Set-IscsiChapSecret.md | 126 + .../iscsi/Unregister-IscsiSession.md | 218 ++ .../iscsi/Update-IscsiTarget.md | 273 +++ .../iscsi/Update-IscsiTargetPortal.md | 250 ++ docset/winserver2025-ps/iscsi/iSCSI.md | 56 + .../Add-IscsiVirtualDiskTargetMapping.md | 150 ++ .../Checkpoint-IscsiVirtualDisk.md | 135 ++ .../iscsitarget/Convert-IscsiVirtualDisk.md | 104 + .../Dismount-IscsiVirtualDiskSnapshot.md | 135 ++ .../Export-IscsiTargetServerConfiguration.md | 150 ++ .../Export-IscsiVirtualDiskSnapshot.md | 133 ++ .../iscsitarget/Get-IscsiServerTarget.md | 195 ++ .../Get-IscsiTargetServerSetting.md | 87 + .../iscsitarget/Get-IscsiVirtualDisk.md | 203 ++ .../Get-IscsiVirtualDiskSnapshot.md | 144 ++ .../Import-IscsiTargetServerConfiguration.md | 156 ++ .../iscsitarget/Import-IscsiVirtualDisk.md | 146 ++ .../iscsitarget/IscsiTarget.md | 95 + .../Mount-IscsiVirtualDiskSnapshot.md | 144 ++ .../iscsitarget/New-IscsiServerTarget.md | 151 ++ .../iscsitarget/New-IscsiVirtualDisk.md | 311 +++ .../iscsitarget/Remove-IscsiServerTarget.md | 137 ++ .../iscsitarget/Remove-IscsiVirtualDisk.md | 136 ++ .../Remove-IscsiVirtualDiskSnapshot.md | 137 ++ .../Remove-IscsiVirtualDiskTargetMapping.md | 118 + .../iscsitarget/Resize-IscsiVirtualDisk.md | 178 ++ .../iscsitarget/Restore-IscsiVirtualDisk.md | 150 ++ .../iscsitarget/Set-IscsiServerTarget.md | 401 ++++ .../Set-IscsiTargetServerSetting.md | 186 ++ .../iscsitarget/Set-IscsiVirtualDisk.md | 190 ++ .../Set-IscsiVirtualDiskSnapshot.md | 161 ++ .../Stop-IscsiVirtualDiskOperation.md | 137 ++ docset/winserver2025-ps/kds/Add-KdsRootKey.md | 174 ++ docset/winserver2025-ps/kds/Clear-KdsCache.md | 117 + .../kds/Get-KdsConfiguration.md | 63 + docset/winserver2025-ps/kds/Get-KdsRootKey.md | 68 + docset/winserver2025-ps/kds/KDS.md | 35 + .../kds/Set-KdsConfiguration.md | 287 +++ .../winserver2025-ps/kds/Test-KdsRootKey.md | 111 + .../Get-InstalledLanguage.md | 76 + .../Get-SystemPreferredUILanguage.md | 50 + .../Install-Language.md | 121 + .../LanguagePackManagement.md | 37 + .../Set-SystemPreferredUILanguage.md | 89 + .../Uninstall-Language.md | 87 + .../laps/Find-LapsADExtendedRights.md | 156 ++ .../laps/Get-LapsAADPassword.md | 243 ++ .../laps/Get-LapsADPassword.md | 451 ++++ .../laps/Get-LapsDiagnostics.md | 167 ++ .../laps/Invoke-LapsPolicyProcessing.md | 64 + docset/winserver2025-ps/laps/LAPS.md | 80 + .../laps/Reset-LapsPassword.md | 71 + .../laps/Set-LapsADAuditing.md | 208 ++ .../laps/Set-LapsADComputerSelfPermission.md | 173 ++ .../laps/Set-LapsADPasswordExpirationTime.md | 192 ++ .../laps/Set-LapsADReadPasswordPermission.md | 245 ++ .../laps/Set-LapsADResetPasswordPermission.md | 246 ++ .../laps/Update-LapsADSchema.md | 120 + .../mmagent/Debug-MMAppPrelaunch.md | 182 ++ .../mmagent/Disable-MMAgent.md | 202 ++ .../mmagent/Enable-MMAgent.md | 213 ++ .../winserver2025-ps/mmagent/Get-MMAgent.md | 119 + docset/winserver2025-ps/mmagent/MMAgent.md | 32 + .../winserver2025-ps/mmagent/Set-MMAgent.md | 128 ++ .../mpio/Clear-MSDSMSupportedHW.md | 147 ++ .../mpio/Disable-MSDSMAutomaticClaim.md | 105 + .../mpio/Enable-MSDSMAutomaticClaim.md | 103 + .../mpio/Get-MPIOAvailableHW.md | 195 ++ .../winserver2025-ps/mpio/Get-MPIOSetting.md | 68 + .../mpio/Get-MSDSMAutomaticClaimSettings.md | 67 + ...Get-MSDSMGlobalDefaultLoadBalancePolicy.md | 66 + .../mpio/Get-MSDSMSupportedHW.md | 165 ++ docset/winserver2025-ps/mpio/MPIO.md | 56 + .../mpio/New-MSDSMSupportedHW.md | 178 ++ .../mpio/Remove-MSDSMSupportedHW.md | 186 ++ .../winserver2025-ps/mpio/Set-MPIOSetting.md | 208 ++ ...Set-MSDSMGlobalDefaultLoadBalancePolicy.md | 88 + .../mpio/Update-MPIOClaimedHW.md | 146 ++ .../msdtc/Add-DtcClusterTMMapping.md | 232 ++ .../Complete-DtcDiagnosticTransaction.md | 76 + docset/winserver2025-ps/msdtc/Get-Dtc.md | 167 ++ .../msdtc/Get-DtcAdvancedHostSetting.md | 138 ++ .../msdtc/Get-DtcAdvancedSetting.md | 157 ++ .../msdtc/Get-DtcClusterDefault.md | 107 + .../msdtc/Get-DtcClusterTMMapping.md | 131 ++ .../winserver2025-ps/msdtc/Get-DtcDefault.md | 109 + docset/winserver2025-ps/msdtc/Get-DtcLog.md | 138 ++ .../msdtc/Get-DtcNetworkSetting.md | 130 ++ .../msdtc/Get-DtcTransaction.md | 128 ++ .../msdtc/Get-DtcTransactionsStatistics.md | 132 ++ .../msdtc/Get-DtcTransactionsTraceSession.md | 118 + .../msdtc/Get-DtcTransactionsTraceSetting.md | 112 + docset/winserver2025-ps/msdtc/Install-Dtc.md | 151 ++ .../Join-DtcDiagnosticResourceManager.md | 120 + docset/winserver2025-ps/msdtc/MsDtc.md | 140 ++ .../msdtc/New-DtcDiagnosticTransaction.md | 100 + .../msdtc/Receive-DtcDiagnosticTransaction.md | 110 + .../msdtc/Remove-DtcClusterTMMapping.md | 185 ++ docset/winserver2025-ps/msdtc/Reset-DtcLog.md | 157 ++ .../msdtc/Send-DtcDiagnosticTransaction.md | 123 + .../msdtc/Set-DtcAdvancedHostSetting.md | 170 ++ .../msdtc/Set-DtcAdvancedSetting.md | 185 ++ .../msdtc/Set-DtcClusterDefault.md | 124 + .../msdtc/Set-DtcClusterTMMapping.md | 254 +++ .../winserver2025-ps/msdtc/Set-DtcDefault.md | 121 + docset/winserver2025-ps/msdtc/Set-DtcLog.md | 208 ++ .../msdtc/Set-DtcNetworkSetting.md | 303 +++ .../msdtc/Set-DtcTransaction.md | 215 ++ .../msdtc/Set-DtcTransactionsTraceSession.md | 126 + .../msdtc/Set-DtcTransactionsTraceSetting.md | 158 ++ docset/winserver2025-ps/msdtc/Start-Dtc.md | 129 ++ .../Start-DtcDiagnosticResourceManager.md | 82 + .../Start-DtcTransactionsTraceSession.md | 112 + docset/winserver2025-ps/msdtc/Stop-Dtc.md | 217 ++ .../Stop-DtcDiagnosticResourceManager.md | 108 + .../msdtc/Stop-DtcTransactionsTraceSession.md | 143 ++ docset/winserver2025-ps/msdtc/Test-Dtc.md | 320 +++ .../msdtc/Undo-DtcDiagnosticTransaction.md | 73 + .../winserver2025-ps/msdtc/Uninstall-Dtc.md | 144 ++ .../Write-DtcTransactionsTraceSession.md | 112 + .../msmq/Clear-MSMQOutgoingQueue.md | 107 + .../winserver2025-ps/msmq/Clear-MSMQQueue.md | 113 + .../msmq/Enable-MSMQCertificate.md | 133 ++ .../msmq/Get-MSMQCertificate.md | 79 + .../msmq/Get-MSMQOutgoingQueue.md | 77 + docset/winserver2025-ps/msmq/Get-MsmqQueue.md | 184 ++ .../winserver2025-ps/msmq/Get-MsmqQueueACL.md | 74 + .../msmq/Get-MsmqQueueManager.md | 54 + .../msmq/Get-MsmqQueueManagerACL.md | 52 + docset/winserver2025-ps/msmq/MSMQ.md | 83 + .../winserver2025-ps/msmq/Move-MsmqMessage.md | 137 ++ .../winserver2025-ps/msmq/New-MsmqMessage.md | 213 ++ docset/winserver2025-ps/msmq/New-MsmqQueue.md | 244 ++ .../msmq/Receive-MsmqQueue.md | 174 ++ .../msmq/Remove-MsmqCertificate.md | 104 + .../winserver2025-ps/msmq/Remove-MsmqQueue.md | 114 + .../msmq/Resume-MsmqOutgoingQueue.md | 77 + .../winserver2025-ps/msmq/Send-MsmqQueue.md | 311 +++ docset/winserver2025-ps/msmq/Set-MsmqQueue.md | 232 ++ .../winserver2025-ps/msmq/Set-MsmqQueueACL.md | 226 ++ .../msmq/Set-MsmqQueueManager.md | 226 ++ .../msmq/Set-MsmqQueueManagerACL.md | 251 ++ .../msmq/Suspend-MsmqOutgoingQueue.md | 77 + .../multipoint/Add-WmsSystem.md | 106 + .../multipoint/Clear-WmsStation.md | 111 + .../multipoint/Close-WmsApp.md | 166 ++ .../multipoint/Close-WmsSession.md | 144 ++ .../multipoint/Disable-WmsDiskProtection.md | 101 + .../multipoint/Disable-WmsScheduledUpdate.md | 75 + .../multipoint/Disable-WmsWebLimiting.md | 145 ++ .../multipoint/Disconnect-WmsSession.md | 143 ++ .../multipoint/Enable-WmsDiskProtection.md | 102 + .../multipoint/Enable-WmsScheduledUpdate.md | 166 ++ .../multipoint/Enable-WmsWebLimiting.md | 148 ++ .../multipoint/Get-WmsAlert.md | 72 + .../winserver2025-ps/multipoint/Get-WmsApp.md | 92 + .../multipoint/Get-WmsDiskProtection.md | 87 + .../multipoint/Get-WmsScheduledUpdate.md | 79 + .../multipoint/Get-WmsSession.md | 152 ++ .../multipoint/Get-WmsStation.md | 132 ++ .../multipoint/Get-WmsSystem.md | 125 + .../multipoint/Get-WmsUser.md | 120 + .../multipoint/Get-WmsVersion.md | 69 + .../multipoint/Get-WmsWebLimiting.md | 93 + .../multipoint/Hide-WmsIdentifier.md | 157 ++ .../multipoint/Join-WmsStation.md | 115 + .../multipoint/Lock-WmsSession.md | 128 ++ .../multipoint/Lock-WmsUsbStorage.md | 109 + .../winserver2025-ps/multipoint/MultiPoint.md | 158 ++ .../multipoint/New-WmsUser.md | 168 ++ .../multipoint/Open-WmsApp.md | 134 ++ .../multipoint/Publish-WmsDesktop.md | 156 ++ .../multipoint/Remove-WmsSystem.md | 108 + .../multipoint/Remove-WmsUser.md | 118 + .../multipoint/Restart-WmsSystem.md | 109 + .../multipoint/Resume-WmsDiskProtection.md | 105 + .../multipoint/Search-WmsSystem.md | 99 + .../multipoint/Set-WmsScheduledUpdate.md | 170 ++ .../multipoint/Set-WmsStation.md | 255 +++ .../multipoint/Set-WmsSystem.md | 205 ++ .../multipoint/Set-WmsUser.md | 159 ++ .../multipoint/Set-WmsWebLimiting.md | 125 + .../multipoint/Show-WmsDesktop.md | 145 ++ .../multipoint/Show-WmsIdentifier.md | 133 ++ .../multipoint/Split-WmsStation.md | 114 + .../multipoint/Stop-WmsSystem.md | 108 + .../multipoint/Suspend-WmsDiskProtection.md | 106 + .../multipoint/Unlock-WmsSession.md | 114 + .../multipoint/Unlock-WmsUsbStorage.md | 107 + .../multipoint/Unpublish-WmsDesktop.md | 87 + .../multipoint/Update-WmsStation.md | 114 + .../Disable-WmsVirtualDesktopRole.md | 99 + .../Enable-WmsVirtualDesktopRole.md | 98 + .../multipointvdi/Get-WmsVirtualDesktop.md | 71 + .../multipointvdi/Import-WmsVirtualDesktop.md | 134 ++ .../multipointvdi/MultipointVdi.md | 38 + .../multipointvdi/New-WmsVirtualDesktop.md | 186 ++ .../New-WmsVirtualDesktopTemplate.md | 182 ++ .../multipointvdi/Open-WmsVirtualDesktop.md | 119 + .../Edit-NanoServerImage.md | 770 +++++++ .../Get-NanoServerPackage.md | 99 + .../NanoServerImageGenerator.md | 28 + .../New-NanoServerImage.md | 825 +++++++ .../netadapter/Disable-NetAdapter.md | 280 +++ .../netadapter/Disable-NetAdapterBinding.md | 307 +++ .../Disable-NetAdapterChecksumOffload.md | 340 +++ ...NetAdapterEncapsulatedPacketTaskOffload.md | 279 +++ .../Disable-NetAdapterIPsecOffload.md | 257 +++ .../netadapter/Disable-NetAdapterLso.md | 293 +++ .../Disable-NetAdapterPowerManagement.md | 432 ++++ .../netadapter/Disable-NetAdapterQos.md | 284 +++ .../netadapter/Disable-NetAdapterRdma.md | 257 +++ .../netadapter/Disable-NetAdapterRsc.md | 290 +++ .../netadapter/Disable-NetAdapterRss.md | 260 +++ .../netadapter/Disable-NetAdapterSriov.md | 288 +++ .../netadapter/Disable-NetAdapterUso.md | 285 +++ .../netadapter/Disable-NetAdapterVmq.md | 260 +++ .../netadapter/Enable-NetAdapter.md | 248 ++ .../netadapter/Enable-NetAdapterBinding.md | 304 +++ .../Enable-NetAdapterChecksumOffload.md | 347 +++ ...NetAdapterEncapsulatedPacketTaskOffload.md | 285 +++ .../Enable-NetAdapterIPsecOffload.md | 259 +++ .../netadapter/Enable-NetAdapterLso.md | 299 +++ .../Enable-NetAdapterPowerManagement.md | 424 ++++ .../netadapter/Enable-NetAdapterQos.md | 279 +++ .../netadapter/Enable-NetAdapterRdma.md | 264 +++ .../netadapter/Enable-NetAdapterRsc.md | 303 +++ .../netadapter/Enable-NetAdapterRss.md | 265 +++ .../netadapter/Enable-NetAdapterSriov.md | 280 +++ .../netadapter/Enable-NetAdapterUso.md | 284 +++ .../netadapter/Enable-NetAdapterVmq.md | 257 +++ .../netadapter/Get-NetAdapter.md | 295 +++ .../Get-NetAdapterAdvancedProperty.md | 290 +++ .../netadapter/Get-NetAdapterBinding.md | 245 ++ .../Get-NetAdapterChecksumOffload.md | 182 ++ .../Get-NetAdapterDataPathConfiguration.md | 206 ++ ...NetAdapterEncapsulatedPacketTaskOffload.md | 184 ++ .../netadapter/Get-NetAdapterHardwareInfo.md | 172 ++ .../netadapter/Get-NetAdapterIPsecOffload.md | 184 ++ .../netadapter/Get-NetAdapterLso.md | 187 ++ .../Get-NetAdapterPowerManagement.md | 183 ++ .../netadapter/Get-NetAdapterQos.md | 203 ++ .../netadapter/Get-NetAdapterRdma.md | 185 ++ .../netadapter/Get-NetAdapterRsc.md | 278 +++ .../netadapter/Get-NetAdapterRss.md | 193 ++ .../netadapter/Get-NetAdapterSriov.md | 222 ++ .../netadapter/Get-NetAdapterSriovVf.md | 213 ++ .../netadapter/Get-NetAdapterStatistics.md | 171 ++ .../netadapter/Get-NetAdapterUso.md | 180 ++ .../netadapter/Get-NetAdapterVPort.md | 244 ++ .../netadapter/Get-NetAdapterVmq.md | 186 ++ .../netadapter/Get-NetAdapterVmqQueue.md | 186 ++ .../winserver2025-ps/netadapter/NetAdapter.md | 227 ++ .../New-NetAdapterAdvancedProperty.md | 298 +++ .../Remove-NetAdapterAdvancedProperty.md | 294 +++ .../netadapter/Rename-NetAdapter.md | 268 +++ .../Reset-NetAdapterAdvancedProperty.md | 293 +++ .../netadapter/Restart-NetAdapter.md | 249 ++ .../netadapter/Set-NetAdapter.md | 319 +++ .../Set-NetAdapterAdvancedProperty.md | 354 +++ .../netadapter/Set-NetAdapterBinding.md | 320 +++ .../Set-NetAdapterChecksumOffload.md | 398 ++++ .../Set-NetAdapterDataPathConfiguration.md | 265 +++ ...NetAdapterEncapsulatedPacketTaskOffload.md | 318 +++ .../netadapter/Set-NetAdapterIPsecOffload.md | 276 +++ .../netadapter/Set-NetAdapterLso.md | 307 +++ .../Set-NetAdapterPowerManagement.md | 423 ++++ .../netadapter/Set-NetAdapterQos.md | 290 +++ .../netadapter/Set-NetAdapterRdma.md | 286 +++ .../netadapter/Set-NetAdapterRsc.md | 299 +++ .../netadapter/Set-NetAdapterRss.md | 427 ++++ .../netadapter/Set-NetAdapterSriov.md | 312 +++ .../netadapter/Set-NetAdapterUso.md | 284 +++ .../netadapter/Set-NetAdapterVmq.md | 365 +++ .../netconnection/Get-NetConnectionProfile.md | 222 ++ .../netconnection/NetConnection.md | 27 + .../netconnection/Set-NetConnectionProfile.md | 290 +++ .../Add-NetEventNetworkAdapter.md | 182 ++ .../Add-NetEventPacketCaptureProvider.md | 374 +++ .../Add-NetEventProvider.md | 235 ++ .../Add-NetEventVFPProvider.md | 429 ++++ .../Add-NetEventVmNetworkAdapter.md | 160 ++ .../Add-NetEventVmSwitch.md | 159 ++ .../Add-NetEventVmSwitchProvider.md | 257 +++ .../Add-NetEventWFPCaptureProvider.md | 308 +++ .../Get-NetEventNetworkAdapter.md | 160 ++ .../Get-NetEventPacketCaptureProvider.md | 176 ++ .../Get-NetEventProvider.md | 191 ++ .../Get-NetEventSession.md | 156 ++ .../Get-NetEventVFPProvider.md | 148 ++ .../Get-NetEventVmNetworkAdapter.md | 174 ++ .../Get-NetEventVmSwitch.md | 174 ++ .../Get-NetEventVmSwitchProvider.md | 148 ++ .../Get-NetEventWFPCaptureProvider.md | 142 ++ .../NetEventPacketCapture.md | 122 + .../New-NetEventSession.md | 272 +++ .../Remove-NetEventNetworkAdapter.md | 214 ++ .../Remove-NetEventPacketCaptureProvider.md | 185 ++ .../Remove-NetEventProvider.md | 185 ++ .../Remove-NetEventSession.md | 219 ++ .../Remove-NetEventVFPProvider.md | 194 ++ .../Remove-NetEventVmNetworkAdapter.md | 203 ++ .../Remove-NetEventVmSwitch.md | 200 ++ .../Remove-NetEventVmSwitchProvider.md | 194 ++ .../Remove-NetEventWFPCaptureProvider.md | 186 ++ .../Set-NetEventPacketCaptureProvider.md | 478 ++++ .../Set-NetEventProvider.md | 324 +++ .../Set-NetEventSession.md | 337 +++ .../Set-NetEventVFPProvider.md | 507 +++++ .../Set-NetEventVmSwitchProvider.md | 328 +++ .../Set-NetEventWFPCaptureProvider.md | 377 +++ .../Start-NetEventSession.md | 205 ++ .../Stop-NetEventSession.md | 209 ++ .../netlbfo/Add-NetLbfoTeamMember.md | 211 ++ .../netlbfo/Add-NetLbfoTeamNic.md | 189 ++ .../netlbfo/Get-NetLbfoTeam.md | 205 ++ .../netlbfo/Get-NetLbfoTeamMember.md | 181 ++ .../netlbfo/Get-NetLbfoTeamNic.md | 171 ++ docset/winserver2025-ps/netlbfo/NetLbfo.md | 58 + .../netlbfo/New-NetLbfoTeam.md | 293 +++ .../netlbfo/Remove-NetLbfoTeam.md | 215 ++ .../netlbfo/Remove-NetLbfoTeamMember.md | 211 ++ .../netlbfo/Remove-NetLbfoTeamNic.md | 214 ++ .../netlbfo/Rename-NetLbfoTeam.md | 191 ++ .../netlbfo/Set-NetLbfoTeam.md | 333 +++ .../netlbfo/Set-NetLbfoTeamMember.md | 263 +++ .../netlbfo/Set-NetLbfoTeamNic.md | 274 +++ .../netlldpagent/Disable-NetLldpAgent.md | 236 ++ .../netlldpagent/Enable-NetLldpAgent.md | 236 ++ .../netlldpagent/Get-NetLldpAgent.md | 173 ++ .../netlldpagent/NetLldpAgent.md | 24 + .../netnat/Add-NetNatExternalAddress.md | 215 ++ .../netnat/Add-NetNatStaticMapping.md | 281 +++ docset/winserver2025-ps/netnat/Get-NetNat.md | 133 ++ .../netnat/Get-NetNatExternalAddress.md | 126 + .../netnat/Get-NetNatGlobal.md | 108 + .../netnat/Get-NetNatSession.md | 108 + .../netnat/Get-NetNatStaticMapping.md | 125 + docset/winserver2025-ps/netnat/NetNat.md | 56 + docset/winserver2025-ps/netnat/New-NetNat.md | 218 ++ .../winserver2025-ps/netnat/Remove-NetNat.md | 205 ++ .../netnat/Remove-NetNatExternalAddress.md | 213 ++ .../netnat/Remove-NetNatStaticMapping.md | 212 ++ docset/winserver2025-ps/netnat/Set-NetNat.md | 340 +++ .../netnat/Set-NetNatGlobal.md | 197 ++ .../netqos/Get-NetQosPolicy.md | 274 +++ docset/winserver2025-ps/netqos/NetQoS.md | 29 + .../netqos/New-NetQosPolicy.md | 846 +++++++ .../netqos/Remove-NetQosPolicy.md | 222 ++ .../netqos/Set-NetQosPolicy.md | 663 ++++++ .../netsecurity/Copy-NetFirewallRule.md | 946 ++++++++ .../Copy-NetIPsecMainModeCryptoSet.md | 695 ++++++ .../netsecurity/Copy-NetIPsecMainModeRule.md | 815 +++++++ .../netsecurity/Copy-NetIPsecPhase1AuthSet.md | 672 ++++++ .../netsecurity/Copy-NetIPsecPhase2AuthSet.md | 641 ++++++ .../Copy-NetIPsecQuickModeCryptoSet.md | 668 ++++++ .../netsecurity/Copy-NetIPsecRule.md | 1255 ++++++++++ .../Disable-NetFirewallHyperVRule.md | 344 +++ .../netsecurity/Disable-NetFirewallRule.md | 921 ++++++++ .../Disable-NetIPsecMainModeRule.md | 711 ++++++ .../netsecurity/Disable-NetIPsecRule.md | 1124 +++++++++ .../Enable-NetFirewallHyperVRule.md | 342 +++ .../netsecurity/Enable-NetFirewallRule.md | 920 ++++++++ .../Enable-NetIPsecMainModeRule.md | 705 ++++++ .../netsecurity/Enable-NetIPsecRule.md | 1111 +++++++++ .../netsecurity/Find-NetIPsecRule.md | 316 +++ .../netsecurity/Get-DAPolicyChange.md | 252 ++ .../Get-NetFirewallAddressFilter.md | 330 +++ .../Get-NetFirewallApplicationFilter.md | 314 +++ .../Get-NetFirewallDynamicKeywordAddress.md | 199 ++ .../netsecurity/Get-NetFirewallHyperVPort.md | 125 + .../Get-NetFirewallHyperVProfile.md | 198 ++ .../netsecurity/Get-NetFirewallHyperVRule.md | 350 +++ .../Get-NetFirewallHyperVVMCreator.md | 130 ++ .../Get-NetFirewallHyperVVMSetting.md | 195 ++ .../Get-NetFirewallInterfaceFilter.md | 307 +++ .../Get-NetFirewallInterfaceTypeFilter.md | 336 +++ .../netsecurity/Get-NetFirewallPortFilter.md | 373 +++ .../netsecurity/Get-NetFirewallProfile.md | 318 +++ .../netsecurity/Get-NetFirewallRule.md | 819 +++++++ .../Get-NetFirewallSecurityFilter.md | 413 ++++ .../Get-NetFirewallServiceFilter.md | 280 +++ .../netsecurity/Get-NetFirewallSetting.md | 202 ++ .../netsecurity/Get-NetIPsecDospSetting.md | 200 ++ .../Get-NetIPsecMainModeCryptoSet.md | 577 +++++ .../netsecurity/Get-NetIPsecMainModeRule.md | 647 ++++++ .../netsecurity/Get-NetIPsecMainModeSA.md | 197 ++ .../netsecurity/Get-NetIPsecPhase1AuthSet.md | 491 ++++ .../netsecurity/Get-NetIPsecPhase2AuthSet.md | 468 ++++ .../Get-NetIPsecQuickModeCryptoSet.md | 490 ++++ .../netsecurity/Get-NetIPsecQuickModeSA.md | 195 ++ .../netsecurity/Get-NetIPsecRule.md | 1049 +++++++++ .../netsecurity/NetSecurity.md | 284 +++ .../New-NetFirewallDynamicKeywordAddress.md | 223 ++ .../New-NetFirewallHyperVProfile.md | 223 ++ .../netsecurity/New-NetFirewallHyperVRule.md | 421 ++++ .../New-NetFirewallHyperVVMSetting.md | 270 +++ .../netsecurity/New-NetFirewallRule.md | 1016 +++++++++ .../netsecurity/New-NetIPsecAuthProposal.md | 542 +++++ .../netsecurity/New-NetIPsecDospSetting.md | 650 ++++++ .../New-NetIPsecMainModeCryptoProposal.md | 144 ++ .../New-NetIPsecMainModeCryptoSet.md | 454 ++++ .../netsecurity/New-NetIPsecMainModeRule.md | 559 +++++ .../netsecurity/New-NetIPsecPhase1AuthSet.md | 465 ++++ .../netsecurity/New-NetIPsecPhase2AuthSet.md | 405 ++++ .../New-NetIPsecQuickModeCryptoProposal.md | 225 ++ .../New-NetIPsecQuickModeCryptoSet.md | 399 ++++ .../netsecurity/New-NetIPsecRule.md | 966 ++++++++ .../netsecurity/Open-NetGPO.md | 212 ++ ...Remove-NetFirewallDynamicKeywordAddress.md | 267 +++ .../Remove-NetFirewallHyperVRule.md | 344 +++ .../netsecurity/Remove-NetFirewallRule.md | 908 ++++++++ .../netsecurity/Remove-NetIPsecDospSetting.md | 233 ++ .../Remove-NetIPsecMainModeCryptoSet.md | 620 +++++ .../Remove-NetIPsecMainModeRule.md | 723 ++++++ .../netsecurity/Remove-NetIPsecMainModeSA.md | 261 +++ .../Remove-NetIPsecPhase1AuthSet.md | 575 +++++ .../Remove-NetIPsecPhase2AuthSet.md | 546 +++++ .../Remove-NetIPsecQuickModeCryptoSet.md | 565 +++++ .../netsecurity/Remove-NetIPsecQuickModeSA.md | 263 +++ .../netsecurity/Remove-NetIPsecRule.md | 1122 +++++++++ .../Rename-NetFirewallHyperVRule.md | 351 +++ .../netsecurity/Rename-NetFirewallRule.md | 913 ++++++++ .../Rename-NetIPsecMainModeCryptoSet.md | 621 +++++ .../Rename-NetIPsecMainModeRule.md | 720 ++++++ .../Rename-NetIPsecPhase1AuthSet.md | 591 +++++ .../Rename-NetIPsecPhase2AuthSet.md | 560 +++++ .../Rename-NetIPsecQuickModeCryptoSet.md | 575 +++++ .../netsecurity/Rename-NetIPsecRule.md | 1121 +++++++++ .../netsecurity/Save-NetGPO.md | 151 ++ .../Set-NetFirewallAddressFilter.md | 352 +++ .../Set-NetFirewallApplicationFilter.md | 328 +++ .../Set-NetFirewallHyperVProfile.md | 224 ++ .../netsecurity/Set-NetFirewallHyperVRule.md | 417 ++++ .../Set-NetFirewallHyperVVMSetting.md | 281 +++ .../Set-NetFirewallInterfaceFilter.md | 315 +++ .../Set-NetFirewallInterfaceTypeFilter.md | 336 +++ .../netsecurity/Set-NetFirewallPortFilter.md | 454 ++++ .../netsecurity/Set-NetFirewallProfile.md | 753 ++++++ .../netsecurity/Set-NetFirewallRule.md | 1100 +++++++++ .../Set-NetFirewallSecurityFilter.md | 443 ++++ .../Set-NetFirewallServiceFilter.md | 308 +++ .../netsecurity/Set-NetFirewallSetting.md | 607 +++++ .../netsecurity/Set-NetIPsecDospSetting.md | 674 ++++++ .../Set-NetIPsecMainModeCryptoSet.md | 555 +++++ .../netsecurity/Set-NetIPsecMainModeRule.md | 622 +++++ .../netsecurity/Set-NetIPsecPhase1AuthSet.md | 429 ++++ .../netsecurity/Set-NetIPsecPhase2AuthSet.md | 437 ++++ .../Set-NetIPsecQuickModeCryptoSet.md | 451 ++++ .../netsecurity/Set-NetIPsecRule.md | 1085 +++++++++ .../netsecurity/Show-NetFirewallRule.md | 189 ++ .../netsecurity/Show-NetIPsecRule.md | 187 ++ .../netsecurity/Sync-NetIPsecRule.md | 1165 ++++++++++ ...Update-NetFirewallDynamicKeywordAddress.md | 162 ++ .../netsecurity/Update-NetIPsecRule.md | 371 +++ .../netswitchteam/Add-NetSwitchTeamMember.md | 142 ++ .../netswitchteam/Get-NetSwitchTeam.md | 159 ++ .../netswitchteam/Get-NetSwitchTeamMember.md | 136 ++ .../netswitchteam/NetSwitchTeam.md | 43 + .../netswitchteam/New-NetSwitchTeam.md | 143 ++ .../netswitchteam/Remove-NetSwitchTeam.md | 197 ++ .../Remove-NetSwitchTeamMember.md | 138 ++ .../netswitchteam/Rename-NetSwitchTeam.md | 144 ++ .../nettcpip/Find-NetRoute.md | 201 ++ .../nettcpip/Get-NetCompartment.md | 118 + .../nettcpip/Get-NetIPAddress.md | 474 ++++ .../nettcpip/Get-NetIPConfiguration.md | 217 ++ .../nettcpip/Get-NetIPInterface.md | 906 ++++++++ .../nettcpip/Get-NetIPv4Protocol.md | 460 ++++ .../nettcpip/Get-NetIPv6Protocol.md | 556 +++++ .../nettcpip/Get-NetNeighbor.md | 328 +++ .../nettcpip/Get-NetOffloadGlobalSetting.md | 273 +++ .../nettcpip/Get-NetPrefixPolicy.md | 160 ++ .../winserver2025-ps/nettcpip/Get-NetRoute.md | 486 ++++ .../nettcpip/Get-NetTCPConnection.md | 292 +++ .../nettcpip/Get-NetTCPSetting.md | 644 ++++++ .../nettcpip/Get-NetTransportFilter.md | 283 +++ .../nettcpip/Get-NetUDPEndpoint.md | 179 ++ .../nettcpip/Get-NetUDPSetting.md | 145 ++ docset/winserver2025-ps/nettcpip/NetTCPIP.md | 119 + .../nettcpip/New-NetIPAddress.md | 361 +++ .../nettcpip/New-NetNeighbor.md | 300 +++ .../winserver2025-ps/nettcpip/New-NetRoute.md | 410 ++++ .../nettcpip/New-NetTransportFilter.md | 295 +++ .../nettcpip/Remove-NetIPAddress.md | 502 ++++ .../nettcpip/Remove-NetNeighbor.md | 376 +++ .../nettcpip/Remove-NetRoute.md | 507 +++++ .../nettcpip/Remove-NetTransportFilter.md | 345 +++ .../nettcpip/Set-NetIPAddress.md | 472 ++++ .../nettcpip/Set-NetIPInterface.md | 874 +++++++ .../nettcpip/Set-NetIPv4Protocol.md | 545 +++++ .../nettcpip/Set-NetIPv6Protocol.md | 635 ++++++ .../nettcpip/Set-NetNeighbor.md | 345 +++ .../nettcpip/Set-NetOffloadGlobalSetting.md | 352 +++ .../winserver2025-ps/nettcpip/Set-NetRoute.md | 464 ++++ .../nettcpip/Set-NetTCPSetting.md | 629 +++++ .../nettcpip/Set-NetUDPSetting.md | 208 ++ .../nettcpip/Test-NetConnection.md | 372 +++ .../Get-NetVirtualizationCustomerRoute.md | 199 ++ .../netwnv/Get-NetVirtualizationGlobal.md | 116 + .../Get-NetVirtualizationLookupRecord.md | 319 +++ .../Get-NetVirtualizationProviderAddress.md | 257 +++ .../Get-NetVirtualizationProviderRoute.md | 184 ++ docset/winserver2025-ps/netwnv/NetWNV.md | 73 + .../New-NetVirtualizationCustomerRoute.md | 204 ++ .../New-NetVirtualizationLookupRecord.md | 299 +++ .../New-NetVirtualizationProviderAddress.md | 194 ++ .../New-NetVirtualizationProviderRoute.md | 181 ++ .../Remove-NetVirtualizationCustomerRoute.md | 248 ++ .../Remove-NetVirtualizationLookupRecord.md | 358 +++ ...Remove-NetVirtualizationProviderAddress.md | 278 +++ .../Remove-NetVirtualizationProviderRoute.md | 229 ++ .../netwnv/Select-NetVirtualizationNextHop.md | 178 ++ .../Set-NetVirtualizationCustomerRoute.md | 243 ++ .../netwnv/Set-NetVirtualizationGlobal.md | 148 ++ .../Set-NetVirtualizationLookupRecord.md | 313 +++ .../Set-NetVirtualizationProviderAddress.md | 257 +++ .../Set-NetVirtualizationProviderRoute.md | 223 ++ .../Get-DAConnectionStatus.md | 118 + .../Get-NCSIPolicyConfiguration.md | 158 ++ .../NetworkConnectivityStatus.md | 29 + .../Reset-NCSIPolicyConfiguration.md | 309 +++ .../Set-NCSIPolicyConfiguration.md | 339 +++ .../Add-NetworkControllerNode.md | 322 +++ .../Clear-NetworkControllerNodeContent.md | 102 + .../Disable-NetworkControllerNode.md | 198 ++ .../Enable-NetworkControllerNode.md | 220 ++ .../Get-NetworkController.md | 159 ++ .../Get-NetworkControllerAccessControlList.md | 144 ++ ...-NetworkControllerAccessControlListRule.md | 159 ++ ...ControllerAuditingSettingsConfiguration.md | 118 + .../Get-NetworkControllerBackup.md | 143 ++ .../Get-NetworkControllerCluster.md | 153 ++ .../Get-NetworkControllerConnectivityCheck.md | 95 + ...etworkControllerConnectivityCheckResult.md | 108 + .../Get-NetworkControllerCredential.md | 166 ++ .../Get-NetworkControllerDiagnostic.md | 136 ++ .../Get-NetworkControllerDiscovery.md | 117 + .../Get-NetworkControllerFabricRoute.md | 187 ++ .../Get-NetworkControllerGateway.md | 186 ++ .../Get-NetworkControllerGatewayPool.md | 187 ++ ...etworkControllerIDnsServerConfiguration.md | 120 + ...workControllerInternalResourceInstances.md | 140 ++ .../Get-NetworkControllerIpPool.md | 160 ++ .../Get-NetworkControllerIpReservation.md | 165 ++ .../Get-NetworkControllerLoadBalancer.md | 136 ++ ...ontrollerLoadBalancerBackendAddressPool.md | 143 ++ ...workControllerLoadBalancerConfiguration.md | 113 + ...llerLoadBalancerFrontendIpConfiguration.md | 148 ++ ...orkControllerLoadBalancerInboundNatRule.md | 149 ++ .../Get-NetworkControllerLoadBalancerMux.md | 130 ++ ...rkControllerLoadBalancerOutboundNatRule.md | 144 ++ .../Get-NetworkControllerLoadBalancerProbe.md | 146 ++ .../Get-NetworkControllerLoadBalancingRule.md | 155 ++ .../Get-NetworkControllerLogicalNetwork.md | 149 ++ .../Get-NetworkControllerLogicalSubnet.md | 174 ++ .../Get-NetworkControllerMacPool.md | 133 ++ .../Get-NetworkControllerNetworkInterface.md | 160 ++ ...ntrollerNetworkInterfaceIpConfiguration.md | 154 ++ .../Get-NetworkControllerNode.md | 181 ++ .../Get-NetworkControllerPublicIpAddress.md | 135 ++ .../Get-NetworkControllerRestore.md | 139 ++ .../Get-NetworkControllerRoute.md | 149 ++ .../Get-NetworkControllerRouteTable.md | 134 ++ .../Get-NetworkControllerServer.md | 155 ++ .../Get-NetworkControllerServerInterface.md | 173 ++ .../Get-NetworkControllerServiceInsertion.md | 145 ++ .../Get-NetworkControllerState.md | 117 + .../Get-NetworkControllerStatistics.md | 129 ++ .../Get-NetworkControllerSubnetEgressReset.md | 120 + .../Get-NetworkControllerVirtualGateway.md | 180 ++ ...-NetworkControllerVirtualGatewayBgpPeer.md | 211 ++ ...etworkControllerVirtualGatewayBgpRouter.md | 195 ++ ...ntrollerVirtualGatewayNetworkConnection.md | 186 ++ ...etworkControllerVirtualGatewayPolicyMap.md | 176 ++ .../Get-NetworkControllerVirtualNetwork.md | 135 ++ ...rkControllerVirtualNetworkConfiguration.md | 100 + ...-NetworkControllerVirtualNetworkPeering.md | 157 ++ .../Get-NetworkControllerVirtualServer.md | 113 + .../Get-NetworkControllerVirtualSubnet.md | 152 ++ ...orkControllerVirtualSwitchConfiguration.md | 122 + .../Install-NetworkController.md | 405 ++++ .../Install-NetworkControllerCluster.md | 423 ++++ ...voke-NetworkControllerConnectivityCheck.md | 211 ++ .../Invoke-NetworkControllerState.md | 241 ++ ...voke-NetworkControllerSubnetEgressReset.md | 249 ++ .../networkcontroller/NetworkController.md | 485 ++++ .../New-NetworkControllerAccessControlList.md | 296 +++ ...-NetworkControllerAccessControlListRule.md | 275 +++ .../New-NetworkControllerBackup.md | 263 +++ .../New-NetworkControllerCredential.md | 290 +++ .../New-NetworkControllerFabricRoute.md | 280 +++ .../New-NetworkControllerGateway.md | 291 +++ .../New-NetworkControllerGatewayPool.md | 287 +++ ...etworkControllerIDnsServerConfiguration.md | 249 ++ .../New-NetworkControllerIpPool.md | 262 +++ .../New-NetworkControllerIpReservation.md | 268 +++ .../New-NetworkControllerLoadBalancer.md | 331 +++ ...ontrollerLoadBalancerBackendAddressPool.md | 256 +++ ...workControllerLoadBalancerConfiguration.md | 269 +++ ...llerLoadBalancerFrontendIpConfiguration.md | 269 +++ ...orkControllerLoadBalancerInboundNatRule.md | 292 +++ .../New-NetworkControllerLoadBalancerMux.md | 277 +++ ...rkControllerLoadBalancerOutboundNatRule.md | 279 +++ .../New-NetworkControllerLoadBalancerProbe.md | 260 +++ .../New-NetworkControllerLoadBalancingRule.md | 285 +++ .../New-NetworkControllerLogicalNetwork.md | 270 +++ .../New-NetworkControllerLogicalSubnet.md | 290 +++ .../New-NetworkControllerMacPool.md | 247 ++ .../New-NetworkControllerNetworkInterface.md | 374 +++ ...ntrollerNetworkInterfaceIpConfiguration.md | 257 +++ .../New-NetworkControllerNodeObject.md | 221 ++ .../New-NetworkControllerPublicIpAddress.md | 255 +++ .../New-NetworkControllerRestore.md | 261 +++ .../New-NetworkControllerRoute.md | 262 +++ .../New-NetworkControllerRouteTable.md | 274 +++ .../New-NetworkControllerServer.md | 302 +++ .../New-NetworkControllerServerInterface.md | 292 +++ .../New-NetworkControllerServiceInsertion.md | 319 +++ .../New-NetworkControllerVirtualGateway.md | 319 +++ ...-NetworkControllerVirtualGatewayBgpPeer.md | 300 +++ ...etworkControllerVirtualGatewayBgpRouter.md | 291 +++ ...ntrollerVirtualGatewayNetworkConnection.md | 474 ++++ ...etworkControllerVirtualGatewayPolicyMap.md | 293 +++ .../New-NetworkControllerVirtualNetwork.md | 277 +++ ...-NetworkControllerVirtualNetworkPeering.md | 264 +++ .../New-NetworkControllerVirtualServer.md | 294 +++ .../New-NetworkControllerVirtualSubnet.md | 273 +++ ...move-NetworkControllerAccessControlList.md | 200 ++ ...-NetworkControllerAccessControlListRule.md | 214 ++ .../Remove-NetworkControllerBackup.md | 201 ++ .../Remove-NetworkControllerCredential.md | 207 ++ .../Remove-NetworkControllerFabricRoute.md | 238 ++ .../Remove-NetworkControllerGateway.md | 207 ++ .../Remove-NetworkControllerGatewayPool.md | 207 ++ .../Remove-NetworkControllerIpPool.md | 231 ++ .../Remove-NetworkControllerIpReservation.md | 230 ++ .../Remove-NetworkControllerLoadBalancer.md | 200 ++ ...ontrollerLoadBalancerBackendAddressPool.md | 215 ++ ...workControllerLoadBalancerConfiguration.md | 185 ++ ...llerLoadBalancerFrontendIpConfiguration.md | 215 ++ ...orkControllerLoadBalancerInboundNatRule.md | 215 ++ ...Remove-NetworkControllerLoadBalancerMux.md | 200 ++ ...rkControllerLoadBalancerOutboundNatRule.md | 215 ++ ...move-NetworkControllerLoadBalancerProbe.md | 215 ++ ...move-NetworkControllerLoadBalancingRule.md | 215 ++ .../Remove-NetworkControllerLogicalNetwork.md | 208 ++ .../Remove-NetworkControllerLogicalSubnet.md | 223 ++ .../Remove-NetworkControllerMacPool.md | 185 ++ ...emove-NetworkControllerNetworkInterface.md | 200 ++ ...ntrollerNetworkInterfaceIpConfiguration.md | 210 ++ .../Remove-NetworkControllerNode.md | 214 ++ ...Remove-NetworkControllerPublicIpAddress.md | 200 ++ .../Remove-NetworkControllerRestore.md | 202 ++ .../Remove-NetworkControllerRoute.md | 219 ++ .../Remove-NetworkControllerRouteTable.md | 203 ++ .../Remove-NetworkControllerServer.md | 207 ++ ...Remove-NetworkControllerServerInterface.md | 221 ++ ...emove-NetworkControllerServiceInsertion.md | 199 ++ .../Remove-NetworkControllerVirtualGateway.md | 201 ++ ...-NetworkControllerVirtualGatewayBgpPeer.md | 231 ++ ...etworkControllerVirtualGatewayBgpRouter.md | 217 ++ ...ntrollerVirtualGatewayNetworkConnection.md | 216 ++ ...etworkControllerVirtualGatewayPolicyMap.md | 217 ++ .../Remove-NetworkControllerVirtualNetwork.md | 200 ++ ...-NetworkControllerVirtualNetworkPeering.md | 217 ++ .../Remove-NetworkControllerVirtualServer.md | 198 ++ .../Remove-NetworkControllerVirtualSubnet.md | 213 ++ .../Repair-NetworkControllerCluster.md | 134 ++ .../Set-NetworkController.md | 330 +++ ...ControllerAuditingSettingsConfiguration.md | 258 +++ .../Set-NetworkControllerCluster.md | 293 +++ .../Set-NetworkControllerDiagnostic.md | 324 +++ .../Set-NetworkControllerNode.md | 251 ++ ...rkControllerVirtualNetworkConfiguration.md | 257 +++ ...orkControllerVirtualSwitchConfiguration.md | 279 +++ .../Uninstall-NetworkController.md | 173 ++ .../Uninstall-NetworkControllerCluster.md | 176 ++ .../Update-NetworkController.md | 210 ++ .../Debug-NetworkController.md | 219 ++ ...bug-NetworkControllerConfigurationState.md | 155 ++ .../Debug-ServiceFabricNodeStatus.md | 86 + .../Get-NetworkControllerDeploymentInfo.md | 122 + .../Get-NetworkControllerManagedDevices.md | 112 + .../Get-NetworkControllerReplica.md | 101 + .../NetworkControllerDiagnostics.md | 34 + .../Add-NlbClusterNode.md | 172 ++ .../Add-NlbClusterNodeDip.md | 160 ++ .../Add-NlbClusterPortRule.md | 273 +++ .../Add-NlbClusterVip.md | 161 ++ .../Disable-NlbClusterPortRule.md | 208 ++ .../Enable-NlbClusterPortRule.md | 174 ++ .../Get-NlbCluster.md | 120 + .../Get-NlbClusterDriverInfo.md | 367 +++ .../Get-NlbClusterNode.md | 157 ++ .../Get-NlbClusterNodeDip.md | 168 ++ .../Get-NlbClusterNodeNetworkInterface.md | 139 ++ .../Get-NlbClusterPortRule.md | 211 ++ .../Get-NlbClusterVip.md | 141 ++ .../NetworkLoadBalancingClusters.md | 123 + .../New-NlbCluster.md | 221 ++ .../New-NlbClusterIpv6Address.md | 124 + .../Remove-NlbCluster.md | 159 ++ .../Remove-NlbClusterNode.md | 165 ++ .../Remove-NlbClusterNodeDip.md | 180 ++ .../Remove-NlbClusterPortRule.md | 188 ++ .../Remove-NlbClusterVip.md | 165 ++ .../Resume-NlbCluster.md | 123 + .../Resume-NlbClusterNode.md | 133 ++ .../Set-NlbCluster.md | 202 ++ .../Set-NlbClusterNode.md | 264 +++ .../Set-NlbClusterNodeDip.md | 150 ++ .../Set-NlbClusterPortRule.md | 305 +++ ...-NlbClusterPortRuleNodeHandlingPriority.md | 185 ++ .../Set-NlbClusterPortRuleNodeWeight.md | 232 ++ .../Set-NlbClusterVip.md | 150 ++ .../Start-NlbCluster.md | 121 + .../Start-NlbClusterNode.md | 121 + .../Stop-NlbCluster.md | 155 ++ .../Stop-NlbClusterNode.md | 168 ++ .../Suspend-NlbCluster.md | 123 + .../Suspend-NlbClusterNode.md | 123 + .../Disable-NetworkSwitchEthernetPort.md | 172 ++ .../Disable-NetworkSwitchFeature.md | 195 ++ .../Disable-NetworkSwitchVlan.md | 185 ++ .../Enable-NetworkSwitchEthernetPort.md | 172 ++ .../Enable-NetworkSwitchFeature.md | 195 ++ .../Enable-NetworkSwitchVlan.md | 185 ++ .../Get-NetworkSwitchEthernetPort.md | 174 ++ .../Get-NetworkSwitchFeature.md | 167 ++ .../Get-NetworkSwitchGlobalData.md | 72 + .../Get-NetworkSwitchVlan.md | 195 ++ .../NetworkSwitchManager.md | 74 + .../New-NetworkSwitchVlan.md | 145 ++ ...move-NetworkSwitchEthernetPortIPAddress.md | 143 ++ .../Remove-NetworkSwitchVlan.md | 206 ++ .../Restore-NetworkSwitchConfiguration.md | 101 + .../Save-NetworkSwitchConfiguration.md | 102 + .../Set-NetworkSwitchEthernetPortIPAddress.md | 174 ++ .../Set-NetworkSwitchPortMode.md | 247 ++ .../Set-NetworkSwitchPortProperty.md | 144 ++ .../Set-NetworkSwitchVlanProperty.md | 174 ++ .../Add-NetIPHttpsCertBinding.md | 225 ++ .../Disable-NetDnsTransitionConfiguration.md | 196 ++ .../Disable-NetIPHttpsProfile.md | 135 ++ .../Disable-NetNatTransitionConfiguration.md | 232 ++ .../Enable-NetDnsTransitionConfiguration.md | 196 ++ .../Enable-NetIPHttpsProfile.md | 154 ++ .../Enable-NetNatTransitionConfiguration.md | 232 ++ .../Get-Net6to4Configuration.md | 175 ++ .../Get-NetDnsTransitionConfiguration.md | 132 ++ .../Get-NetDnsTransitionMonitoring.md | 114 + .../Get-NetIPHttpsConfiguration.md | 198 ++ .../networktransition/Get-NetIPHttpsState.md | 118 + .../Get-NetIsatapConfiguration.md | 174 ++ .../Get-NetNatTransitionConfiguration.md | 168 ++ .../Get-NetNatTransitionMonitoring.md | 137 ++ .../Get-NetTeredoConfiguration.md | 173 ++ .../networktransition/Get-NetTeredoState.md | 112 + .../networktransition/NetworkTransition.md | 119 + .../New-NetIPHttpsConfiguration.md | 323 +++ .../New-NetNatTransitionConfiguration.md | 287 +++ .../Remove-NetIPHttpsCertBinding.md | 136 ++ .../Remove-NetIPHttpsConfiguration.md | 252 ++ .../Remove-NetNatTransitionConfiguration.md | 232 ++ .../Rename-NetIPHttpsConfiguration.md | 287 +++ .../Reset-Net6to4Configuration.md | 317 +++ .../Reset-NetDnsTransitionConfiguration.md | 319 +++ .../Reset-NetIPHttpsConfiguration.md | 310 +++ .../Reset-NetIsatapConfiguration.md | 302 +++ .../Reset-NetTeredoConfiguration.md | 349 +++ .../Set-Net6to4Configuration.md | 351 +++ .../Set-NetDnsTransitionConfiguration.md | 333 +++ .../Set-NetIPHttpsConfiguration.md | 382 ++++ .../Set-NetIsatapConfiguration.md | 329 +++ .../Set-NetNatTransitionConfiguration.md | 339 +++ .../Set-NetTeredoConfiguration.md | 374 +++ .../nfs/Disconnect-NfsSession.md | 214 ++ .../nfs/Get-NfsClientConfiguration.md | 122 + .../winserver2025-ps/nfs/Get-NfsClientLock.md | 201 ++ .../nfs/Get-NfsClientgroup.md | 182 ++ .../nfs/Get-NfsMappedIdentity.md | 269 +++ .../nfs/Get-NfsMappingStore.md | 134 ++ .../nfs/Get-NfsMountedClient.md | 134 ++ .../winserver2025-ps/nfs/Get-NfsNetgroup.md | 162 ++ .../nfs/Get-NfsNetgroupStore.md | 118 + .../winserver2025-ps/nfs/Get-NfsOpenFile.md | 173 ++ .../nfs/Get-NfsServerConfiguration.md | 137 ++ docset/winserver2025-ps/nfs/Get-NfsSession.md | 147 ++ docset/winserver2025-ps/nfs/Get-NfsShare.md | 311 +++ .../nfs/Get-NfsSharePermission.md | 245 ++ .../winserver2025-ps/nfs/Get-NfsStatistics.md | 196 ++ .../nfs/Grant-NfsSharePermission.md | 328 +++ .../nfs/Install-NfsMappingStore.md | 99 + docset/winserver2025-ps/nfs/NFS.md | 143 ++ .../nfs/New-NfsClientgroup.md | 204 ++ .../nfs/New-NfsMappedIdentity.md | 295 +++ .../winserver2025-ps/nfs/New-NfsNetgroup.md | 165 ++ docset/winserver2025-ps/nfs/New-NfsShare.md | 377 +++ .../nfs/Remove-NfsClientgroup.md | 219 ++ .../nfs/Remove-NfsMappedIdentity.md | 238 ++ .../nfs/Remove-NfsNetgroup.md | 145 ++ .../winserver2025-ps/nfs/Remove-NfsShare.md | 254 +++ .../nfs/Rename-NfsClientgroup.md | 188 ++ .../nfs/Reset-NfsStatistics.md | 150 ++ .../nfs/Resolve-NfsMappedIdentity.md | 198 ++ .../nfs/Revoke-NfsClientLock.md | 261 +++ .../nfs/Revoke-NfsMountedClient.md | 199 ++ .../nfs/Revoke-NfsOpenFile.md | 231 ++ .../nfs/Revoke-NfsSharePermission.md | 250 ++ .../nfs/Set-NfsClientConfiguration.md | 381 ++++ .../nfs/Set-NfsClientgroup.md | 202 ++ .../nfs/Set-NfsMappedIdentity.md | 248 ++ .../nfs/Set-NfsMappingStore.md | 313 +++ .../winserver2025-ps/nfs/Set-NfsNetgroup.md | 170 ++ .../nfs/Set-NfsNetgroupStore.md | 275 +++ .../nfs/Set-NfsServerConfiguration.md | 630 +++++ docset/winserver2025-ps/nfs/Set-NfsShare.md | 380 ++++ .../nfs/Test-NfsMappedIdentity.md | 241 ++ .../nfs/Test-NfsMappingStore.md | 121 + .../nps/Export-NpsConfiguration.md | 74 + .../nps/Get-NpsRadiusClient.md | 56 + .../nps/Get-NpsSharedSecretTemplate.md | 68 + .../nps/Import-NpsConfiguration.md | 68 + docset/winserver2025-ps/nps/NPS.md | 38 + .../nps/New-NpsRadiusClient.md | 155 ++ .../nps/Remove-NpsRadiusClient.md | 71 + .../nps/Set-NpsRadiusClient.md | 155 ++ .../pcsvdevice/Clear-PcsvDeviceLog.md | 407 ++++ .../pcsvdevice/Get-PcsvDevice.md | 385 ++++ .../pcsvdevice/Get-PcsvDeviceLog.md | 459 ++++ .../winserver2025-ps/pcsvdevice/PcsvDevice.md | 42 + .../pcsvdevice/Restart-PcsvDevice.md | 424 ++++ .../Set-PcsvDeviceBootConfiguration.md | 449 ++++ .../Set-PcsvDeviceNetworkConfiguration.md | 466 ++++ .../pcsvdevice/Set-PcsvDeviceUserPassword.md | 431 ++++ .../pcsvdevice/Start-PcsvDevice.md | 428 ++++ .../pcsvdevice/Stop-PcsvDevice.md | 427 ++++ .../Get-PmemDedicatedMemory.md | 82 + .../persistentmemory/Get-PmemDisk.md | 175 ++ .../Get-PmemPhysicalDevice.md | 163 ++ .../persistentmemory/Get-PmemUnusedRegion.md | 88 + .../Initialize-PmemPhysicalDevice.md | 132 ++ .../New-PmemDedicatedMemory.md | 102 + .../persistentmemory/New-PmemDisk.md | 168 ++ .../persistentmemory/PersistentMemory.md | 44 + .../Remove-PmemDedicatedMemory.md | 115 + .../persistentmemory/Remove-PmemDisk.md | 162 ++ .../Add-CertificateEnrollmentPolicyServer.md | 274 +++ .../pki/Export-Certificate.md | 229 ++ .../pki/Export-PfxCertificate.md | 387 ++++ .../winserver2025-ps/pki/Get-Certificate.md | 342 +++ .../Get-CertificateAutoEnrollmentPolicy.md | 119 + .../Get-CertificateEnrollmentPolicyServer.md | 140 ++ .../pki/Get-CertificateNotificationTask.md | 68 + docset/winserver2025-ps/pki/Get-PfxData.md | 113 + .../pki/Import-Certificate.md | 164 ++ .../pki/Import-PfxCertificate.md | 208 ++ .../pki/New-CertificateNotificationTask.md | 245 ++ .../pki/New-SelfSignedCertificate.md | 1140 ++++++++++ ...emove-CertificateEnrollmentPolicyServer.md | 163 ++ .../pki/Remove-CertificateNotificationTask.md | 114 + .../Set-CertificateAutoEnrollmentPolicy.md | 294 +++ .../pki/Switch-Certificate.md | 175 ++ .../winserver2025-ps/pki/Test-Certificate.md | 200 ++ docset/winserver2025-ps/pki/pki.md | 68 + .../Get-PlatformIdentifier.md | 116 + .../platformidentifier/PlatformIdentifier.md | 20 + .../pnpdevice/Disable-PnpDevice.md | 192 ++ .../pnpdevice/Enable-PnpDevice.md | 203 ++ .../pnpdevice/Get-PnpDevice.md | 277 +++ .../pnpdevice/Get-PnpDeviceProperty.md | 329 +++ .../winserver2025-ps/pnpdevice/PnpDevice.md | 29 + .../printmanagement/Add-Printer.md | 585 +++++ .../printmanagement/Add-PrinterDriver.md | 208 ++ .../printmanagement/Add-PrinterPort.md | 337 +++ .../printmanagement/Get-PrintConfiguration.md | 184 ++ .../printmanagement/Get-PrintJob.md | 197 ++ .../printmanagement/Get-Printer.md | 193 ++ .../printmanagement/Get-PrinterDriver.md | 182 ++ .../printmanagement/Get-PrinterPort.md | 143 ++ .../printmanagement/Get-PrinterProperty.md | 168 ++ .../printmanagement/PrintManagement.md | 83 + .../printmanagement/Read-PrinterNfcTag.md | 118 + .../printmanagement/Remove-PrintJob.md | 257 +++ .../printmanagement/Remove-Printer.md | 228 ++ .../printmanagement/Remove-PrinterDriver.md | 244 ++ .../printmanagement/Remove-PrinterPort.md | 214 ++ .../printmanagement/Rename-Printer.md | 209 ++ .../printmanagement/Restart-PrintJob.md | 258 +++ .../printmanagement/Resume-PrintJob.md | 256 +++ .../printmanagement/Set-PrintConfiguration.md | 327 +++ .../printmanagement/Set-Printer.md | 555 +++++ .../printmanagement/Set-PrinterProperty.md | 242 ++ .../printmanagement/Suspend-PrintJob.md | 259 +++ .../printmanagement/Write-PrinterNfcTag.md | 191 ++ .../ConvertTo-ProcessMitigationPolicy.md | 79 + .../Get-ProcessMitigation.md | 203 ++ .../processmitigations/ProcessMitigations.md | 24 + .../Set-ProcessMitigation.md | 267 +++ .../Export-ProvisioningPackage.md | 199 ++ .../provisioning/Export-Trace.md | 123 + .../provisioning/Get-ProvisioningPackage.md | 155 ++ .../Get-TrustedProvisioningCertificate.md | 115 + .../Install-ProvisioningPackage.md | 144 ++ .../Install-TrustedProvisioningCertificate.md | 125 + .../provisioning/Provisioning.md | 40 + .../Uninstall-ProvisioningPackage.md | 175 ++ ...ninstall-TrustedProvisioningCertificate.md | 110 + .../winserver2025-ps/rdmgmt/Add-RDServer.md | 178 ++ .../rdmgmt/Add-RDSessionHost.md | 105 + .../Add-RDVirtualDesktopToCollection.md | 176 ++ ...e-RDVirtualDesktopADMachineAccountReuse.md | 70 + .../rdmgmt/Disconnect-RDUser.md | 109 + ...e-RDVirtualDesktopADMachineAccountReuse.md | 68 + ...port-RDPersonalSessionDesktopAssignment.md | 99 + ...port-RDPersonalVirtualDesktopAssignment.md | 103 + .../rdmgmt/Get-RDAvailableApp.md | 111 + .../rdmgmt/Get-RDCertificate.md | 119 + .../Get-RDConnectionBrokerHighAvailability.md | 81 + .../Get-RDDeploymentGatewayConfiguration.md | 71 + .../rdmgmt/Get-RDFileTypeAssociation.md | 136 ++ .../rdmgmt/Get-RDLicenseConfiguration.md | 70 + .../Get-RDPersonalSessionDesktopAssignment.md | 147 ++ .../Get-RDPersonalVirtualDesktopAssignment.md | 134 ++ ...t-RDPersonalVirtualDesktopPatchSchedule.md | 146 ++ .../rdmgmt/Get-RDRemoteApp.md | 128 ++ .../rdmgmt/Get-RDRemoteDesktop.md | 69 + .../winserver2025-ps/rdmgmt/Get-RDServer.md | 118 + .../rdmgmt/Get-RDSessionCollection.md | 86 + .../Get-RDSessionCollectionConfiguration.md | 261 +++ .../rdmgmt/Get-RDSessionHost.md | 87 + .../rdmgmt/Get-RDUserSession.md | 89 + .../rdmgmt/Get-RDVirtualDesktop.md | 91 + .../rdmgmt/Get-RDVirtualDesktopCollection.md | 86 + ...RDVirtualDesktopCollectionConfiguration.md | 178 ++ ...Get-RDVirtualDesktopCollectionJobStatus.md | 85 + .../rdmgmt/Get-RDVirtualDesktopConcurrency.md | 106 + .../rdmgmt/Get-RDVirtualDesktopIdleCount.md | 103 + .../Get-RDVirtualDesktopTemplateExportPath.md | 68 + .../rdmgmt/Get-RDWorkspace.md | 67 + .../rdmgmt/Grant-RDOUAccess.md | 98 + ...port-RDPersonalSessionDesktopAssignment.md | 99 + ...port-RDPersonalVirtualDesktopAssignment.md | 103 + .../rdmgmt/Invoke-RDUserLogoff.md | 116 + .../rdmgmt/Move-RDVirtualDesktop.md | 149 ++ .../rdmgmt/New-RDCertificate.md | 204 ++ ...w-RDPersonalVirtualDesktopPatchSchedule.md | 235 ++ .../rdmgmt/New-RDRemoteApp.md | 316 +++ .../rdmgmt/New-RDSessionCollection.md | 185 ++ .../rdmgmt/New-RDSessionDeployment.md | 110 + .../rdmgmt/New-RDVirtualDesktopCollection.md | 511 +++++ .../rdmgmt/New-RDVirtualDesktopDeployment.md | 125 + docset/winserver2025-ps/rdmgmt/RDMgmt.md | 253 +++ .../Remove-RDDatabaseConnectionString.md | 128 ++ ...move-RDPersonalSessionDesktopAssignment.md | 168 ++ ...move-RDPersonalVirtualDesktopAssignment.md | 182 ++ ...e-RDPersonalVirtualDesktopPatchSchedule.md | 157 ++ .../rdmgmt/Remove-RDRemoteApp.md | 153 ++ .../rdmgmt/Remove-RDServer.md | 130 ++ .../rdmgmt/Remove-RDSessionCollection.md | 133 ++ .../rdmgmt/Remove-RDSessionHost.md | 136 ++ .../Remove-RDVirtualDesktopCollection.md | 135 ++ .../Remove-RDVirtualDesktopFromCollection.md | 145 ++ .../rdmgmt/Send-RDUserMessage.md | 120 + .../rdmgmt/Set-RDActiveManagementServer.md | 67 + .../rdmgmt/Set-RDCertificate.md | 199 ++ .../rdmgmt/Set-RDClientAccessName.md | 79 + .../Set-RDConnectionBrokerHighAvailability.md | 143 ++ .../rdmgmt/Set-RDDatabaseConnectionString.md | 163 ++ .../Set-RDDeploymentGatewayConfiguration.md | 183 ++ .../rdmgmt/Set-RDFileTypeAssociation.md | 214 ++ .../rdmgmt/Set-RDLicenseConfiguration.md | 141 ++ .../Set-RDPersonalSessionDesktopAssignment.md | 117 + .../Set-RDPersonalVirtualDesktopAssignment.md | 120 + ...t-RDPersonalVirtualDesktopPatchSchedule.md | 210 ++ .../rdmgmt/Set-RDRemoteApp.md | 316 +++ .../rdmgmt/Set-RDRemoteDesktop.md | 151 ++ .../Set-RDSessionCollectionConfiguration.md | 622 +++++ .../rdmgmt/Set-RDSessionHost.md | 106 + ...RDVirtualDesktopCollectionConfiguration.md | 416 ++++ .../rdmgmt/Set-RDVirtualDesktopConcurrency.md | 143 ++ .../rdmgmt/Set-RDVirtualDesktopIdleCount.md | 148 ++ .../Set-RDVirtualDesktopTemplateExportPath.md | 81 + .../rdmgmt/Set-RDWorkspace.md | 83 + .../Stop-RDVirtualDesktopCollectionJob.md | 131 ++ .../rdmgmt/Test-RDOUAccess.md | 98 + ...t-RDVirtualDesktopADMachineAccountReuse.md | 68 + .../Update-RDVirtualDesktopCollection.md | 244 ++ .../remoteaccess/Add-BgpCustomRoute.md | 211 ++ .../remoteaccess/Add-BgpPeer.md | 384 ++++ .../remoteaccess/Add-BgpRouteAggregate.md | 257 +++ .../remoteaccess/Add-BgpRouter.md | 391 ++++ .../remoteaccess/Add-BgpRoutingPolicy.md | 455 ++++ .../Add-BgpRoutingPolicyForPeer.md | 247 ++ .../remoteaccess/Add-DAAppServer.md | 359 +++ .../remoteaccess/Add-DAClient.md | 415 ++++ .../Add-DAClientDnsConfiguration.md | 282 +++ .../remoteaccess/Add-DAEntryPoint.md | 411 ++++ .../remoteaccess/Add-DAMgmtServer.md | 190 ++ .../remoteaccess/Add-RemoteAccessIpFilter.md | 261 +++ .../Add-RemoteAccessLoadBalancerNode.md | 334 +++ .../remoteaccess/Add-RemoteAccessRadius.md | 417 ++++ .../remoteaccess/Add-VpnIPAddressRange.md | 214 ++ .../remoteaccess/Add-VpnS2SInterface.md | 1178 ++++++++++ .../remoteaccess/Add-VpnSstpProxyRule.md | 177 ++ .../Clear-BgpRouteFlapDampening.md | 189 ++ .../Clear-RemoteAccessInboxAccountingStore.md | 300 +++ .../Clear-VpnS2SInterfaceStatistics.md | 182 ++ .../remoteaccess/Connect-VpnS2SInterface.md | 176 ++ .../Disable-BgpRouteFlapDampening.md | 172 ++ .../remoteaccess/Disable-DAMultiSite.md | 191 ++ .../Disable-DAOtpAuthentication.md | 221 ++ .../Disable-RemoteAccessRoutingDomain.md | 207 ++ .../Disconnect-VpnS2SInterface.md | 208 ++ .../remoteaccess/Disconnect-VpnUser.md | 219 ++ .../Enable-BgpRouteFlapDampening.md | 192 ++ .../remoteaccess/Enable-DAMultiSite.md | 345 +++ .../Enable-DAOtpAuthentication.md | 365 +++ .../Enable-RemoteAccessRoutingDomain.md | 192 ++ .../remoteaccess/Get-BgpCustomRoute.md | 171 ++ .../remoteaccess/Get-BgpPeer.md | 214 ++ .../remoteaccess/Get-BgpRouteAggregate.md | 181 ++ .../remoteaccess/Get-BgpRouteFlapDampening.md | 159 ++ .../remoteaccess/Get-BgpRouteInformation.md | 173 ++ .../remoteaccess/Get-BgpRouter.md | 160 ++ .../remoteaccess/Get-BgpRoutingPolicy.md | 304 +++ .../remoteaccess/Get-BgpStatistics.md | 244 ++ .../remoteaccess/Get-DAAppServer.md | 149 ++ .../remoteaccess/Get-DAClient.md | 195 ++ .../Get-DAClientDnsConfiguration.md | 149 ++ .../remoteaccess/Get-DAEntryPoint.md | 158 ++ .../remoteaccess/Get-DAEntryPointDC.md | 168 ++ .../remoteaccess/Get-DAMgmtServer.md | 150 ++ .../remoteaccess/Get-DAMultiSite.md | 148 ++ .../Get-DANetworkLocationServer.md | 179 ++ .../remoteaccess/Get-DAOtpAuthentication.md | 147 ++ .../remoteaccess/Get-DAServer.md | 244 ++ .../remoteaccess/Get-RemoteAccess.md | 261 +++ .../Get-RemoteAccessAccounting.md | 164 ++ .../Get-RemoteAccessConfiguration.md | 104 + .../Get-RemoteAccessConnectionStatistics.md | 312 +++ ...RemoteAccessConnectionStatisticsSummary.md | 238 ++ .../remoteaccess/Get-RemoteAccessHealth.md | 311 +++ .../remoteaccess/Get-RemoteAccessIpFilter.md | 149 ++ .../Get-RemoteAccessLoadBalancer.md | 190 ++ .../remoteaccess/Get-RemoteAccessRadius.md | 236 ++ .../Get-RemoteAccessRoutingDomain.md | 149 ++ .../Get-RemoteAccessUserActivity.md | 284 +++ .../Get-RoutingProtocolPreference.md | 121 + .../remoteaccess/Get-VpnAuthProtocol.md | 130 ++ .../remoteaccess/Get-VpnS2SInterface.md | 194 ++ .../Get-VpnS2SInterfaceStatistics.md | 187 ++ .../Get-VpnServerConfiguration.md | 147 ++ .../remoteaccess/Get-VpnSstpProxyRule.md | 110 + .../remoteaccess/Install-RemoteAccess.md | 860 +++++++ .../remoteaccess/New-VpnSstpProxyRule.md | 145 ++ .../remoteaccess/New-VpnTrafficSelector.md | 190 ++ .../remoteaccess/RemoteAccess.md | 377 +++ .../remoteaccess/Remove-BgpCustomRoute.md | 224 ++ .../remoteaccess/Remove-BgpPeer.md | 217 ++ .../remoteaccess/Remove-BgpRouteAggregate.md | 187 ++ .../remoteaccess/Remove-BgpRouter.md | 212 ++ .../remoteaccess/Remove-BgpRoutingPolicy.md | 219 ++ .../Remove-BgpRoutingPolicyForPeer.md | 253 +++ .../remoteaccess/Remove-DAAppServer.md | 319 +++ .../remoteaccess/Remove-DAClient.md | 327 +++ .../Remove-DAClientDnsConfiguration.md | 216 ++ .../remoteaccess/Remove-DAEntryPoint.md | 213 ++ .../remoteaccess/Remove-DAMgmtServer.md | 197 ++ .../Remove-RemoteAccessIpFilter.md | 243 ++ .../Remove-RemoteAccessLoadBalancerNode.md | 214 ++ .../remoteaccess/Remove-RemoteAccessRadius.md | 283 +++ .../remoteaccess/Remove-VpnIPAddressRange.md | 228 ++ .../remoteaccess/Remove-VpnS2SInterface.md | 203 ++ .../remoteaccess/Remove-VpnSstpProxyRule.md | 175 ++ .../remoteaccess/Set-BgpPeer.md | 451 ++++ .../remoteaccess/Set-BgpRouteAggregate.md | 257 +++ .../remoteaccess/Set-BgpRouteFlapDampening.md | 270 +++ .../remoteaccess/Set-BgpRouter.md | 403 ++++ .../remoteaccess/Set-BgpRoutingPolicy.md | 509 +++++ .../Set-BgpRoutingPolicyForPeer.md | 243 ++ .../remoteaccess/Set-DAAppServerConnection.md | 249 ++ .../remoteaccess/Set-DAClient.md | 290 +++ .../Set-DAClientDnsConfiguration.md | 274 +++ .../remoteaccess/Set-DAEntryPoint.md | 249 ++ .../remoteaccess/Set-DAEntryPointDC.md | 280 +++ .../remoteaccess/Set-DAMultiSite.md | 268 +++ .../Set-DANetworkLocationServer.md | 356 +++ .../remoteaccess/Set-DAOtpAuthentication.md | 298 +++ .../remoteaccess/Set-DAServer.md | 629 +++++ .../remoteaccess/Set-RemoteAccess.md | 318 +++ .../Set-RemoteAccessAccounting.md | 445 ++++ .../Set-RemoteAccessConfiguration.md | 151 ++ .../Set-RemoteAccessInboxAccountingStore.md | 222 ++ .../remoteaccess/Set-RemoteAccessIpFilter.md | 202 ++ .../Set-RemoteAccessLoadBalancer.md | 434 ++++ .../remoteaccess/Set-RemoteAccessRadius.md | 393 ++++ .../Set-RemoteAccessRoutingDomain.md | 626 +++++ .../Set-RoutingProtocolPreference.md | 201 ++ .../remoteaccess/Set-VpnAuthProtocol.md | 290 +++ .../remoteaccess/Set-VpnAuthType.md | 363 +++ .../Set-VpnIPAddressAssignment.md | 303 +++ .../remoteaccess/Set-VpnS2SInterface.md | 1053 +++++++++ .../Set-VpnServerConfiguration.md | 476 ++++ .../remoteaccess/Set-VpnSstpProxyRule.md | 188 ++ .../remoteaccess/Start-BgpPeer.md | 154 ++ .../remoteaccess/Stop-BgpPeer.md | 215 ++ .../remoteaccess/Uninstall-RemoteAccess.md | 311 +++ .../remoteaccess/Update-DAMgmtServer.md | 242 ++ .../remotedesktopservices/Convert-License.md | 139 ++ .../RemoteDesktopServices.md | 21 + .../scheduledtasks/Disable-ScheduledTask.md | 212 ++ .../scheduledtasks/Enable-ScheduledTask.md | 185 ++ .../scheduledtasks/Export-ScheduledTask.md | 180 ++ .../Get-ClusteredScheduledTask.md | 162 ++ .../scheduledtasks/Get-ScheduledTask.md | 189 ++ .../scheduledtasks/Get-ScheduledTaskInfo.md | 174 ++ .../scheduledtasks/New-ScheduledTask.md | 241 ++ .../scheduledtasks/New-ScheduledTaskAction.md | 179 ++ .../New-ScheduledTaskPrincipal.md | 277 +++ .../New-ScheduledTaskSettingsSet.md | 653 ++++++ .../New-ScheduledTaskTrigger.md | 400 ++++ .../Register-ClusteredScheduledTask.md | 333 +++ .../scheduledtasks/Register-ScheduledTask.md | 373 +++ .../scheduledtasks/ScheduledTasks.md | 74 + .../Set-ClusteredScheduledTask.md | 275 +++ .../scheduledtasks/Set-ScheduledTask.md | 309 +++ .../scheduledtasks/Start-ScheduledTask.md | 175 ++ .../scheduledtasks/Stop-ScheduledTask.md | 177 ++ .../Unregister-ClusteredScheduledTask.md | 157 ++ .../Unregister-ScheduledTask.md | 223 ++ .../secureboot/Confirm-SecureBootUEFI.md | 82 + .../secureboot/Format-SecureBootUEFI.md | 291 +++ .../secureboot/Get-SecureBootPolicy.md | 74 + .../secureboot/Get-SecureBootUEFI.md | 114 + .../winserver2025-ps/secureboot/SecureBoot.md | 32 + .../secureboot/Set-SecureBootUEFI.md | 254 +++ .../servercore/Get-DisplayResolution.md | 53 + .../winserver2025-ps/servercore/ServerCore.md | 23 + .../servercore/Set-DisplayResolution.md | 118 + .../servermanagertasks/Get-SMCounterSample.md | 241 ++ .../Get-SMPerformanceCollector.md | 123 + .../Get-SMServerBpaResult.md | 193 ++ .../Get-SMServerClusterName.md | 96 + .../servermanagertasks/Get-SMServerEvent.md | 246 ++ .../servermanagertasks/Get-SMServerFeature.md | 138 ++ .../Get-SMServerInventory.md | 114 + .../servermanagertasks/Get-SMServerService.md | 128 ++ .../Remove-SMServerPerformanceLog.md | 159 ++ .../servermanagertasks/ServerManagerTasks.md | 50 + .../Start-SMPerformanceCollector.md | 147 ++ .../Stop-SMPerformanceCollector.md | 147 ++ .../Get-KeyProtectorFromShieldingDataFile.md | 77 + .../Get-ShieldedVMProvisioningStatus.md | 130 ++ .../Initialize-ShieldedVM.md | 132 ++ .../New-ShieldedVMSpecializationDataFile.md | 87 + .../shieldedvmcmdlets/ShieldedVmCmdlets.md | 29 + .../Test-ShieldingDataApplicability.md | 85 + .../Import-ShieldingDataFile.md | 68 + .../New-ShieldingDataFile.md | 208 ++ .../New-VolumeIDQualifier.md | 112 + .../Save-ShieldedVMRecoveryKey.md | 155 ++ .../Save-VolumeSignatureCatalog.md | 78 + .../shieldedvmdatafile/ShieldedVMDataFile.md | 33 + .../Unprotect-ShieldedVMRecoveryKey.md | 172 ++ .../Initialize-VMShieldingHelperVHD.md | 97 + .../Protect-TemplateDisk.md | 238 ++ .../shieldedvmtemplate/ShieldedVMTemplate.md | 21 + .../smbshare/Block-SmbShareAccess.md | 269 +++ .../smbshare/Close-SmbOpenFile.md | 342 +++ .../smbshare/Close-SmbSession.md | 292 +++ .../smbshare/Disable-SmbDelegation.md | 107 + .../smbshare/Enable-SmbDelegation.md | 91 + .../smbshare/Get-SmbBandwidthLimit.md | 134 ++ .../smbshare/Get-SmbClientConfiguration.md | 183 ++ .../smbshare/Get-SmbClientNetworkInterface.md | 155 ++ .../smbshare/Get-SmbConnection.md | 194 ++ .../smbshare/Get-SmbDelegation.md | 75 + .../smbshare/Get-SmbGlobalMapping.md | 134 ++ .../smbshare/Get-SmbMapping.md | 156 ++ .../smbshare/Get-SmbMultichannelConnection.md | 247 ++ .../smbshare/Get-SmbMultichannelConstraint.md | 133 ++ .../smbshare/Get-SmbOpenFile.md | 336 +++ .../smbshare/Get-SmbServerCertProps.md | 103 + .../Get-SmbServerCertificateMapping.md | 238 ++ .../smbshare/Get-SmbServerConfiguration.md | 204 ++ .../smbshare/Get-SmbServerNetworkInterface.md | 190 ++ .../smbshare/Get-SmbSession.md | 297 +++ .../winserver2025-ps/smbshare/Get-SmbShare.md | 455 ++++ .../smbshare/Get-SmbShareAccess.md | 233 ++ .../smbshare/Grant-SmbShareAccess.md | 283 +++ .../smbshare/New-SmbGlobalMapping.md | 270 +++ .../smbshare/New-SmbMapping.md | 356 +++ .../smbshare/New-SmbMultichannelConstraint.md | 237 ++ .../New-SmbServerCertificateMapping.md | 261 +++ .../winserver2025-ps/smbshare/New-SmbShare.md | 559 +++++ .../smbshare/Remove-SmbBandwidthLimit.md | 173 ++ .../smbshare/Remove-SmbComponent.md | 147 ++ .../smbshare/Remove-SmbGlobalMapping.md | 220 ++ .../smbshare/Remove-SmbMapping.md | 263 +++ .../Remove-SmbMultichannelConstraint.md | 259 +++ .../Remove-SmbServerCertificateMapping.md | 335 +++ .../smbshare/Remove-SmbShare.md | 261 +++ .../smbshare/Reset-SmbClientConfiguration.md | 651 ++++++ .../smbshare/Reset-SmbServerConfiguration.md | 863 +++++++ .../smbshare/Revoke-SmbShareAccess.md | 264 +++ .../smbshare/Set-SmbBandwidthLimit.md | 179 ++ .../smbshare/Set-SmbClientConfiguration.md | 746 ++++++ .../smbshare/Set-SmbPathAcl.md | 94 + .../Set-SmbServerCertificateMapping.md | 238 ++ .../smbshare/Set-SmbServerConfiguration.md | 1024 +++++++++ .../winserver2025-ps/smbshare/Set-SmbShare.md | 440 ++++ docset/winserver2025-ps/smbshare/SmbShare.md | 159 ++ .../smbshare/Unblock-SmbShareAccess.md | 264 +++ .../Update-SmbMultichannelConnection.md | 127 ++ .../smbwitness/Get-SmbWitnessClient.md | 173 ++ .../smbwitness/Move-SmbWitnessClient.md | 182 ++ .../winserver2025-ps/smbwitness/SmbWitness.md | 23 + .../smisconfig/Register-SmisProvider.md | 208 ++ .../winserver2025-ps/smisconfig/SMISConfig.md | 26 + .../smisconfig/Search-SmisProvider.md | 114 + .../smisconfig/Unregister-SmisProvider.md | 160 ++ .../Get-SilComputer.md | 126 + .../Get-SilComputerIdentity.md | 117 + .../softwareinventorylogging/Get-SilData.md | 193 ++ .../Get-SilLogging.md | 83 + .../Get-SilSoftware.md | 155 ++ .../Get-SilUalAccess.md | 177 ++ .../Get-SilWindowsUpdate.md | 135 ++ .../Publish-SilData.md | 178 ++ .../Set-SilLogging.md | 192 ++ .../SoftwareInventoryLogging.md | 50 + .../Start-SilLogging.md | 108 + .../Stop-SilLogging.md | 108 + .../startlayout/Export-StartLayout.md | 144 ++ .../Export-StartLayoutEdgeAssets.md | 131 ++ .../startlayout/Get-StartApps.md | 99 + .../startlayout/Import-StartLayout.md | 167 ++ .../startlayout/StartLayout.md | 29 + .../storage/Add-InitiatorIdToMaskingSet.md | 254 +++ .../storage/Add-PartitionAccessPath.md | 311 +++ .../storage/Add-PhysicalDisk.md | 379 ++++ .../storage/Add-TargetPortToMaskingSet.md | 252 ++ .../storage/Add-VirtualDiskToMaskingSet.md | 268 +++ .../storage/Block-FileShareAccess.md | 253 +++ docset/winserver2025-ps/storage/Clear-Disk.md | 311 +++ .../storage/Clear-FileStorageTier.md | 151 ++ .../storage/Connect-VirtualDisk.md | 264 +++ .../storage/Debug-FileShare.md | 195 ++ .../storage/Debug-StorageSubSystem.md | 282 +++ .../winserver2025-ps/storage/Debug-Volume.md | 211 ++ .../Disable-PhysicalDiskIdentification.md | 158 ++ .../Disable-StorageEnclosureIdentification.md | 209 ++ .../Disable-StorageHighAvailability.md | 232 ++ .../storage/Disable-StorageMaintenanceMode.md | 136 ++ .../storage/Disconnect-VirtualDisk.md | 244 ++ .../storage/Dismount-DiskImage.md | 228 ++ .../Enable-PhysicalDiskIdentification.md | 179 ++ .../Enable-StorageEnclosureIdentification.md | 209 ++ .../storage/Enable-StorageHighAvailability.md | 264 +++ .../storage/Enable-StorageMaintenanceMode.md | 182 ++ .../winserver2025-ps/storage/Format-Volume.md | 516 +++++ .../storage/Get-DedupProperties.md | 199 ++ docset/winserver2025-ps/storage/Get-Disk.md | 403 ++++ .../winserver2025-ps/storage/Get-DiskImage.md | 219 ++ .../storage/Get-DiskStorageNodeView.md | 127 ++ .../storage/Get-FileIntegrity.md | 155 ++ .../winserver2025-ps/storage/Get-FileShare.md | 229 ++ .../Get-FileShareAccessControlEntry.md | 177 ++ .../storage/Get-FileStorageTier.md | 203 ++ .../storage/Get-InitiatorId.md | 250 ++ .../storage/Get-InitiatorPort.md | 299 +++ .../storage/Get-MaskingSet.md | 286 +++ .../storage/Get-OffloadDataTransferSetting.md | 142 ++ .../winserver2025-ps/storage/Get-Partition.md | 330 +++ .../storage/Get-PartitionSupportedSize.md | 224 ++ .../storage/Get-PhysicalDisk.md | 525 +++++ .../Get-PhysicalDiskStorageNodeView.md | 133 ++ .../storage/Get-PhysicalExtent.md | 167 ++ .../storage/Get-PhysicalExtentAssociation.md | 99 + .../storage/Get-ResiliencySetting.md | 190 ++ .../storage/Get-StorageAdvancedProperty.md | 85 + .../storage/Get-StorageDiagnosticInfo.md | 272 +++ .../storage/Get-StorageEnclosure.md | 365 +++ .../Get-StorageEnclosureStorageNodeView.md | 117 + .../storage/Get-StorageEnclosureVendorData.md | 183 ++ .../storage/Get-StorageFaultDomain.md | 149 ++ .../storage/Get-StorageFileServer.md | 170 ++ .../storage/Get-StorageFirmwareInformation.md | 173 ++ .../storage/Get-StorageHealthAction.md | 151 ++ .../storage/Get-StorageHealthReport.md | 155 ++ .../storage/Get-StorageHealthSetting.md | 142 ++ .../storage/Get-StorageJob.md | 293 +++ .../storage/Get-StorageNode.md | 385 ++++ .../storage/Get-StoragePool.md | 476 ++++ .../storage/Get-StorageProvider.md | 206 ++ .../storage/Get-StorageReliabilityCounter.md | 176 ++ .../storage/Get-StorageSetting.md | 105 + .../storage/Get-StorageSubSystem.md | 597 +++++ .../storage/Get-StorageTier.md | 237 ++ .../storage/Get-StorageTierSupportedSize.md | 188 ++ .../storage/Get-SupportedClusterSizes.md | 228 ++ .../storage/Get-SupportedFileSystems.md | 207 ++ .../storage/Get-TargetPort.md | 284 +++ .../storage/Get-TargetPortal.md | 217 ++ .../storage/Get-VirtualDisk.md | 657 ++++++ .../storage/Get-VirtualDiskSupportedSize.md | 239 ++ docset/winserver2025-ps/storage/Get-Volume.md | 444 ++++ .../storage/Get-VolumeCorruptionCount.md | 253 +++ .../storage/Get-VolumeScrubPolicy.md | 213 ++ .../storage/Grant-FileShareAccess.md | 267 +++ .../storage/Hide-VirtualDisk.md | 298 +++ .../storage/Initialize-Disk.md | 324 +++ .../storage/Mount-DiskImage.md | 255 +++ .../winserver2025-ps/storage/New-FileShare.md | 322 +++ .../storage/New-MaskingSet.md | 322 +++ .../winserver2025-ps/storage/New-Partition.md | 388 ++++ .../storage/New-StorageFileServer.md | 241 ++ .../storage/New-StoragePool.md | 457 ++++ .../New-StorageSubsystemVirtualDisk.md | 434 ++++ .../storage/New-StorageTier.md | 421 ++++ .../storage/New-VirtualDisk.md | 728 ++++++ .../storage/New-VirtualDiskClone.md | 227 ++ .../storage/New-VirtualDiskSnapshot.md | 226 ++ docset/winserver2025-ps/storage/New-Volume.md | 645 ++++++ .../storage/Optimize-StoragePool.md | 235 ++ .../storage/Optimize-Volume.md | 379 ++++ .../storage/Register-StorageSubsystem.md | 204 ++ .../storage/Remove-FileShare.md | 227 ++ .../storage/Remove-InitiatorId.md | 216 ++ .../Remove-InitiatorIdFromMaskingSet.md | 237 ++ .../storage/Remove-MaskingSet.md | 225 ++ .../storage/Remove-Partition.md | 280 +++ .../storage/Remove-PartitionAccessPath.md | 292 +++ .../storage/Remove-PhysicalDisk.md | 341 +++ .../storage/Remove-StorageFileServer.md | 210 ++ .../storage/Remove-StorageHealthSetting.md | 141 ++ .../storage/Remove-StoragePool.md | 246 ++ .../storage/Remove-StorageTier.md | 218 ++ .../Remove-TargetPortFromMaskingSet.md | 245 ++ .../storage/Remove-VirtualDisk.md | 259 +++ .../Remove-VirtualDiskFromMaskingSet.md | 241 ++ .../storage/Rename-MaskingSet.md | 236 ++ .../storage/Repair-FileIntegrity.md | 171 ++ .../storage/Repair-VirtualDisk.md | 265 +++ .../winserver2025-ps/storage/Repair-Volume.md | 322 +++ .../storage/Reset-PhysicalDisk.md | 188 ++ .../Reset-StorageReliabilityCounter.md | 194 ++ .../storage/Resize-Partition.md | 319 +++ .../storage/Resize-StorageTier.md | 236 ++ .../storage/Resize-VirtualDisk.md | 283 +++ .../storage/Revoke-FileShareAccess.md | 252 ++ docset/winserver2025-ps/storage/Set-Disk.md | 327 +++ .../storage/Set-FileIntegrity.md | 224 ++ .../winserver2025-ps/storage/Set-FileShare.md | 237 ++ .../storage/Set-FileStorageTier.md | 234 ++ .../storage/Set-InitiatorPort.md | 235 ++ .../winserver2025-ps/storage/Set-Partition.md | 491 ++++ .../storage/Set-PhysicalDisk.md | 248 ++ .../storage/Set-ResiliencySetting.md | 320 +++ .../storage/Set-StorageFileServer.md | 226 ++ .../storage/Set-StorageHealthSetting.md | 154 ++ .../storage/Set-StoragePool.md | 555 +++++ .../storage/Set-StorageProvider.md | 209 ++ .../storage/Set-StorageSetting.md | 173 ++ .../storage/Set-StorageSubSystem.md | 271 +++ .../storage/Set-StorageTier.md | 435 ++++ .../storage/Set-VirtualDisk.md | 328 +++ docset/winserver2025-ps/storage/Set-Volume.md | 298 +++ .../storage/Set-VolumeScrubPolicy.md | 244 ++ .../storage/Show-VirtualDisk.md | 305 +++ .../storage/Start-StorageDiagnosticLog.md | 351 +++ .../storage/Stop-StorageDiagnosticLog.md | 300 +++ .../storage/Stop-StorageJob.md | 210 ++ docset/winserver2025-ps/storage/Storage.md | 447 ++++ .../storage/Unblock-FileShareAccess.md | 251 ++ .../storage/Unregister-StorageSubsystem.md | 219 ++ .../winserver2025-ps/storage/Update-Disk.md | 236 ++ .../storage/Update-HostStorageCache.md | 106 + .../storage/Update-StorageFirmware.md | 197 ++ .../storage/Update-StoragePool.md | 243 ++ .../storage/Update-StorageProviderCache.md | 324 +++ .../storage/Write-VolumeCache.md | 227 ++ .../storageqos/Get-StorageQoSFlow.md | 289 +++ .../storageqos/Get-StorageQosPolicy.md | 238 ++ .../storageqos/Get-StorageQosPolicyStore.md | 103 + .../storageqos/Get-StorageQosVolume.md | 174 ++ .../storageqos/New-StorageQosPolicy.md | 292 +++ .../storageqos/Remove-StorageQosPolicy.md | 226 ++ .../storageqos/Set-StorageQosPolicy.md | 284 +++ .../storageqos/Set-StorageQosPolicyStore.md | 176 ++ .../winserver2025-ps/storageqos/StorageQoS.md | 41 + .../storagereplica/Clear-SRMetadata.md | 322 +++ .../storagereplica/Dismount-SRDestination.md | 178 ++ .../storagereplica/Export-SRConfiguration.md | 124 + .../storagereplica/Get-SRAccess.md | 135 ++ .../storagereplica/Get-SRDelegation.md | 129 ++ .../storagereplica/Get-SRGroup.md | 302 +++ .../storagereplica/Get-SRNetworkConstraint.md | 187 ++ .../storagereplica/Get-SRPartnership.md | 223 ++ .../storagereplica/Grant-SRAccess.md | 185 ++ .../storagereplica/Grant-SRDelegation.md | 197 ++ .../storagereplica/Mount-SRDestination.md | 198 ++ .../storagereplica/New-SRGroup.md | 343 +++ .../storagereplica/New-SRPartnership.md | 564 +++++ .../storagereplica/Remove-SRGroup.md | 202 ++ .../Remove-SRNetworkConstraint.md | 211 ++ .../storagereplica/Remove-SRPartnership.md | 263 +++ .../storagereplica/Revoke-SRAccess.md | 184 ++ .../storagereplica/Revoke-SRDelegation.md | 202 ++ .../storagereplica/Set-SRGroup.md | 427 ++++ .../storagereplica/Set-SRNetworkConstraint.md | 215 ++ .../storagereplica/Set-SRPartnership.md | 562 +++++ .../storagereplica/StorageReplica.md | 89 + .../storagereplica/Suspend-SRGroup.md | 196 ++ .../storagereplica/Sync-SRGroup.md | 157 ++ .../storagereplica/Test-SRTopology.md | 279 +++ .../syncshare/Disable-SyncShare.md | 191 ++ .../syncshare/Enable-SyncShare.md | 192 ++ .../syncshare/Get-SyncServerSetting.md | 108 + .../syncshare/Get-SyncShare.md | 188 ++ .../syncshare/Get-SyncUserStatus.md | 131 ++ .../syncshare/New-SyncShare.md | 383 ++++ .../syncshare/Remove-SyncShare.md | 192 ++ .../syncshare/Repair-SyncShare.md | 216 ++ .../syncshare/Set-SyncServerSetting.md | 252 ++ .../syncshare/Set-SyncShare.md | 383 ++++ .../winserver2025-ps/syncshare/SyncShare.md | 47 + .../systeminsights/Add-InsightsCapability.md | 153 ++ .../Disable-InsightsCapability.md | 134 ++ .../Disable-InsightsCapabilitySchedule.md | 137 ++ .../Enable-InsightsCapability.md | 104 + .../Enable-InsightsCapabilitySchedule.md | 106 + .../systeminsights/Get-InsightsCapability.md | 116 + .../Get-InsightsCapabilityAction.md | 115 + .../Get-InsightsCapabilityResult.md | 136 ++ .../Get-InsightsCapabilitySchedule.md | 119 + .../Invoke-InsightsCapability.md | 143 ++ .../Remove-InsightsCapability.md | 140 ++ .../Remove-InsightsCapabilityAction.md | 182 ++ .../Set-InsightsCapabilityAction.md | 193 ++ .../Set-InsightsCapabilitySchedule.md | 324 +++ .../systeminsights/SystemInsights.md | 65 + .../Update-InsightsCapability.md | 150 ++ .../tls/Disable-TlsCipherSuite.md | 107 + .../tls/Disable-TlsEccCurve.md | 106 + .../tls/Disable-TlsSessionTicketKey.md | 118 + .../tls/Enable-TlsCipherSuite.md | 160 ++ .../tls/Enable-TlsEccCurve.md | 131 ++ .../tls/Enable-TlsSessionTicketKey.md | 181 ++ .../tls/Export-TlsSessionTicketKey.md | 154 ++ .../tls/Get-TlsCipherSuite.md | 154 ++ .../winserver2025-ps/tls/Get-TlsEccCurve.md | 95 + .../tls/New-TlsSessionTicketKey.md | 106 + docset/winserver2025-ps/tls/TLS.md | 58 + .../Get-TroubleshootingPack.md | 134 ++ .../Invoke-TroubleshootingPack.md | 161 ++ .../TroubleshootingPack.md | 23 + .../trustedplatformmodule/Clear-Tpm.md | 192 ++ .../ConvertTo-TpmOwnerAuth.md | 76 + .../Disable-TpmAutoProvisioning.md | 105 + .../Enable-TpmAutoProvisioning.md | 70 + .../trustedplatformmodule/Get-Tpm.md | 92 + .../Get-TpmEndorsementKeyInfo.md | 104 + .../Get-TpmSupportedFeature.md | 74 + .../Import-TpmOwnerAuth.md | 125 + .../trustedplatformmodule/Initialize-Tpm.md | 106 + .../trustedplatformmodule/Set-TpmOwnerAuth.md | 191 ++ .../TrustedPlatformModule.md | 50 + .../trustedplatformmodule/Unblock-Tpm.md | 109 + .../uev/Clear-UevAppxPackage.md | 162 ++ .../uev/Clear-UevConfiguration.md | 472 ++++ docset/winserver2025-ps/uev/Disable-Uev.md | 52 + .../uev/Disable-UevAppxPackage.md | 138 ++ .../uev/Disable-UevTemplate.md | 110 + docset/winserver2025-ps/uev/Enable-Uev.md | 55 + .../uev/Enable-UevAppxPackage.md | 138 ++ .../uev/Enable-UevTemplate.md | 108 + .../uev/Export-UevConfiguration.md | 72 + .../winserver2025-ps/uev/Export-UevPackage.md | 157 ++ .../uev/Get-UevAppxPackage.md | 94 + .../uev/Get-UevConfiguration.md | 174 ++ docset/winserver2025-ps/uev/Get-UevStatus.md | 51 + .../winserver2025-ps/uev/Get-UevTemplate.md | 229 ++ .../uev/Get-UevTemplateProgram.md | 135 ++ .../uev/Import-UevConfiguration.md | 102 + .../uev/Register-UevTemplate.md | 157 ++ .../uev/Repair-UevTemplateIndex.md | 79 + .../winserver2025-ps/uev/Restore-UevBackup.md | 97 + .../uev/Restore-UevUserSetting.md | 178 ++ .../uev/Set-UevConfiguration.md | 660 ++++++ .../uev/Set-UevTemplateProfile.md | 129 ++ .../winserver2025-ps/uev/Test-UevTemplate.md | 152 ++ docset/winserver2025-ps/uev/UEV.md | 92 + .../uev/Unregister-UevTemplate.md | 150 ++ .../uev/Update-UevTemplate.md | 148 ++ .../updateservices/Add-WsusComputer.md | 121 + .../updateservices/Add-WsusDynamicCategory.md | 181 ++ .../updateservices/Approve-WsusUpdate.md | 145 ++ .../updateservices/Deny-WsusUpdate.md | 105 + .../updateservices/Get-WsusClassification.md | 100 + .../updateservices/Get-WsusComputer.md | 357 +++ .../updateservices/Get-WsusDynamicCategory.md | 231 ++ .../updateservices/Get-WsusProduct.md | 126 + .../updateservices/Get-WsusServer.md | 121 + .../updateservices/Get-WsusUpdate.md | 203 ++ .../Invoke-WsusServerCleanup.md | 212 ++ .../Remove-WsusDynamicCategory.md | 170 ++ .../updateservices/Set-WsusClassification.md | 125 + .../updateservices/Set-WsusDynamicCategory.md | 206 ++ .../updateservices/Set-WsusProduct.md | 123 + .../Set-WsusServerSynchronization.md | 202 ++ .../updateservices/UpdateServices.md | 82 + .../useraccesslogging/Disable-Ual.md | 110 + .../useraccesslogging/Enable-Ual.md | 110 + .../useraccesslogging/Get-Ual.md | 115 + .../useraccesslogging/Get-UalDailyAccess.md | 278 +++ .../Get-UalDailyDeviceAccess.md | 236 ++ .../Get-UalDailyUserAccess.md | 233 ++ .../useraccesslogging/Get-UalDeviceAccess.md | 258 +++ .../useraccesslogging/Get-UalDns.md | 212 ++ .../useraccesslogging/Get-UalHyperV.md | 225 ++ .../useraccesslogging/Get-UalOverview.md | 204 ++ .../useraccesslogging/Get-UalServerDevice.md | 224 ++ .../useraccesslogging/Get-UalServerUser.md | 223 ++ .../useraccesslogging/Get-UalSystemId.md | 511 +++++ .../useraccesslogging/Get-UalUserAccess.md | 258 +++ .../useraccesslogging/UserAccessLogging.md | 59 + .../vamt/Add-VamtProductKey.md | 103 + .../winserver2025-ps/vamt/Export-VamtData.md | 153 ++ .../vamt/Find-VamtManagedMachine.md | 213 ++ .../vamt/Get-VamtConfirmationId.md | 129 ++ .../winserver2025-ps/vamt/Get-VamtProduct.md | 109 + .../vamt/Get-VamtProductKey.md | 88 + .../winserver2025-ps/vamt/Import-VamtData.md | 144 ++ .../vamt/Initialize-VamtData.md | 119 + .../vamt/Install-VamtConfirmationId.md | 104 + .../vamt/Install-VamtProductActivation.md | 95 + .../vamt/Install-VamtProductKey.md | 151 ++ .../vamt/Update-VamtProduct.md | 131 ++ docset/winserver2025-ps/vamt/VAMT.md | 53 + .../vpnclient/Add-VpnConnection.md | 576 +++++ .../vpnclient/Add-VpnConnectionRoute.md | 249 ++ .../Add-VpnConnectionTriggerApplication.md | 201 ++ ...dd-VpnConnectionTriggerDnsConfiguration.md | 277 +++ .../Add-VpnConnectionTriggerTrustedNetwork.md | 200 ++ .../vpnclient/Get-VpnConnection.md | 328 +++ .../vpnclient/Get-VpnConnectionTrigger.md | 121 + .../vpnclient/New-EapConfiguration.md | 418 ++++ .../vpnclient/New-VpnServerAddress.md | 178 ++ .../vpnclient/Remove-VpnConnection.md | 284 +++ .../vpnclient/Remove-VpnConnectionRoute.md | 233 ++ .../Remove-VpnConnectionTriggerApplication.md | 204 ++ ...ve-VpnConnectionTriggerDnsConfiguration.md | 206 ++ ...move-VpnConnectionTriggerTrustedNetwork.md | 199 ++ .../vpnclient/Set-VpnConnection.md | 613 +++++ .../Set-VpnConnectionIPsecConfiguration.md | 465 ++++ .../vpnclient/Set-VpnConnectionProxy.md | 250 ++ ...et-VpnConnectionTriggerDnsConfiguration.md | 262 +++ .../Set-VpnConnectionTriggerTrustedNetwork.md | 211 ++ .../winserver2025-ps/vpnclient/VpnClient.md | 74 + docset/winserver2025-ps/wdac/Add-OdbcDsn.md | 256 +++ .../wdac/Disable-OdbcPerfCounter.md | 215 ++ .../wdac/Disable-WdacBidTrace.md | 307 +++ .../wdac/Enable-OdbcPerfCounter.md | 217 ++ .../wdac/Enable-WdacBidTrace.md | 308 +++ .../winserver2025-ps/wdac/Get-OdbcDriver.md | 170 ++ docset/winserver2025-ps/wdac/Get-OdbcDsn.md | 215 ++ .../wdac/Get-OdbcPerfCounter.md | 143 ++ .../winserver2025-ps/wdac/Get-WdacBidTrace.md | 262 +++ .../winserver2025-ps/wdac/Remove-OdbcDsn.md | 297 +++ .../winserver2025-ps/wdac/Set-OdbcDriver.md | 298 +++ docset/winserver2025-ps/wdac/Set-OdbcDsn.md | 350 +++ docset/winserver2025-ps/wdac/Wdac.md | 53 + .../wds/Add-WdsDriverPackage.md | 274 +++ .../winserver2025-ps/wds/Approve-WdsClient.md | 346 +++ .../wds/Copy-WdsInstallImage.md | 354 +++ docset/winserver2025-ps/wds/Deny-WdsClient.md | 142 ++ .../wds/Disable-WdsBootImage.md | 208 ++ .../wds/Disable-WdsDriverPackage.md | 168 ++ .../wds/Disable-WdsInstallImage.md | 172 ++ .../wds/Disconnect-WdsMulticastClient.md | 138 ++ .../wds/Enable-WdsBootImage.md | 177 ++ .../wds/Enable-WdsDriverPackage.md | 169 ++ .../wds/Enable-WdsInstallImage.md | 172 ++ .../wds/Export-WdsBootImage.md | 243 ++ .../wds/Export-WdsInstallImage.md | 251 ++ .../winserver2025-ps/wds/Get-WdsBootImage.md | 176 ++ docset/winserver2025-ps/wds/Get-WdsClient.md | 320 +++ .../wds/Get-WdsDriverPackage.md | 164 ++ .../wds/Get-WdsInstallImage.md | 171 ++ .../wds/Get-WdsInstallImageGroup.md | 129 ++ .../wds/Get-WdsMulticastClient.md | 303 +++ .../wds/Import-WdsBootImage.md | 268 +++ .../wds/Import-WdsDriverPackage.md | 198 ++ .../wds/Import-WdsInstallImage.md | 414 ++++ docset/winserver2025-ps/wds/New-WdsClient.md | 355 +++ .../wds/New-WdsInstallImageGroup.md | 144 ++ .../wds/Remove-WdsBootImage.md | 207 ++ .../winserver2025-ps/wds/Remove-WdsClient.md | 288 +++ .../wds/Remove-WdsDriverPackage.md | 225 ++ .../wds/Remove-WdsInstallImage.md | 168 ++ .../wds/Remove-WdsInstallImageGroup.md | 127 ++ .../winserver2025-ps/wds/Set-WdsBootImage.md | 327 +++ docset/winserver2025-ps/wds/Set-WdsClient.md | 509 +++++ .../wds/Set-WdsInstallImage.md | 492 ++++ .../wds/Set-WdsInstallImageGroup.md | 166 ++ docset/winserver2025-ps/wds/WDS.md | 116 + .../webadministration/Add-WebConfiguration.md | 228 ++ .../Add-WebConfigurationLock.md | 177 ++ .../Add-WebConfigurationProperty.md | 260 +++ .../Backup-WebConfiguration.md | 83 + .../Clear-WebCentralCertProvider.md | 73 + .../Clear-WebConfiguration.md | 183 ++ .../Clear-WebRequestTracingSetting.md | 98 + .../Clear-WebRequestTracingSettings.md | 98 + .../ConvertTo-WebApplication.md | 138 ++ .../Disable-WebCentralCertProvider.md | 55 + .../Disable-WebGlobalModule.md | 134 ++ .../Disable-WebRequestTracing.md | 97 + .../Enable-WebCentralCertProvider.md | 118 + .../Enable-WebGlobalModule.md | 170 ++ .../Enable-WebRequestTracing.md | 140 ++ .../webadministration/Get-WebAppDomain.md | 94 + .../webadministration/Get-WebAppPoolState.md | 66 + .../webadministration/Get-WebApplication.md | 87 + .../webadministration/Get-WebBinding.md | 130 ++ .../Get-WebCentralCertProvider.md | 136 ++ .../webadministration/Get-WebConfigFile.md | 61 + .../webadministration/Get-WebConfiguration.md | 163 ++ .../Get-WebConfigurationBackup.md | 67 + .../Get-WebConfigurationLocation.md | 96 + .../Get-WebConfigurationLock.md | 97 + .../Get-WebConfigurationProperty.md | 173 ++ .../webadministration/Get-WebFilePath.md | 66 + .../webadministration/Get-WebGlobalModule.md | 101 + .../webadministration/Get-WebHandler.md | 98 + .../webadministration/Get-WebItemState.md | 93 + .../webadministration/Get-WebManagedModule.md | 97 + .../webadministration/Get-WebRequest.md | 93 + .../webadministration/Get-WebURL.md | 130 ++ .../Get-WebVirtualDirectory.md | 95 + .../webadministration/Get-Website.md | 73 + .../webadministration/Get-WebsiteState.md | 64 + .../webadministration/New-WebAppPool.md | 100 + .../webadministration/New-WebApplication.md | 129 ++ .../webadministration/New-WebBinding.md | 172 ++ .../webadministration/New-WebFtpSite.md | 155 ++ .../webadministration/New-WebGlobalModule.md | 116 + .../webadministration/New-WebHandler.md | 244 ++ .../webadministration/New-WebManagedModule.md | 143 ++ .../New-WebVirtualDirectory.md | 127 ++ .../webadministration/New-Website.md | 214 ++ .../webadministration/Remove-WebAppPool.md | 101 + .../Remove-WebApplication.md | 115 + .../webadministration/Remove-WebBinding.md | 205 ++ .../Remove-WebConfigurationBackup.md | 100 + .../Remove-WebConfigurationLocation.md | 130 ++ .../Remove-WebConfigurationLock.md | 146 ++ .../Remove-WebConfigurationProperty.md | 228 ++ .../Remove-WebGlobalModule.md | 102 + .../webadministration/Remove-WebHandler.md | 129 ++ .../Remove-WebManagedModule.md | 129 ++ .../Remove-WebVirtualDirectory.md | 127 ++ .../webadministration/Remove-Website.md | 100 + .../Rename-WebConfigurationLocation.md | 142 ++ .../webadministration/Restart-WebAppPool.md | 69 + .../webadministration/Restart-WebItem.md | 85 + .../Restore-WebConfiguration.md | 108 + .../Select-WebConfiguration.md | 74 + .../webadministration/Set-WebBinding.md | 196 ++ .../Set-WebCentralCertProvider.md | 119 + .../Set-WebCentralCertProviderCredential.md | 78 + .../webadministration/Set-WebConfiguration.md | 230 ++ .../Set-WebConfigurationProperty.md | 280 +++ .../webadministration/Set-WebGlobalModule.md | 133 ++ .../webadministration/Set-WebHandler.md | 262 +++ .../webadministration/Set-WebManagedModule.md | 159 ++ .../webadministration/Start-WebAppPool.md | 91 + .../webadministration/Start-WebCommitDelay.md | 49 + .../webadministration/Start-WebItem.md | 99 + .../webadministration/Start-Website.md | 84 + .../webadministration/Stop-WebAppPool.md | 84 + .../webadministration/Stop-WebCommitDelay.md | 87 + .../webadministration/Stop-WebItem.md | 115 + .../webadministration/Stop-Website.md | 92 + .../webadministration/WebAdministration.md | 251 ++ .../Add-WebApplicationProxyApplication.md | 481 ++++ .../Get-WebApplicationProxyApplication.md | 187 ++ ...plicationProxyAvailableADFSRelyingParty.md | 152 ++ .../Get-WebApplicationProxyConfiguration.md | 123 + .../Get-WebApplicationProxyHealth.md | 68 + .../Get-WebApplicationProxySslCertificate.md | 52 + .../Install-WebApplicationProxy.md | 180 ++ .../Remove-WebApplicationProxyApplication.md | 174 ++ .../Set-WebApplicationProxyApplication.md | 490 ++++ .../Set-WebApplicationProxyConfiguration.md | 300 +++ .../Set-WebApplicationProxySslCertificate.md | 99 + ...e-WebApplicationProxyDeviceRegistration.md | 73 + .../WebApplicationProxy.md | 53 + .../whea/Get-WheaMemoryPolicy.md | 73 + .../whea/Set-WheaMemoryPolicy.md | 197 ++ docset/winserver2025-ps/whea/WHEA.md | 23 + .../Get-WindowsDeveloperLicense.md | 57 + ...how-WindowsDeveloperLicenseRegistration.md | 57 + .../Unregister-WindowsDeveloperLicense.md | 107 + .../WindowsDeveloperLicense.md | 30 + .../Clear-WindowsDiagnosticData.md | 63 + .../WindowsDiagnosticData.md | 17 + .../Disable-WindowsErrorReporting.md | 60 + .../Enable-WindowsErrorReporting.md | 61 + .../Get-WindowsErrorReporting.md | 59 + .../WindowsErrorReporting.md | 26 + .../windowssearch/Get-WindowsSearchSetting.md | 82 + .../windowssearch/Set-WindowsSearchSetting.md | 152 ++ .../windowssearch/WindowsSearch.md | 25 + .../windowsserverbackup/Add-WBBackupTarget.md | 130 ++ .../Add-WBBareMetalRecovery.md | 87 + .../windowsserverbackup/Add-WBFileSpec.md | 124 + .../windowsserverbackup/Add-WBSystemState.md | 83 + .../Add-WBVirtualMachine.md | 145 ++ .../windowsserverbackup/Add-WBVolume.md | 103 + .../windowsserverbackup/Backup-ACL.md | 164 ++ .../windowsserverbackup/Get-WBBackupSet.md | 114 + .../windowsserverbackup/Get-WBBackupTarget.md | 86 + .../Get-WBBackupVolumeBrowsePath.md | 100 + .../Get-WBBareMetalRecovery.md | 79 + .../windowsserverbackup/Get-WBDisk.md | 66 + .../windowsserverbackup/Get-WBFileSpec.md | 109 + .../windowsserverbackup/Get-WBJob.md | 92 + .../Get-WBPerformanceConfiguration.md | 114 + .../windowsserverbackup/Get-WBPolicy.md | 83 + .../windowsserverbackup/Get-WBSchedule.md | 78 + .../windowsserverbackup/Get-WBSummary.md | 58 + .../windowsserverbackup/Get-WBSystemState.md | 82 + .../Get-WBVirtualMachine.md | 106 + .../windowsserverbackup/Get-WBVolume.md | 238 ++ .../Get-WBVssBackupOption.md | 79 + .../windowsserverbackup/New-WBBackupTarget.md | 305 +++ .../windowsserverbackup/New-WBFileSpec.md | 140 ++ .../windowsserverbackup/New-WBPolicy.md | 65 + .../windowsserverbackup/Remove-WBBackupSet.md | 242 ++ .../Remove-WBBackupTarget.md | 115 + .../Remove-WBBareMetalRecovery.md | 78 + .../windowsserverbackup/Remove-WBCatalog.md | 77 + .../windowsserverbackup/Remove-WBFileSpec.md | 132 ++ .../windowsserverbackup/Remove-WBPolicy.md | 149 ++ .../Remove-WBSystemState.md | 86 + .../Remove-WBVirtualMachine.md | 144 ++ .../windowsserverbackup/Remove-WBVolume.md | 135 ++ .../windowsserverbackup/Restore-ACL.md | 129 ++ .../windowsserverbackup/Restore-WBCatalog.md | 95 + .../windowsserverbackup/Resume-WBBackup.md | 71 + .../Resume-WBVolumeRecovery.md | 53 + .../Set-WBPerformanceConfiguration.md | 128 ++ .../windowsserverbackup/Set-WBPolicy.md | 177 ++ .../windowsserverbackup/Set-WBSchedule.md | 102 + .../Set-WBVssBackupOption.md | 110 + .../Start-WBApplicationRecovery.md | 162 ++ .../windowsserverbackup/Start-WBBackup.md | 214 ++ .../Start-WBFileRecovery.md | 220 ++ .../Start-WBHyperVRecovery.md | 203 ++ .../Start-WBSystemStateRecovery.md | 195 ++ .../Start-WBVolumeRecovery.md | 175 ++ .../windowsserverbackup/Stop-WBJob.md | 98 + .../WindowsServerBackup.md | 164 ++ .../windowsupdate/Get-WindowsUpdateLog.md | 247 ++ .../windowsupdate/WindowsUpdate.md | 20 + 3541 files changed, 801929 insertions(+), 14 deletions(-) create mode 100644 docset/docs-conceptual/winserver2025-ps/get-started.md create mode 100644 docset/docs-conceptual/winserver2025-ps/module-compatibility.md create mode 100644 docset/docs-conceptual/winserver2025-ps/toc.yml create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Disable-DiagnosticDataViewing.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Enable-DiagnosticDataViewing.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticData.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataTypes.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataViewingSetting.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticStoreCapacity.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Microsoft.DiagnosticDataViewer.md create mode 100644 docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Set-DiagnosticStoreCapacity.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Disable-ServerManagerStandardUserRemoting.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Enable-ServerManagerStandardUserRemoting.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Export-SmigServerSetting.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-SmigServerFeature.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-WindowsFeature.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Import-SmigServerSetting.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Install-WindowsFeature.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Microsoft.Windows.ServerManager.Migration.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Receive-SmigServerData.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Send-SmigServerData.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/ServerManager.md create mode 100644 docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Uninstall-WindowsFeature.md create mode 100644 docset/winserver2025-ps/ServerManager/Disable-ServerManagerStandardUserRemoting.md create mode 100644 docset/winserver2025-ps/ServerManager/Enable-ServerManagerStandardUserRemoting.md create mode 100644 docset/winserver2025-ps/ServerManager/Get-WindowsFeature.md create mode 100644 docset/winserver2025-ps/ServerManager/Install-WindowsFeature.md create mode 100644 docset/winserver2025-ps/ServerManager/ServerManager.md create mode 100644 docset/winserver2025-ps/ServerManager/Uninstall-WindowsFeature.md create mode 100644 docset/winserver2025-ps/activedirectory/ActiveDirectory.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADCentralAccessPolicyMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADComputerServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADDomainControllerPasswordReplicationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADFineGrainedPasswordPolicySubject.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADGroupMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADPrincipalGroupMembership.md create mode 100644 docset/winserver2025-ps/activedirectory/Add-ADResourcePropertyListMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Clear-ADAccountExpiration.md create mode 100644 docset/winserver2025-ps/activedirectory/Clear-ADClaimTransformLink.md create mode 100644 docset/winserver2025-ps/activedirectory/Disable-ADAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Disable-ADOptionalFeature.md create mode 100644 docset/winserver2025-ps/activedirectory/Enable-ADAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Enable-ADOptionalFeature.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADAccountAuthorizationGroup.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADAccountResultantPasswordReplicationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicySilo.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADCentralAccessPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADCentralAccessRule.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADClaimTransformPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADClaimType.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADComputer.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADComputerServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDCCloningExcludedApplicationList.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDefaultDomainPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDomain.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDomainController.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicyUsage.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicySubject.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADForest.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADGroup.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADGroupMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADOptionalFeature.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADOrganizationalUnit.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADPrincipalGroupMembership.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationAttributeMetadata.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationConnection.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationFailure.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationPartnerMetadata.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationQueueOperation.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationSite.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLink.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLinkBridge.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationSubnet.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADReplicationUpToDatenessVectorTable.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADResourceProperty.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyList.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyValueType.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADRootDSE.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADTrust.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADUser.md create mode 100644 docset/winserver2025-ps/activedirectory/Get-ADUserResultantPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Grant-ADAuthenticationPolicySiloAccess.md create mode 100644 docset/winserver2025-ps/activedirectory/Install-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Move-ADDirectoryServer.md create mode 100644 docset/winserver2025-ps/activedirectory/Move-ADDirectoryServerOperationMasterRole.md create mode 100644 docset/winserver2025-ps/activedirectory/Move-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicySilo.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADCentralAccessPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADCentralAccessRule.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADClaimTransformPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADClaimType.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADComputer.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADDCCloneConfigFile.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADGroup.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADOrganizationalUnit.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADReplicationSite.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLink.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLinkBridge.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADReplicationSubnet.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADResourceProperty.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADResourcePropertyList.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/New-ADUser.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicySilo.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicyMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessRule.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADClaimTransformPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADClaimType.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADComputer.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADComputerServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADDomainControllerPasswordReplicationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicySubject.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADGroup.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADGroupMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADOrganizationalUnit.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADPrincipalGroupMembership.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADReplicationSite.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLink.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLinkBridge.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADReplicationSubnet.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADResourceProperty.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyList.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyListMember.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Remove-ADUser.md create mode 100644 docset/winserver2025-ps/activedirectory/Rename-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Reset-ADServiceAccountPassword.md create mode 100644 docset/winserver2025-ps/activedirectory/Restore-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Revoke-ADAuthenticationPolicySiloAccess.md create mode 100644 docset/winserver2025-ps/activedirectory/Search-ADAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAccountAuthenticationPolicySilo.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAccountControl.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAccountExpiration.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAccountPassword.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicySilo.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADCentralAccessPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADCentralAccessRule.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADClaimTransformLink.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADClaimTransformPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADClaimType.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADComputer.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADDefaultDomainPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADDomain.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADDomainMode.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADFineGrainedPasswordPolicy.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADForest.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADForestMode.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADGroup.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADOrganizationalUnit.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADReplicationConnection.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADReplicationSite.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLink.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLinkBridge.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADReplicationSubnet.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADResourceProperty.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADResourcePropertyList.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Set-ADUser.md create mode 100644 docset/winserver2025-ps/activedirectory/Show-ADAuthenticationPolicyExpression.md create mode 100644 docset/winserver2025-ps/activedirectory/Sync-ADObject.md create mode 100644 docset/winserver2025-ps/activedirectory/Test-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Uninstall-ADServiceAccount.md create mode 100644 docset/winserver2025-ps/activedirectory/Unlock-ADAccount.md create mode 100644 docset/winserver2025-ps/adcsadministration/ADCSAdministration.md create mode 100644 docset/winserver2025-ps/adcsadministration/Add-CAAuthorityInformationAccess.md create mode 100644 docset/winserver2025-ps/adcsadministration/Add-CACrlDistributionPoint.md create mode 100644 docset/winserver2025-ps/adcsadministration/Add-CATemplate.md create mode 100644 docset/winserver2025-ps/adcsadministration/Backup-CARoleService.md create mode 100644 docset/winserver2025-ps/adcsadministration/Confirm-CAAttestationIdentityKeyInfo.md create mode 100644 docset/winserver2025-ps/adcsadministration/Confirm-CAEndorsementKeyInfo.md create mode 100644 docset/winserver2025-ps/adcsadministration/Get-CAAuthorityInformationAccess.md create mode 100644 docset/winserver2025-ps/adcsadministration/Get-CACrlDistributionPoint.md create mode 100644 docset/winserver2025-ps/adcsadministration/Get-CATemplate.md create mode 100644 docset/winserver2025-ps/adcsadministration/Remove-CAAuthorityInformationAccess.md create mode 100644 docset/winserver2025-ps/adcsadministration/Remove-CACrlDistributionPoint.md create mode 100644 docset/winserver2025-ps/adcsadministration/Remove-CATemplate.md create mode 100644 docset/winserver2025-ps/adcsadministration/Restore-CARoleService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/ADCSDeployment.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsCertificationAuthority.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentPolicyWebService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentWebService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsNetworkDeviceEnrollmentService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsOnlineResponder.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Install-AdcsWebEnrollment.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsCertificationAuthority.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentPolicyWebService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentWebService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsNetworkDeviceEnrollmentService.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsOnlineResponder.md create mode 100644 docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsWebEnrollment.md create mode 100644 docset/winserver2025-ps/addsdeployment/ADDSDeployment.md create mode 100644 docset/winserver2025-ps/addsdeployment/Add-ADDSReadOnlyDomainControllerAccount.md create mode 100644 docset/winserver2025-ps/addsdeployment/Install-ADDSDomain.md create mode 100644 docset/winserver2025-ps/addsdeployment/Install-ADDSDomainController.md create mode 100644 docset/winserver2025-ps/addsdeployment/Install-ADDSForest.md create mode 100644 docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerInstallation.md create mode 100644 docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerUninstallation.md create mode 100644 docset/winserver2025-ps/addsdeployment/Test-ADDSDomainInstallation.md create mode 100644 docset/winserver2025-ps/addsdeployment/Test-ADDSForestInstallation.md create mode 100644 docset/winserver2025-ps/addsdeployment/Test-ADDSReadOnlyDomainControllerAccountCreation.md create mode 100644 docset/winserver2025-ps/addsdeployment/Uninstall-ADDSDomainController.md create mode 100644 docset/winserver2025-ps/adfs/ADFS.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsAttributeStore.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsClaimDescription.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsDeviceRegistrationUpnSuffix.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsFarmNode.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsNativeClientApplication.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsScopeDescription.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsServerApplication.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsTrustedFederationPartner.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsWebApiApplication.md create mode 100644 docset/winserver2025-ps/adfs/Add-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsCertificateAuthority.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsDeviceRegistration.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsEndpoint.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Disable-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsDeviceRegistration.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsEndpoint.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Enable-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Export-AdfsAuthenticationProviderConfigurationData.md create mode 100644 docset/winserver2025-ps/adfs/Export-AdfsDeploymentSQLScript.md create mode 100644 docset/winserver2025-ps/adfs/Export-AdfsWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Export-AdfsWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAccessControlPolicy.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAdditionalAuthenticationRule.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsApplicationPermission.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAttributeStore.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProvider.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProviderWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsAzureMfaConfigured.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsCertificateAuthority.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsClaimDescription.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistration.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistrationUpnSuffix.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsEndpoint.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsFarmInformation.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsGlobalAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsGlobalWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsNativeClientApplication.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsProperties.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsRegistrationHosts.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsScopeDescription.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsServerApplication.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsSslCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsSyncProperties.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsTrustedFederationPartner.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsWebApiApplication.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsWebConfig.md create mode 100644 docset/winserver2025-ps/adfs/Get-AdfsWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Grant-AdfsApplicationPermission.md create mode 100644 docset/winserver2025-ps/adfs/Import-AdfsAuthenticationProviderConfigurationData.md create mode 100644 docset/winserver2025-ps/adfs/Import-AdfsWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Initialize-ADDeviceRegistration.md create mode 100644 docset/winserver2025-ps/adfs/Install-AdfsFarm.md create mode 100644 docset/winserver2025-ps/adfs/Invoke-AdfsFarmBehaviorLevelRaise.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsAccessControlPolicy.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsAzureMfaTenantCertificate.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsClaimRuleSet.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsContactPerson.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsLdapAttributeToClaimMapping.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsLdapServerConnection.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsOrganization.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsSamlEndpoint.md create mode 100644 docset/winserver2025-ps/adfs/New-AdfsWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Publish-SslCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Register-AdfsAuthenticationProvider.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsAccessControlPolicy.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsAttributeStore.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsAuthenticationProviderWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsClaimDescription.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsDeviceRegistrationUpnSuffix.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsFarmNode.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsGlobalWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsNativeClientApplication.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrustsGroup.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsScopeDescription.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsServerApplication.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsTrustedFederationPartner.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsWebApiApplication.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Remove-AdfsWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Restore-AdfsFarmBehaviorLevel.md create mode 100644 docset/winserver2025-ps/adfs/Revoke-AdfsApplicationPermission.md create mode 100644 docset/winserver2025-ps/adfs/Revoke-AdfsProxyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAccessControlPolicy.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAdditionalAuthenticationRule.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAlternateTlsClientBinding.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsApplicationGroup.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsApplicationPermission.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAttributeStore.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAuthenticationProviderWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsAzureMfaTenant.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsCertSharingContainer.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsCertificateAuthority.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsClaimDescription.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsClient.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistration.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistrationUpnSuffix.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsEndpoint.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsFarmInformation.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsGlobalAuthenticationPolicy.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsGlobalWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsLocalClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsNativeClientApplication.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsNonClaimsAwareRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsProperties.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsRegistrationHosts.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebContent.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsScopeDescription.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsServerApplication.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsSslCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsSyncProperties.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsTrustedFederationPartner.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsWebApiApplication.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsWebApplicationProxyRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsWebConfig.md create mode 100644 docset/winserver2025-ps/adfs/Set-AdfsWebTheme.md create mode 100644 docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRaise.md create mode 100644 docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRestore.md create mode 100644 docset/winserver2025-ps/adfs/Test-AdfsFarmInstallation.md create mode 100644 docset/winserver2025-ps/adfs/Test-AdfsFarmJoin.md create mode 100644 docset/winserver2025-ps/adfs/Unregister-AdfsAuthenticationProvider.md create mode 100644 docset/winserver2025-ps/adfs/Update-AdfsCertificate.md create mode 100644 docset/winserver2025-ps/adfs/Update-AdfsClaimsProviderTrust.md create mode 100644 docset/winserver2025-ps/adfs/Update-AdfsRelyingPartyTrust.md create mode 100644 docset/winserver2025-ps/adrms/ADRMS.md create mode 100644 docset/winserver2025-ps/adrms/Install-ADRMS.md create mode 100644 docset/winserver2025-ps/adrms/Uninstall-ADRMS.md create mode 100644 docset/winserver2025-ps/adrms/Update-ADRMS.md create mode 100644 docset/winserver2025-ps/adrmsadmin/ADRMSAdmin.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Export-RmsReportDefinitionLanguage.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Export-RmsTPD.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Export-RmsTUD.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsCertChain.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsCertInfo.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsChildCert.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsEncryptedIL.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsRequestInfo.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsSvcAccount.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsSystemHealthReport.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Get-RmsUserRequestReport.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Import-RmsTPD.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Import-RmsTUD.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Initialize-RmsCryptoMode2.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Install-RmsMfgEnrollment.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Install-RmsMfgSupport.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Set-RmsSvcAccount.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgEnrollment.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgSupport.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Update-RmsCluster.md create mode 100644 docset/winserver2025-ps/adrmsadmin/Update-RmsMfgEnrollment.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/AppBackgroundTask.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Disable-AppBackgroundTaskDiagnosticLog.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Enable-AppBackgroundTaskDiagnosticLog.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Get-AppBackgroundTask.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Set-AppBackgroundTaskResourcePolicy.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Start-AppBackgroundTask.md create mode 100644 docset/winserver2025-ps/appbackgroundtask/Unregister-AppBackgroundTask.md create mode 100644 docset/winserver2025-ps/applocker/AppLocker.md create mode 100644 docset/winserver2025-ps/applocker/Get-AppLockerFileInformation.md create mode 100644 docset/winserver2025-ps/applocker/Get-AppLockerPolicy.md create mode 100644 docset/winserver2025-ps/applocker/New-AppLockerPolicy.md create mode 100644 docset/winserver2025-ps/applocker/Set-AppLockerPolicy.md create mode 100644 docset/winserver2025-ps/applocker/Test-AppLockerPolicy.md create mode 100644 docset/winserver2025-ps/appvclient/Add-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Add-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Add-AppvPublishingServer.md create mode 100644 docset/winserver2025-ps/appvclient/AppvClient.md create mode 100644 docset/winserver2025-ps/appvclient/Disable-Appv.md create mode 100644 docset/winserver2025-ps/appvclient/Disable-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Enable-Appv.md create mode 100644 docset/winserver2025-ps/appvclient/Enable-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvClientApplication.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvClientConfiguration.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvClientMode.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvPublishingServer.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvStatus.md create mode 100644 docset/winserver2025-ps/appvclient/Get-AppvVirtualProcess.md create mode 100644 docset/winserver2025-ps/appvclient/Mount-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Mount-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Publish-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Remove-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Remove-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Remove-AppvPublishingServer.md create mode 100644 docset/winserver2025-ps/appvclient/Repair-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Repair-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Send-AppvClientReport.md create mode 100644 docset/winserver2025-ps/appvclient/Set-AppvClientConfiguration.md create mode 100644 docset/winserver2025-ps/appvclient/Set-AppvClientMode.md create mode 100644 docset/winserver2025-ps/appvclient/Set-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Set-AppvPublishingServer.md create mode 100644 docset/winserver2025-ps/appvclient/Start-AppvVirtualProcess.md create mode 100644 docset/winserver2025-ps/appvclient/Stop-AppvClientConnectionGroup.md create mode 100644 docset/winserver2025-ps/appvclient/Stop-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvclient/Sync-AppvPublishingServer.md create mode 100644 docset/winserver2025-ps/appvclient/Unpublish-AppvClientPackage.md create mode 100644 docset/winserver2025-ps/appvsequencer/AppvSequencer.md create mode 100644 docset/winserver2025-ps/appvsequencer/Expand-AppvSequencerPackage.md create mode 100644 docset/winserver2025-ps/appvsequencer/New-AppvPackageAccelerator.md create mode 100644 docset/winserver2025-ps/appvsequencer/New-AppvSequencerPackage.md create mode 100644 docset/winserver2025-ps/appvsequencer/Update-AppvSequencerPackage.md create mode 100644 docset/winserver2025-ps/appx/Add-AppSharedPackageContainer.md create mode 100644 docset/winserver2025-ps/appx/Add-AppxPackage.md create mode 100644 docset/winserver2025-ps/appx/Add-AppxVolume.md create mode 100644 docset/winserver2025-ps/appx/Appx.md create mode 100644 docset/winserver2025-ps/appx/Dismount-AppxVolume.md create mode 100644 docset/winserver2025-ps/appx/Get-AppSharedPackageContainer.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxDefaultVolume.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxLastError.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxLog.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxPackage.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxPackageAutoUpdateSettings.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxPackageManifest.md create mode 100644 docset/winserver2025-ps/appx/Get-AppxVolume.md create mode 100644 docset/winserver2025-ps/appx/Invoke-CommandInDesktopPackage.md create mode 100644 docset/winserver2025-ps/appx/Mount-AppxVolume.md create mode 100644 docset/winserver2025-ps/appx/Move-AppxPackage.md create mode 100644 docset/winserver2025-ps/appx/Remove-AppSharedPackageContainer.md create mode 100644 docset/winserver2025-ps/appx/Remove-AppxPackage.md create mode 100644 docset/winserver2025-ps/appx/Remove-AppxPackageAutoUpdateSettings.md create mode 100644 docset/winserver2025-ps/appx/Remove-AppxVolume.md create mode 100644 docset/winserver2025-ps/appx/Reset-AppSharedPackageContainer.md create mode 100644 docset/winserver2025-ps/appx/Reset-AppxPackage.md create mode 100644 docset/winserver2025-ps/appx/Set-AppxDefaultVolume.md create mode 100644 docset/winserver2025-ps/appx/Set-AppxPackageAutoUpdateSettings.md create mode 100644 docset/winserver2025-ps/assignedaccess/AssignedAccess.md create mode 100644 docset/winserver2025-ps/assignedaccess/Clear-AssignedAccess.md create mode 100644 docset/winserver2025-ps/assignedaccess/Get-AssignedAccess.md create mode 100644 docset/winserver2025-ps/assignedaccess/Set-AssignedAccess.md create mode 100644 docset/winserver2025-ps/bestpractices/BestPractices.md create mode 100644 docset/winserver2025-ps/bestpractices/Get-BpaModel.md create mode 100644 docset/winserver2025-ps/bestpractices/Get-BpaResult.md create mode 100644 docset/winserver2025-ps/bestpractices/Invoke-BpaModel.md create mode 100644 docset/winserver2025-ps/bestpractices/Set-BpaResult.md create mode 100644 docset/winserver2025-ps/bitlocker/Add-BitLockerKeyProtector.md create mode 100644 docset/winserver2025-ps/bitlocker/Backup-BitLockerKeyProtector.md create mode 100644 docset/winserver2025-ps/bitlocker/BackupToAAD-BitLockerKeyProtector.md create mode 100644 docset/winserver2025-ps/bitlocker/BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Clear-BitLockerAutoUnlock.md create mode 100644 docset/winserver2025-ps/bitlocker/Disable-BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Disable-BitLockerAutoUnlock.md create mode 100644 docset/winserver2025-ps/bitlocker/Enable-BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Enable-BitLockerAutoUnlock.md create mode 100644 docset/winserver2025-ps/bitlocker/Get-BitLockerVolume.md create mode 100644 docset/winserver2025-ps/bitlocker/Lock-BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Remove-BitLockerKeyProtector.md create mode 100644 docset/winserver2025-ps/bitlocker/Resume-BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Suspend-BitLocker.md create mode 100644 docset/winserver2025-ps/bitlocker/Unlock-BitLocker.md create mode 100644 docset/winserver2025-ps/bitstransfer/Add-BitsFile.md create mode 100644 docset/winserver2025-ps/bitstransfer/BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Complete-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Get-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Remove-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Resume-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Set-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Start-BitsTransfer.md create mode 100644 docset/winserver2025-ps/bitstransfer/Suspend-BitsTransfer.md create mode 100644 docset/winserver2025-ps/booteventcollector/BootEventCollector.md create mode 100644 docset/winserver2025-ps/booteventcollector/Checkpoint-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Clear-SbecProviderCache.md create mode 100644 docset/winserver2025-ps/booteventcollector/Disable-SbecAutologger.md create mode 100644 docset/winserver2025-ps/booteventcollector/Disable-SbecBcd.md create mode 100644 docset/winserver2025-ps/booteventcollector/Enable-SbecAutologger.md create mode 100644 docset/winserver2025-ps/booteventcollector/Enable-SbecBcd.md create mode 100644 docset/winserver2025-ps/booteventcollector/Enable-SbecBootImage.md create mode 100644 docset/winserver2025-ps/booteventcollector/Enable-SbecWdsBcd.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecBackupConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecDestination.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecForwarding.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecHistory.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecLocalizedMessage.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Get-SbecTraceProviders.md create mode 100644 docset/winserver2025-ps/booteventcollector/New-SbecUnattendFragment.md create mode 100644 docset/winserver2025-ps/booteventcollector/Redo-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Restore-SbecBackupConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Save-SbecInstance.md create mode 100644 docset/winserver2025-ps/booteventcollector/Save-SbecLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Set-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Set-SbecLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Start-SbecInstance.md create mode 100644 docset/winserver2025-ps/booteventcollector/Start-SbecLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Start-SbecNtKernelLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Start-SbecSimpleLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Stop-SbecInstance.md create mode 100644 docset/winserver2025-ps/booteventcollector/Stop-SbecLogSession.md create mode 100644 docset/winserver2025-ps/booteventcollector/Test-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Test-SbecConfig.md create mode 100644 docset/winserver2025-ps/booteventcollector/Undo-SbecActiveConfig.md create mode 100644 docset/winserver2025-ps/branchcache/Add-BCDataCacheExtension.md create mode 100644 docset/winserver2025-ps/branchcache/BranchCache.md create mode 100644 docset/winserver2025-ps/branchcache/Clear-BCCache.md create mode 100644 docset/winserver2025-ps/branchcache/Disable-BC.md create mode 100644 docset/winserver2025-ps/branchcache/Disable-BCDowngrading.md create mode 100644 docset/winserver2025-ps/branchcache/Disable-BCServeOnBattery.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCDistributed.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCDowngrading.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCHostedClient.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCHostedServer.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCLocal.md create mode 100644 docset/winserver2025-ps/branchcache/Enable-BCServeOnBattery.md create mode 100644 docset/winserver2025-ps/branchcache/Export-BCCachePackage.md create mode 100644 docset/winserver2025-ps/branchcache/Export-BCSecretKey.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCClientConfiguration.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCContentServerConfiguration.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCDataCache.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCDataCacheExtension.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCHashCache.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCHostedCacheServerConfiguration.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCNetworkConfiguration.md create mode 100644 docset/winserver2025-ps/branchcache/Get-BCStatus.md create mode 100644 docset/winserver2025-ps/branchcache/Import-BCCachePackage.md create mode 100644 docset/winserver2025-ps/branchcache/Import-BCSecretKey.md create mode 100644 docset/winserver2025-ps/branchcache/Publish-BCFileContent.md create mode 100644 docset/winserver2025-ps/branchcache/Publish-BCWebContent.md create mode 100644 docset/winserver2025-ps/branchcache/Remove-BCDataCacheExtension.md create mode 100644 docset/winserver2025-ps/branchcache/Reset-BC.md create mode 100644 docset/winserver2025-ps/branchcache/Set-BCAuthentication.md create mode 100644 docset/winserver2025-ps/branchcache/Set-BCCache.md create mode 100644 docset/winserver2025-ps/branchcache/Set-BCDataCacheEntryMaxAge.md create mode 100644 docset/winserver2025-ps/branchcache/Set-BCMinSMBLatency.md create mode 100644 docset/winserver2025-ps/branchcache/Set-BCSecretKey.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Add-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/ClusterAwareUpdating.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Disable-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Enable-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Export-CauReport.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Get-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Get-CauPlugin.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Get-CauReport.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Get-CauRun.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Invoke-CauRun.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Invoke-CauScan.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Register-CauPlugin.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Remove-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Save-CauDebugTrace.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Set-CauClusterRole.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Stop-CauRun.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Test-CauSetup.md create mode 100644 docset/winserver2025-ps/clusterawareupdating/Unregister-CauPlugin.md create mode 100644 docset/winserver2025-ps/configci/Add-SignerRule.md create mode 100644 docset/winserver2025-ps/configci/ConfigCI.md create mode 100644 docset/winserver2025-ps/configci/ConvertFrom-CIPolicy.md create mode 100644 docset/winserver2025-ps/configci/Edit-CIPolicyRule.md create mode 100644 docset/winserver2025-ps/configci/Get-CIPolicy.md create mode 100644 docset/winserver2025-ps/configci/Get-CIPolicyIdInfo.md create mode 100644 docset/winserver2025-ps/configci/Get-CIPolicyInfo.md create mode 100644 docset/winserver2025-ps/configci/Get-SystemDriver.md create mode 100644 docset/winserver2025-ps/configci/Merge-CIPolicy.md create mode 100644 docset/winserver2025-ps/configci/New-CIPolicy.md create mode 100644 docset/winserver2025-ps/configci/New-CIPolicyRule.md create mode 100644 docset/winserver2025-ps/configci/Remove-CIPolicyRule.md create mode 100644 docset/winserver2025-ps/configci/Set-CIPolicyIdInfo.md create mode 100644 docset/winserver2025-ps/configci/Set-CIPolicySetting.md create mode 100644 docset/winserver2025-ps/configci/Set-CIPolicyVersion.md create mode 100644 docset/winserver2025-ps/configci/Set-HVCIOptions.md create mode 100644 docset/winserver2025-ps/configci/Set-RuleOption.md create mode 100644 docset/winserver2025-ps/dcbqos/DcbQoS.md create mode 100644 docset/winserver2025-ps/dcbqos/Disable-NetQosFlowControl.md create mode 100644 docset/winserver2025-ps/dcbqos/Enable-NetQosFlowControl.md create mode 100644 docset/winserver2025-ps/dcbqos/Get-NetQosDcbxSetting.md create mode 100644 docset/winserver2025-ps/dcbqos/Get-NetQosFlowControl.md create mode 100644 docset/winserver2025-ps/dcbqos/Get-NetQosTrafficClass.md create mode 100644 docset/winserver2025-ps/dcbqos/New-NetQosTrafficClass.md create mode 100644 docset/winserver2025-ps/dcbqos/Remove-NetQosTrafficClass.md create mode 100644 docset/winserver2025-ps/dcbqos/Set-NetQosDcbxSetting.md create mode 100644 docset/winserver2025-ps/dcbqos/Set-NetQosFlowControl.md create mode 100644 docset/winserver2025-ps/dcbqos/Set-NetQosTrafficClass.md create mode 100644 docset/winserver2025-ps/dcbqos/Switch-NetQosDcbxSetting.md create mode 100644 docset/winserver2025-ps/dcbqos/Switch-NetQosFlowControl.md create mode 100644 docset/winserver2025-ps/dcbqos/Switch-NetQosTrafficClass.md create mode 100644 docset/winserver2025-ps/deduplication/Deduplication.md create mode 100644 docset/winserver2025-ps/deduplication/Disable-DedupVolume.md create mode 100644 docset/winserver2025-ps/deduplication/Enable-DedupVolume.md create mode 100644 docset/winserver2025-ps/deduplication/Expand-DedupFile.md create mode 100644 docset/winserver2025-ps/deduplication/Get-DedupJob.md create mode 100644 docset/winserver2025-ps/deduplication/Get-DedupMetadata.md create mode 100644 docset/winserver2025-ps/deduplication/Get-DedupSchedule.md create mode 100644 docset/winserver2025-ps/deduplication/Get-DedupStatus.md create mode 100644 docset/winserver2025-ps/deduplication/Get-DedupVolume.md create mode 100644 docset/winserver2025-ps/deduplication/Measure-DedupFileMetadata.md create mode 100644 docset/winserver2025-ps/deduplication/New-DedupSchedule.md create mode 100644 docset/winserver2025-ps/deduplication/Remove-DedupSchedule.md create mode 100644 docset/winserver2025-ps/deduplication/Set-DedupSchedule.md create mode 100644 docset/winserver2025-ps/deduplication/Set-DedupVolume.md create mode 100644 docset/winserver2025-ps/deduplication/Start-DedupJob.md create mode 100644 docset/winserver2025-ps/deduplication/Stop-DedupJob.md create mode 100644 docset/winserver2025-ps/deduplication/Update-DedupStatus.md create mode 100644 docset/winserver2025-ps/defender/Add-MpPreference.md create mode 100644 docset/winserver2025-ps/defender/Defender.md create mode 100644 docset/winserver2025-ps/defender/Get-MpComputerStatus.md create mode 100644 docset/winserver2025-ps/defender/Get-MpPreference.md create mode 100644 docset/winserver2025-ps/defender/Get-MpThreat.md create mode 100644 docset/winserver2025-ps/defender/Get-MpThreatCatalog.md create mode 100644 docset/winserver2025-ps/defender/Get-MpThreatDetection.md create mode 100644 docset/winserver2025-ps/defender/Remove-MpPreference.md create mode 100644 docset/winserver2025-ps/defender/Remove-MpThreat.md create mode 100644 docset/winserver2025-ps/defender/Set-MpPreference.md create mode 100644 docset/winserver2025-ps/defender/Start-MpScan.md create mode 100644 docset/winserver2025-ps/defender/Start-MpWDOScan.md create mode 100644 docset/winserver2025-ps/defender/Update-MpSignature.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Backup-DHASConfiguration.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/DeviceHealthAttestation.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Get-DHASActiveEncryptionCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Get-DHASActiveSigningCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Get-DHASCertificateChainPolicy.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Get-DHASInactiveEncryptionCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Get-DHASInactiveSigningCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Install-DeviceHealthAttestation.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Remove-DHASInactiveEncryptionCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Remove-DHASInactiveSigningCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Restore-DHASConfiguration.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Set-DHASActiveEncryptionCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Set-DHASActiveSigningCertificate.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Set-DHASCertificateChainPolicy.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Set-DHASSupportedAuthenticationSchema.md create mode 100644 docset/winserver2025-ps/devicehealthattestation/Uninstall-DeviceHealthAttestation.md create mode 100644 docset/winserver2025-ps/dfsn/DFSN.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnAccess.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnFolder.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnFolderTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnRoot.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnRootTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Get-DfsnServerConfiguration.md create mode 100644 docset/winserver2025-ps/dfsn/Grant-DfsnAccess.md create mode 100644 docset/winserver2025-ps/dfsn/Move-DfsnFolder.md create mode 100644 docset/winserver2025-ps/dfsn/New-DfsnFolder.md create mode 100644 docset/winserver2025-ps/dfsn/New-DfsnFolderTarget.md create mode 100644 docset/winserver2025-ps/dfsn/New-DfsnRoot.md create mode 100644 docset/winserver2025-ps/dfsn/New-DfsnRootTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Remove-DfsnAccess.md create mode 100644 docset/winserver2025-ps/dfsn/Remove-DfsnFolder.md create mode 100644 docset/winserver2025-ps/dfsn/Remove-DfsnFolderTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Remove-DfsnRoot.md create mode 100644 docset/winserver2025-ps/dfsn/Remove-DfsnRootTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Revoke-DfsnAccess.md create mode 100644 docset/winserver2025-ps/dfsn/Set-DfsnFolder.md create mode 100644 docset/winserver2025-ps/dfsn/Set-DfsnFolderTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Set-DfsnRoot.md create mode 100644 docset/winserver2025-ps/dfsn/Set-DfsnRootTarget.md create mode 100644 docset/winserver2025-ps/dfsn/Set-DfsnServerConfiguration.md create mode 100644 docset/winserver2025-ps/dfsr/Add-DfsrConnection.md create mode 100644 docset/winserver2025-ps/dfsr/Add-DfsrMember.md create mode 100644 docset/winserver2025-ps/dfsr/ConvertFrom-DfsrGuid.md create mode 100644 docset/winserver2025-ps/dfsr/DFSR.md create mode 100644 docset/winserver2025-ps/dfsr/Export-DfsrClone.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsReplicatedFolder.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrBacklog.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrCloneState.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrConnection.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrConnectionSchedule.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrDelegation.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrFileHash.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrGroupSchedule.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrIdRecord.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrMember.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrMembership.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrPreservedFiles.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrServiceConfiguration.md create mode 100644 docset/winserver2025-ps/dfsr/Get-DfsrState.md create mode 100644 docset/winserver2025-ps/dfsr/Grant-DfsrDelegation.md create mode 100644 docset/winserver2025-ps/dfsr/Import-DfsrClone.md create mode 100644 docset/winserver2025-ps/dfsr/New-DfsReplicatedFolder.md create mode 100644 docset/winserver2025-ps/dfsr/New-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Remove-DfsReplicatedFolder.md create mode 100644 docset/winserver2025-ps/dfsr/Remove-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Remove-DfsrConnection.md create mode 100644 docset/winserver2025-ps/dfsr/Remove-DfsrMember.md create mode 100644 docset/winserver2025-ps/dfsr/Remove-DfsrPropagationTestFile.md create mode 100644 docset/winserver2025-ps/dfsr/Reset-DfsrCloneState.md create mode 100644 docset/winserver2025-ps/dfsr/Restore-DfsrPreservedFiles.md create mode 100644 docset/winserver2025-ps/dfsr/Revoke-DfsrDelegation.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsReplicatedFolder.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrConnection.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrConnectionSchedule.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrGroupSchedule.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrMember.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrMembership.md create mode 100644 docset/winserver2025-ps/dfsr/Set-DfsrServiceConfiguration.md create mode 100644 docset/winserver2025-ps/dfsr/Start-DfsrPropagationTest.md create mode 100644 docset/winserver2025-ps/dfsr/Suspend-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Sync-DfsReplicationGroup.md create mode 100644 docset/winserver2025-ps/dfsr/Update-DfsrConfigurationFromAD.md create mode 100644 docset/winserver2025-ps/dfsr/Write-DfsrHealthReport.md create mode 100644 docset/winserver2025-ps/dfsr/Write-DfsrPropagationReport.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerInDC.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerSecurityGroup.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Failover.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4FailoverScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Filter.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4MulticastExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4MulticastScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Policy.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4PolicyIPRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv4Superscope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Add-DhcpServerv6Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Backup-DhcpServer.md create mode 100644 docset/winserver2025-ps/dhcpserver/DhcpServer.md create mode 100644 docset/winserver2025-ps/dhcpserver/Export-DhcpServer.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerAuditLog.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerDatabase.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerDnsCredential.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerInDC.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerVersion.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Binding.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4DnsSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Failover.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Filter.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4FilterList.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4FreeIPAddress.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4MulticastExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4MulticastLease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4MulticastScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4MulticastScopeStatistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Policy.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4PolicyIPRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4ScopeStatistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Statistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4Superscope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv4SuperscopeStatistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Binding.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6DnsSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6FreeIPAddress.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6ScopeStatistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6StatelessStatistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6StatelessStore.md create mode 100644 docset/winserver2025-ps/dhcpserver/Get-DhcpServerv6Statistics.md create mode 100644 docset/winserver2025-ps/dhcpserver/Import-DhcpServer.md create mode 100644 docset/winserver2025-ps/dhcpserver/Invoke-DhcpServerv4FailoverReplication.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerDnsCredential.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerInDC.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Failover.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4FailoverScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Filter.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4MulticastExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4MulticastLease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4MulticastScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Policy.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4PolicyIPRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv4Superscope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6ExclusionRange.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6Lease.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Remove-DhcpServerv6Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Rename-DhcpServerv4Superscope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Repair-DhcpServerv4IPRecord.md create mode 100644 docset/winserver2025-ps/dhcpserver/Restore-DhcpServer.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerAuditLog.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerDatabase.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerDnsCredential.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Binding.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4DnsSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Failover.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4FilterList.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4MulticastScope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Policy.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv4Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6Binding.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6Class.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6DnsSetting.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6OptionDefinition.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6OptionValue.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6Reservation.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6Scope.md create mode 100644 docset/winserver2025-ps/dhcpserver/Set-DhcpServerv6StatelessStore.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/DirectAccessClientComponents.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Disable-DAManualEntryPointSelection.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Enable-DAManualEntryPointSelection.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Get-DAClientExperienceConfiguration.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Get-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/New-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Remove-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Rename-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Reset-DAClientExperienceConfiguration.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Reset-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Set-DAClientExperienceConfiguration.md create mode 100644 docset/winserver2025-ps/directaccessclientcomponents/Set-DAEntryPointTableItem.md create mode 100644 docset/winserver2025-ps/dism/Add-AppxProvisionedPackage.md create mode 100644 docset/winserver2025-ps/dism/Add-WindowsCapability.md create mode 100644 docset/winserver2025-ps/dism/Add-WindowsDriver.md create mode 100644 docset/winserver2025-ps/dism/Add-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Add-WindowsPackage.md create mode 100644 docset/winserver2025-ps/dism/Clear-WindowsCorruptMountPoint.md create mode 100644 docset/winserver2025-ps/dism/DISM.md create mode 100644 docset/winserver2025-ps/dism/Disable-WindowsOptionalFeature.md create mode 100644 docset/winserver2025-ps/dism/Dismount-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Enable-WindowsOptionalFeature.md create mode 100644 docset/winserver2025-ps/dism/Expand-WindowsCustomDataImage.md create mode 100644 docset/winserver2025-ps/dism/Expand-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Export-WindowsCapabilitySource.md create mode 100644 docset/winserver2025-ps/dism/Export-WindowsDriver.md create mode 100644 docset/winserver2025-ps/dism/Export-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Get-AppxProvisionedPackage.md create mode 100644 docset/winserver2025-ps/dism/Get-NonRemovableAppsPolicy.md create mode 100644 docset/winserver2025-ps/dism/Get-WIMBootEntry.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsCapability.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsDriver.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsEdition.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsImageContent.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsOptionalFeature.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsPackage.md create mode 100644 docset/winserver2025-ps/dism/Get-WindowsReservedStorageState.md create mode 100644 docset/winserver2025-ps/dism/Mount-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/New-WindowsCustomImage.md create mode 100644 docset/winserver2025-ps/dism/New-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Optimize-AppXProvisionedPackages.md create mode 100644 docset/winserver2025-ps/dism/Optimize-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Remove-AppxProvisionedPackage.md create mode 100644 docset/winserver2025-ps/dism/Remove-WindowsCapability.md create mode 100644 docset/winserver2025-ps/dism/Remove-WindowsDriver.md create mode 100644 docset/winserver2025-ps/dism/Remove-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Remove-WindowsPackage.md create mode 100644 docset/winserver2025-ps/dism/Repair-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Save-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Set-AppXProvisionedDataFile.md create mode 100644 docset/winserver2025-ps/dism/Set-NonRemovableAppsPolicy.md create mode 100644 docset/winserver2025-ps/dism/Set-WindowsEdition.md create mode 100644 docset/winserver2025-ps/dism/Set-WindowsProductKey.md create mode 100644 docset/winserver2025-ps/dism/Set-WindowsReservedStorageState.md create mode 100644 docset/winserver2025-ps/dism/Split-WindowsImage.md create mode 100644 docset/winserver2025-ps/dism/Start-OSUninstall.md create mode 100644 docset/winserver2025-ps/dism/Update-WIMBootEntry.md create mode 100644 docset/winserver2025-ps/dism/Use-WindowsUnattend.md create mode 100644 docset/winserver2025-ps/dnsclient/Add-DnsClientDohServerAddress.md create mode 100644 docset/winserver2025-ps/dnsclient/Add-DnsClientNrptRule.md create mode 100644 docset/winserver2025-ps/dnsclient/Clear-DnsClientCache.md create mode 100644 docset/winserver2025-ps/dnsclient/DnsClient.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClient.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientCache.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientDohServerAddress.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientGlobalSetting.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientNrptGlobal.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientNrptPolicy.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientNrptRule.md create mode 100644 docset/winserver2025-ps/dnsclient/Get-DnsClientServerAddress.md create mode 100644 docset/winserver2025-ps/dnsclient/Register-DnsClient.md create mode 100644 docset/winserver2025-ps/dnsclient/Remove-DnsClientDohServerAddress.md create mode 100644 docset/winserver2025-ps/dnsclient/Remove-DnsClientNrptRule.md create mode 100644 docset/winserver2025-ps/dnsclient/Resolve-DnsName.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClient.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClientDohServerAddress.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClientGlobalSetting.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClientNrptGlobal.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClientNrptRule.md create mode 100644 docset/winserver2025-ps/dnsclient/Set-DnsClientServerAddress.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerClientSubnet.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerConditionalForwarderZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerDirectoryPartition.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerForwarder.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerPrimaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerQueryResolutionPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerRecursionScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecord.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordA.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordAAAA.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordCName.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordDS.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordDnsKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordMX.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResourceRecordPtr.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerResponseRateLimitingExceptionlist.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerRootHint.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerSecondaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerSigningKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerStubZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerTrustAnchor.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerVirtualizationInstance.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerZoneDelegation.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerZoneScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Add-DnsServerZoneTransferPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Clear-DnsServerCache.md create mode 100644 docset/winserver2025-ps/dnsserver/Clear-DnsServerStatistics.md create mode 100644 docset/winserver2025-ps/dnsserver/ConvertTo-DnsServerPrimaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/ConvertTo-DnsServerSecondaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Disable-DnsServerPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Disable-DnsServerSigningKeyRollover.md create mode 100644 docset/winserver2025-ps/dnsserver/DnsServer.md create mode 100644 docset/winserver2025-ps/dnsserver/Enable-DnsServerPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Enable-DnsServerSigningKeyRollover.md create mode 100644 docset/winserver2025-ps/dnsserver/Export-DnsServerDnsSecPublicKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Export-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServer.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerCache.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerClientSubnet.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerDiagnostics.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerDirectoryPartition.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerDnsSecZoneSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerDsSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerEDns.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerForwarder.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerGlobalNameZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerGlobalQueryBlockList.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerQueryResolutionPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerRecursion.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerRecursionScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerResourceRecord.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerResponseRateLimiting.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerResponseRateLimitingExceptionlist.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerRootHint.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerScavenging.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerSigningKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerStatistics.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerTrustAnchor.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerTrustPoint.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerVirtualizationInstance.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerZoneAging.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerZoneDelegation.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerZoneScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Get-DnsServerZoneTransferPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Import-DnsServerResourceRecordDS.md create mode 100644 docset/winserver2025-ps/dnsserver/Import-DnsServerRootHint.md create mode 100644 docset/winserver2025-ps/dnsserver/Import-DnsServerTrustAnchor.md create mode 100644 docset/winserver2025-ps/dnsserver/Invoke-DnsServerSigningKeyRollover.md create mode 100644 docset/winserver2025-ps/dnsserver/Invoke-DnsServerZoneSign.md create mode 100644 docset/winserver2025-ps/dnsserver/Invoke-DnsServerZoneUnsign.md create mode 100644 docset/winserver2025-ps/dnsserver/Register-DnsServerDirectoryPartition.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerClientSubnet.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerDirectoryPartition.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerForwarder.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerQueryResolutionPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerRecursionScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerResourceRecord.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerResponseRateLimitingExceptionlist.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerRootHint.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerSigningKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerTrustAnchor.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerVirtualizationInstance.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerZoneDelegation.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerZoneScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Remove-DnsServerZoneTransferPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Reset-DnsServerZoneKeyMasterRole.md create mode 100644 docset/winserver2025-ps/dnsserver/Restore-DnsServerPrimaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Restore-DnsServerSecondaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Resume-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServer.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerCache.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerClientSubnet.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerConditionalForwarderZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerDiagnostics.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerDnsSecZoneSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerDsSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerEDns.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerForwarder.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerGlobalNameZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerGlobalQueryBlockList.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerPrimaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerQueryResolutionPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerRecursion.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerRecursionScope.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerResourceRecord.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerResourceRecordAging.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerResponseRateLimiting.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerResponseRateLimitingExceptionlist.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerRootHint.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerScavenging.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerSecondaryZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerSigningKey.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerStubZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerVirtualizationInstance.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerZoneAging.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerZoneDelegation.md create mode 100644 docset/winserver2025-ps/dnsserver/Set-DnsServerZoneTransferPolicy.md create mode 100644 docset/winserver2025-ps/dnsserver/Show-DnsServerCache.md create mode 100644 docset/winserver2025-ps/dnsserver/Show-DnsServerKeyStorageProvider.md create mode 100644 docset/winserver2025-ps/dnsserver/Start-DnsServerScavenging.md create mode 100644 docset/winserver2025-ps/dnsserver/Start-DnsServerZoneTransfer.md create mode 100644 docset/winserver2025-ps/dnsserver/Step-DnsServerSigningKeyRollover.md create mode 100644 docset/winserver2025-ps/dnsserver/Suspend-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Sync-DnsServerZone.md create mode 100644 docset/winserver2025-ps/dnsserver/Test-DnsServer.md create mode 100644 docset/winserver2025-ps/dnsserver/Test-DnsServerDnsSecZoneSetting.md create mode 100644 docset/winserver2025-ps/dnsserver/Unregister-DnsServerDirectoryPartition.md create mode 100644 docset/winserver2025-ps/dnsserver/Update-DnsServerTrustPoint.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Add-EtwTraceProvider.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/EventTracingManagement.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Get-AutologgerConfig.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Get-EtwTraceProvider.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Get-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/New-AutologgerConfig.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/New-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Remove-AutologgerConfig.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Remove-EtwTraceProvider.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Save-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Send-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Set-EtwTraceProvider.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Start-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Stop-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Update-AutologgerConfig.md create mode 100644 docset/winserver2025-ps/eventtracingmanagement/Update-EtwTraceSession.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterCheckpoint.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterDisk.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterFileServerRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGenericApplicationRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGenericScriptRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGenericServiceRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGroupSetDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGroupToAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterGroupToSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterResourceDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterResourceType.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterScaleOutFileServerRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterSharedVolume.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterSharedVolumeToAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterVMMonitoredItem.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusterVirtualMachineRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Add-ClusteriSCSITargetServerRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/Block-ClusterAccess.md create mode 100644 docset/winserver2025-ps/failoverclusters/Clear-ClusterDiskReservation.md create mode 100644 docset/winserver2025-ps/failoverclusters/Clear-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Disable-ClusterStorageSpacesDirect.md create mode 100644 docset/winserver2025-ps/failoverclusters/Enable-ClusterStorageSpacesDirect.md create mode 100644 docset/winserver2025-ps/failoverclusters/FailoverClusters.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterAccess.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterAvailableDisk.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterCheckpoint.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterDiagnosticInfo.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterFaultDomain.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterFaultDomainXML.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterGroupSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterGroupSetDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterLog.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterNetwork.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterNetworkInterface.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterOwnerNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterParameter.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterQuorum.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterResourceDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterResourceDependencyReport.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterResourceType.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterSharedVolume.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterSharedVolumeState.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterStorageSpacesDirect.md create mode 100644 docset/winserver2025-ps/failoverclusters/Get-ClusterVMMonitoredItem.md create mode 100644 docset/winserver2025-ps/failoverclusters/Grant-ClusterAccess.md create mode 100644 docset/winserver2025-ps/failoverclusters/Move-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Move-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Move-ClusterSharedVolume.md create mode 100644 docset/winserver2025-ps/failoverclusters/Move-ClusterVirtualMachineRole.md create mode 100644 docset/winserver2025-ps/failoverclusters/New-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/New-ClusterAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/New-ClusterFaultDomain.md create mode 100644 docset/winserver2025-ps/failoverclusters/New-ClusterGroupSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/New-ClusterNameAccount.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterAccess.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterCheckpoint.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterFaultDomain.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterGroupFromAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterGroupFromSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterGroupSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterGroupSetDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterResourceDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterResourceType.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterSharedVolume.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterSharedVolumeFromAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Remove-ClusterVMMonitoredItem.md create mode 100644 docset/winserver2025-ps/failoverclusters/Repair-ClusterStorageSpacesDirect.md create mode 100644 docset/winserver2025-ps/failoverclusters/Reset-ClusterVMMonitoredState.md create mode 100644 docset/winserver2025-ps/failoverclusters/Resume-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Resume-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterAffinityRule.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterFaultDomain.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterFaultDomainXML.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterGroupSet.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterLog.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterOwnerNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterParameter.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterQuorum.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterResourceDependency.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterStorageSpacesDirect.md create mode 100644 docset/winserver2025-ps/failoverclusters/Set-ClusterStorageSpacesDirectDisk.md create mode 100644 docset/winserver2025-ps/failoverclusters/Start-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/Start-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Start-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Start-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Stop-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/Stop-ClusterGroup.md create mode 100644 docset/winserver2025-ps/failoverclusters/Stop-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Stop-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Suspend-ClusterNode.md create mode 100644 docset/winserver2025-ps/failoverclusters/Suspend-ClusterResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Test-Cluster.md create mode 100644 docset/winserver2025-ps/failoverclusters/Test-ClusterResourceFailure.md create mode 100644 docset/winserver2025-ps/failoverclusters/Update-ClusterFunctionalLevel.md create mode 100644 docset/winserver2025-ps/failoverclusters/Update-ClusterIPResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Update-ClusterNetworkNameResource.md create mode 100644 docset/winserver2025-ps/failoverclusters/Update-ClusterVirtualMachineConfiguration.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/FileServerResourceManager.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmAdrSetting.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmAutoQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmClassification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmClassificationPropertyDefinition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmClassificationRule.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmEffectiveNamespace.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmFileGroup.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmFileScreen.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmFileScreenException.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmFileScreenTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmMacro.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmMgmtProperty.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmQuotaTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmRmsTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmSetting.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Get-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmAction.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmAutoQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmClassificationPropertyDefinition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmClassificationPropertyValue.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmClassificationRule.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFMJNotification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFileGroup.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFileScreen.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFileScreenException.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFileScreenTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFmjAction.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFmjCondition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmFmjNotificationAction.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmQuotaTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmQuotaThreshold.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmScheduledTask.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/New-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmAutoQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmClassificationPropertyDefinition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmClassificationRule.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmFileGroup.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmFileScreen.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmFileScreenException.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmFileScreenTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmMgmtProperty.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmQuotaTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Remove-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Reset-FsrmFileScreen.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Reset-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Send-FsrmTestEmail.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmAdrSetting.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmAutoQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmClassification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmClassificationPropertyDefinition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmClassificationRule.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmFileGroup.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmFileScreen.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmFileScreenException.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmFileScreenTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmMgmtProperty.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmQuotaTemplate.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmSetting.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Set-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Start-FsrmClassification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Start-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Start-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Stop-FsrmClassification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Stop-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Stop-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Update-FsrmAutoQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Update-FsrmClassificationPropertyDefinition.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Update-FsrmQuota.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Wait-FsrmClassification.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Wait-FsrmFileManagementJob.md create mode 100644 docset/winserver2025-ps/fileserverresourcemanager/Wait-FsrmStorageReport.md create mode 100644 docset/winserver2025-ps/grouppolicy/Backup-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Copy-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPInheritance.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPOReport.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPPermission.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPPrefRegistryValue.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPRegistryValue.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPResultantSetOfPolicy.md create mode 100644 docset/winserver2025-ps/grouppolicy/Get-GPStarterGPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/GroupPolicy.md create mode 100644 docset/winserver2025-ps/grouppolicy/Import-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Invoke-GPUpdate.md create mode 100644 docset/winserver2025-ps/grouppolicy/New-GPLink.md create mode 100644 docset/winserver2025-ps/grouppolicy/New-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/New-GPStarterGPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Remove-GPLink.md create mode 100644 docset/winserver2025-ps/grouppolicy/Remove-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Remove-GPPrefRegistryValue.md create mode 100644 docset/winserver2025-ps/grouppolicy/Remove-GPRegistryValue.md create mode 100644 docset/winserver2025-ps/grouppolicy/Rename-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Restore-GPO.md create mode 100644 docset/winserver2025-ps/grouppolicy/Set-GPInheritance.md create mode 100644 docset/winserver2025-ps/grouppolicy/Set-GPLink.md create mode 100644 docset/winserver2025-ps/grouppolicy/Set-GPPermission.md create mode 100644 docset/winserver2025-ps/grouppolicy/Set-GPPrefRegistryValue.md create mode 100644 docset/winserver2025-ps/grouppolicy/Set-GPRegistryValue.md create mode 100644 docset/winserver2025-ps/hardwarecertification/Export-HwCertTestCollectionToXml.md create mode 100644 docset/winserver2025-ps/hardwarecertification/HardwareCertification.md create mode 100644 docset/winserver2025-ps/hardwarecertification/Import-HwCertTestCollectionFromXml.md create mode 100644 docset/winserver2025-ps/hardwarecertification/Merge-HwCertTestCollectionFromPackage.md create mode 100644 docset/winserver2025-ps/hardwarecertification/Merge-HwCertTestCollectionFromXml.md create mode 100644 docset/winserver2025-ps/hardwarecertification/New-HwCertProjectDefinitionFile.md create mode 100644 docset/winserver2025-ps/hardwarecertification/New-HwCertTestCollection.md create mode 100644 docset/winserver2025-ps/hardwarecertification/New-HwCertTestCollectionExcelReport.md create mode 100644 docset/winserver2025-ps/hgsattestation/Add-HgsAttestationCIPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Add-HgsAttestationDumpPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Add-HgsAttestationHostGroup.md create mode 100644 docset/winserver2025-ps/hgsattestation/Add-HgsAttestationTpmHost.md create mode 100644 docset/winserver2025-ps/hgsattestation/Add-HgsAttestationTpmPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Disable-HgsAttestationPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Enable-HgsAttestationPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Get-HgsAttestationHostGroup.md create mode 100644 docset/winserver2025-ps/hgsattestation/Get-HgsAttestationPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Get-HgsAttestationSignerCertificate.md create mode 100644 docset/winserver2025-ps/hgsattestation/Get-HgsAttestationTpmHost.md create mode 100644 docset/winserver2025-ps/hgsattestation/HgsAttestation.md create mode 100644 docset/winserver2025-ps/hgsattestation/Remove-HgsAttestationHostGroup.md create mode 100644 docset/winserver2025-ps/hgsattestation/Remove-HgsAttestationPolicy.md create mode 100644 docset/winserver2025-ps/hgsattestation/Remove-HgsAttestationTpmHost.md create mode 100644 docset/winserver2025-ps/hgsclient/ConvertTo-HgsKeyProtector.md create mode 100644 docset/winserver2025-ps/hgsclient/Export-HgsGuardian.md create mode 100644 docset/winserver2025-ps/hgsclient/Get-HgsAttestationBaselinePolicy.md create mode 100644 docset/winserver2025-ps/hgsclient/Get-HgsClientConfiguration.md create mode 100644 docset/winserver2025-ps/hgsclient/Get-HgsGuardian.md create mode 100644 docset/winserver2025-ps/hgsclient/Grant-HgsKeyProtectorAccess.md create mode 100644 docset/winserver2025-ps/hgsclient/HgsClient.md create mode 100644 docset/winserver2025-ps/hgsclient/Import-HgsGuardian.md create mode 100644 docset/winserver2025-ps/hgsclient/New-HgsGuardian.md create mode 100644 docset/winserver2025-ps/hgsclient/New-HgsKeyProtector.md create mode 100644 docset/winserver2025-ps/hgsclient/Remove-HgsGuardian.md create mode 100644 docset/winserver2025-ps/hgsclient/Revoke-HgsKeyProtectorAccess.md create mode 100644 docset/winserver2025-ps/hgsclient/Set-HgsClientConfiguration.md create mode 100644 docset/winserver2025-ps/hgsclient/Test-HgsClientConfiguration.md create mode 100644 docset/winserver2025-ps/hgsdiagnostics/Get-HgsTrace.md create mode 100644 docset/winserver2025-ps/hgsdiagnostics/Get-HgsTraceFileData.md create mode 100644 docset/winserver2025-ps/hgsdiagnostics/HgsDiagnostics.md create mode 100644 docset/winserver2025-ps/hgsdiagnostics/New-HgsTraceTarget.md create mode 100644 docset/winserver2025-ps/hgsdiagnostics/Test-HgsTraceTarget.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Add-HgsKeyProtectionAttestationSignerCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Add-HgsKeyProtectionCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Export-HgsKeyProtectionState.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Get-HgsKeyProtectionAttestationSignerCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Get-HgsKeyProtectionCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Get-HgsKeyProtectionConfiguration.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/HgsKeyProtection.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Import-HgsKeyProtectionState.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Remove-HgsKeyProtectionAttestationSignerCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Remove-HgsKeyProtectionCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Set-HgsKeyProtectionAttestationSignerCertificatePolicy.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Set-HgsKeyProtectionCertificate.md create mode 100644 docset/winserver2025-ps/hgskeyprotection/Set-HgsKeyProtectionConfiguration.md create mode 100644 docset/winserver2025-ps/hgsserver/Clear-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Export-HgsServerState.md create mode 100644 docset/winserver2025-ps/hgsserver/Get-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Import-HgsServerState.md create mode 100644 docset/winserver2025-ps/hgsserver/Initialize-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Install-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Set-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Test-HgsServer.md create mode 100644 docset/winserver2025-ps/hgsserver/Uninstall-HgsServer.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Debug-SlbDatapath.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Debug-VirtualMachineQueueOperation.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Disable-MuxEchoResponder.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Enable-MuxEchoResponder.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-CustomerRoute.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-NetworkControllerVipResource.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-PACAMapping.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-ProviderAddress.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-VMNetworkAdapterPortId.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-VMSwitchExternalPortId.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Get-VipHostMapping.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/HNVDiagnostics.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-DipHostReachability.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-EncapOverheadSettings.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-LogicalNetworkConnection.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-LogicalNetworkSupportsJumboPacket.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-VipReachability.md create mode 100644 docset/winserver2025-ps/hnvdiagnostics/Test-VirtualNetworkConnection.md create mode 100644 docset/winserver2025-ps/hostcomputeservice/Get-ComputeProcess.md create mode 100644 docset/winserver2025-ps/hostcomputeservice/HostComputeService.md create mode 100644 docset/winserver2025-ps/hostcomputeservice/Stop-ComputeProcess.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMDvdDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMFibreChannelHba.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMGpuPartitionAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMGroupMember.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMHardDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMMigrationNetwork.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMNetworkAdapterAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMNetworkAdapterExtendedAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMRemoteFx3dVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMScsiController.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMStoragePath.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMSwitchExtensionPortFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMSwitchExtensionSwitchFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VMSwitchTeamMember.md create mode 100644 docset/winserver2025-ps/hyper-v/Add-VmNetworkAdapterRoutingDomainMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Checkpoint-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Compare-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Complete-VMFailover.md create mode 100644 docset/winserver2025-ps/hyper-v/Connect-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Connect-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Convert-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Copy-VMFile.md create mode 100644 docset/winserver2025-ps/hyper-v/Debug-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMConsoleSupport.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMEventing.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMIntegrationService.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMMigration.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMRemoteFXPhysicalVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMResourceMetering.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMSwitchExtension.md create mode 100644 docset/winserver2025-ps/hyper-v/Disable-VMTPM.md create mode 100644 docset/winserver2025-ps/hyper-v/Disconnect-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Disconnect-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Dismount-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMConsoleSupport.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMEventing.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMIntegrationService.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMMigration.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMRemoteFXPhysicalVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMResourceMetering.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMSwitchExtension.md create mode 100644 docset/winserver2025-ps/hyper-v/Enable-VMTPM.md create mode 100644 docset/winserver2025-ps/hyper-v/Export-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Export-VMSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VHDSet.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VHDSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMBios.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMComPort.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMConnectAccess.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMDvdDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMFibreChannelHba.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMFirmware.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMFloppyDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMGpuPartitionAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMGroup.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHardDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHost.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHostCluster.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHostNumaNode.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHostNumaNodeStatus.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHostPartitionableGpu.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMHostSupportedVersion.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMIdeController.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMIntegrationService.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMKeyProtector.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMMemory.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMMigrationNetwork.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterExtendedAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterFailoverConfiguration.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterRoutingDomainMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterTeamMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMNetworkAdapterVlan.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMProcessor.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMRemoteFXPhysicalVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMRemoteFx3dVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMReplicationAuthorizationEntry.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMReplicationServer.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMScsiController.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSecurity.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMStoragePath.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchExtension.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchExtensionPortData.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchExtensionPortFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchExtensionSwitchData.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchExtensionSwitchFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSwitchTeam.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSystemSwitchExtension.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSystemSwitchExtensionPortFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMSystemSwitchExtensionSwitchFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VMVideo.md create mode 100644 docset/winserver2025-ps/hyper-v/Get-VmNetworkAdapterIsolation.md create mode 100644 docset/winserver2025-ps/hyper-v/Grant-VMConnectAccess.md create mode 100644 docset/winserver2025-ps/hyper-v/Hyper-V.md create mode 100644 docset/winserver2025-ps/hyper-v/Import-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Import-VMInitialReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Measure-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Measure-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Measure-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/Merge-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Mount-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Move-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Move-VMStorage.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VFD.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VMGroup.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VMReplicationAuthorizationEntry.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/New-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Optimize-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Optimize-VHDSet.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VHDSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMDvdDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMFibreChannelHba.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMGpuPartitionAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMGroup.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMGroupMember.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMHardDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMMigrationNetwork.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMNetworkAdapterAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMNetworkAdapterExtendedAcl.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMNetworkAdapterRoutingDomainMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMNetworkAdapterTeamMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMRemoteFx3dVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMReplicationAuthorizationEntry.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSavedState.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMScsiController.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMStoragePath.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSwitchExtensionPortFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSwitchExtensionSwitchFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Remove-VMSwitchTeamMember.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMGroup.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Rename-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Repair-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Reset-VMReplicationStatistics.md create mode 100644 docset/winserver2025-ps/hyper-v/Reset-VMResourceMetering.md create mode 100644 docset/winserver2025-ps/hyper-v/Resize-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Restart-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Restore-VMSnapshot.md create mode 100644 docset/winserver2025-ps/hyper-v/Resume-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Resume-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Revoke-VMConnectAccess.md create mode 100644 docset/winserver2025-ps/hyper-v/Save-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMBios.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMComPort.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMDvdDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMFibreChannelHba.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMFirmware.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMFloppyDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMGpuPartitionAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMHardDiskDrive.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMHost.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMHostCluster.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMHostPartitionableGpu.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMKeyProtector.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMMemory.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMMigrationNetwork.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMNetworkAdapterFailoverConfiguration.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMNetworkAdapterTeamMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMNetworkAdapterVlan.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMProcessor.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMRemoteFx3dVideoAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMReplicationAuthorizationEntry.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMReplicationServer.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMResourcePool.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSan.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSecurity.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSecurityPolicy.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSwitch.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSwitchExtensionPortFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSwitchExtensionSwitchFeature.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMSwitchTeam.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VMVideo.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VmNetworkAdapterIsolation.md create mode 100644 docset/winserver2025-ps/hyper-v/Set-VmNetworkAdapterRoutingDomainMapping.md create mode 100644 docset/winserver2025-ps/hyper-v/Start-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Start-VMFailover.md create mode 100644 docset/winserver2025-ps/hyper-v/Start-VMInitialReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Start-VMTrace.md create mode 100644 docset/winserver2025-ps/hyper-v/Stop-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Stop-VMFailover.md create mode 100644 docset/winserver2025-ps/hyper-v/Stop-VMInitialReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Stop-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Stop-VMTrace.md create mode 100644 docset/winserver2025-ps/hyper-v/Suspend-VM.md create mode 100644 docset/winserver2025-ps/hyper-v/Suspend-VMReplication.md create mode 100644 docset/winserver2025-ps/hyper-v/Test-VHD.md create mode 100644 docset/winserver2025-ps/hyper-v/Test-VMNetworkAdapter.md create mode 100644 docset/winserver2025-ps/hyper-v/Test-VMReplicationConnection.md create mode 100644 docset/winserver2025-ps/hyper-v/Update-VMVersion.md create mode 100644 docset/winserver2025-ps/iisadministration/Clear-IISCentralCertProvider.md create mode 100644 docset/winserver2025-ps/iisadministration/Clear-IISConfigCollection.md create mode 100644 docset/winserver2025-ps/iisadministration/Disable-IISCentralCertProvider.md create mode 100644 docset/winserver2025-ps/iisadministration/Disable-IISSharedConfig.md create mode 100644 docset/winserver2025-ps/iisadministration/Enable-IISCentralCertProvider.md create mode 100644 docset/winserver2025-ps/iisadministration/Enable-IISSharedConfig.md create mode 100644 docset/winserver2025-ps/iisadministration/Export-IISConfiguration.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISAppPool.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISCentralCertProvider.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISConfigAttributeValue.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISConfigCollection.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISConfigCollectionElement.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISConfigElement.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISConfigSection.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISServerManager.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISSharedConfig.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISSite.md create mode 100644 docset/winserver2025-ps/iisadministration/Get-IISSiteBinding.md create mode 100644 docset/winserver2025-ps/iisadministration/IISAdministration.md create mode 100644 docset/winserver2025-ps/iisadministration/New-IISConfigCollectionElement.md create mode 100644 docset/winserver2025-ps/iisadministration/New-IISSite.md create mode 100644 docset/winserver2025-ps/iisadministration/New-IISSiteBinding.md create mode 100644 docset/winserver2025-ps/iisadministration/Remove-IISConfigAttribute.md create mode 100644 docset/winserver2025-ps/iisadministration/Remove-IISConfigCollectionElement.md create mode 100644 docset/winserver2025-ps/iisadministration/Remove-IISConfigElement.md create mode 100644 docset/winserver2025-ps/iisadministration/Remove-IISSite.md create mode 100644 docset/winserver2025-ps/iisadministration/Remove-IISSiteBinding.md create mode 100644 docset/winserver2025-ps/iisadministration/Reset-IISServerManager.md create mode 100644 docset/winserver2025-ps/iisadministration/Set-IISCentralCertProvider.md create mode 100644 docset/winserver2025-ps/iisadministration/Set-IISCentralCertProviderCredential.md create mode 100644 docset/winserver2025-ps/iisadministration/Set-IISConfigAttributeValue.md create mode 100644 docset/winserver2025-ps/iisadministration/Start-IISCommitDelay.md create mode 100644 docset/winserver2025-ps/iisadministration/Start-IISSite.md create mode 100644 docset/winserver2025-ps/iisadministration/Stop-IISCommitDelay.md create mode 100644 docset/winserver2025-ps/iisadministration/Stop-IISSite.md create mode 100644 docset/winserver2025-ps/international/Copy-UserInternationalSettingsToSystem.md create mode 100644 docset/winserver2025-ps/international/Get-WinAcceptLanguageFromLanguageListOptOut.md create mode 100644 docset/winserver2025-ps/international/Get-WinCultureFromLanguageListOptOut.md create mode 100644 docset/winserver2025-ps/international/Get-WinDefaultInputMethodOverride.md create mode 100644 docset/winserver2025-ps/international/Get-WinHomeLocation.md create mode 100644 docset/winserver2025-ps/international/Get-WinLanguageBarOption.md create mode 100644 docset/winserver2025-ps/international/Get-WinSystemLocale.md create mode 100644 docset/winserver2025-ps/international/Get-WinUILanguageOverride.md create mode 100644 docset/winserver2025-ps/international/Get-WinUserLanguageList.md create mode 100644 docset/winserver2025-ps/international/International.md create mode 100644 docset/winserver2025-ps/international/New-WinUserLanguageList.md create mode 100644 docset/winserver2025-ps/international/Set-Culture.md create mode 100644 docset/winserver2025-ps/international/Set-WinAcceptLanguageFromLanguageListOptOut.md create mode 100644 docset/winserver2025-ps/international/Set-WinCultureFromLanguageListOptOut.md create mode 100644 docset/winserver2025-ps/international/Set-WinDefaultInputMethodOverride.md create mode 100644 docset/winserver2025-ps/international/Set-WinHomeLocation.md create mode 100644 docset/winserver2025-ps/international/Set-WinLanguageBarOption.md create mode 100644 docset/winserver2025-ps/international/Set-WinSystemLocale.md create mode 100644 docset/winserver2025-ps/international/Set-WinUILanguageOverride.md create mode 100644 docset/winserver2025-ps/international/Set-WinUserLanguageList.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamAddressSpace.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamBlock.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamCustomField.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamCustomFieldAssociation.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamCustomValue.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamDiscoveryDomain.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamServerInventory.md create mode 100644 docset/winserver2025-ps/ipamserver/Add-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Disable-IpamCapability.md create mode 100644 docset/winserver2025-ps/ipamserver/Enable-IpamCapability.md create mode 100644 docset/winserver2025-ps/ipamserver/Export-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Export-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Export-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Find-IpamFreeAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Find-IpamFreeRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Find-IpamFreeSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamAddressSpace.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamAddressUtilizationThreshold.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamBlock.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamCapability.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamConfiguration.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamConfigurationEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamCustomField.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamCustomFieldAssociation.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDatabase.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDhcpConfigurationEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDhcpScope.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDhcpServer.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDhcpSuperscope.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDiscoveryDomain.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDnsConditionalForwarder.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDnsResourceRecord.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDnsServer.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamDnsZone.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamIpAddressAuditEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamServerInventory.md create mode 100644 docset/winserver2025-ps/ipamserver/Get-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Import-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Import-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Import-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Invoke-IpamGpoProvisioning.md create mode 100644 docset/winserver2025-ps/ipamserver/Invoke-IpamServerProvisioning.md create mode 100644 docset/winserver2025-ps/ipamserver/IpamServer.md create mode 100644 docset/winserver2025-ps/ipamserver/Move-IpamDatabase.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamAddressSpace.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamBlock.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamConfigurationEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamCustomField.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamCustomFieldAssociation.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamCustomValue.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamDhcpConfigurationEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamDiscoveryDomain.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamIpAddressAuditEvent.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamServerInventory.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Remove-IpamUtilizationData.md create mode 100644 docset/winserver2025-ps/ipamserver/Rename-IpamCustomField.md create mode 100644 docset/winserver2025-ps/ipamserver/Rename-IpamCustomValue.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamAccessScope.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamAddress.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamAddressSpace.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamAddressUtilizationThreshold.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamBlock.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamConfiguration.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamCustomFieldAssociation.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamDatabase.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamDiscoveryDomain.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamRange.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamServerInventory.md create mode 100644 docset/winserver2025-ps/ipamserver/Set-IpamSubnet.md create mode 100644 docset/winserver2025-ps/ipamserver/Update-IpamServer.md create mode 100644 docset/winserver2025-ps/iscsi/Connect-IscsiTarget.md create mode 100644 docset/winserver2025-ps/iscsi/Disconnect-IscsiTarget.md create mode 100644 docset/winserver2025-ps/iscsi/Get-IscsiConnection.md create mode 100644 docset/winserver2025-ps/iscsi/Get-IscsiSession.md create mode 100644 docset/winserver2025-ps/iscsi/Get-IscsiTarget.md create mode 100644 docset/winserver2025-ps/iscsi/Get-IscsiTargetPortal.md create mode 100644 docset/winserver2025-ps/iscsi/New-IscsiTargetPortal.md create mode 100644 docset/winserver2025-ps/iscsi/Register-IscsiSession.md create mode 100644 docset/winserver2025-ps/iscsi/Remove-IscsiTargetPortal.md create mode 100644 docset/winserver2025-ps/iscsi/Set-IscsiChapSecret.md create mode 100644 docset/winserver2025-ps/iscsi/Unregister-IscsiSession.md create mode 100644 docset/winserver2025-ps/iscsi/Update-IscsiTarget.md create mode 100644 docset/winserver2025-ps/iscsi/Update-IscsiTargetPortal.md create mode 100644 docset/winserver2025-ps/iscsi/iSCSI.md create mode 100644 docset/winserver2025-ps/iscsitarget/Add-IscsiVirtualDiskTargetMapping.md create mode 100644 docset/winserver2025-ps/iscsitarget/Checkpoint-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Convert-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Dismount-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/Export-IscsiTargetServerConfiguration.md create mode 100644 docset/winserver2025-ps/iscsitarget/Export-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/Get-IscsiServerTarget.md create mode 100644 docset/winserver2025-ps/iscsitarget/Get-IscsiTargetServerSetting.md create mode 100644 docset/winserver2025-ps/iscsitarget/Get-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Get-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/Import-IscsiTargetServerConfiguration.md create mode 100644 docset/winserver2025-ps/iscsitarget/Import-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/IscsiTarget.md create mode 100644 docset/winserver2025-ps/iscsitarget/Mount-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/New-IscsiServerTarget.md create mode 100644 docset/winserver2025-ps/iscsitarget/New-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Remove-IscsiServerTarget.md create mode 100644 docset/winserver2025-ps/iscsitarget/Remove-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Remove-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/Remove-IscsiVirtualDiskTargetMapping.md create mode 100644 docset/winserver2025-ps/iscsitarget/Resize-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Restore-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Set-IscsiServerTarget.md create mode 100644 docset/winserver2025-ps/iscsitarget/Set-IscsiTargetServerSetting.md create mode 100644 docset/winserver2025-ps/iscsitarget/Set-IscsiVirtualDisk.md create mode 100644 docset/winserver2025-ps/iscsitarget/Set-IscsiVirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/iscsitarget/Stop-IscsiVirtualDiskOperation.md create mode 100644 docset/winserver2025-ps/kds/Add-KdsRootKey.md create mode 100644 docset/winserver2025-ps/kds/Clear-KdsCache.md create mode 100644 docset/winserver2025-ps/kds/Get-KdsConfiguration.md create mode 100644 docset/winserver2025-ps/kds/Get-KdsRootKey.md create mode 100644 docset/winserver2025-ps/kds/KDS.md create mode 100644 docset/winserver2025-ps/kds/Set-KdsConfiguration.md create mode 100644 docset/winserver2025-ps/kds/Test-KdsRootKey.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/Get-InstalledLanguage.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/Get-SystemPreferredUILanguage.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/Install-Language.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/LanguagePackManagement.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/Set-SystemPreferredUILanguage.md create mode 100644 docset/winserver2025-ps/languagepackmanagement/Uninstall-Language.md create mode 100644 docset/winserver2025-ps/laps/Find-LapsADExtendedRights.md create mode 100644 docset/winserver2025-ps/laps/Get-LapsAADPassword.md create mode 100644 docset/winserver2025-ps/laps/Get-LapsADPassword.md create mode 100644 docset/winserver2025-ps/laps/Get-LapsDiagnostics.md create mode 100644 docset/winserver2025-ps/laps/Invoke-LapsPolicyProcessing.md create mode 100644 docset/winserver2025-ps/laps/LAPS.md create mode 100644 docset/winserver2025-ps/laps/Reset-LapsPassword.md create mode 100644 docset/winserver2025-ps/laps/Set-LapsADAuditing.md create mode 100644 docset/winserver2025-ps/laps/Set-LapsADComputerSelfPermission.md create mode 100644 docset/winserver2025-ps/laps/Set-LapsADPasswordExpirationTime.md create mode 100644 docset/winserver2025-ps/laps/Set-LapsADReadPasswordPermission.md create mode 100644 docset/winserver2025-ps/laps/Set-LapsADResetPasswordPermission.md create mode 100644 docset/winserver2025-ps/laps/Update-LapsADSchema.md create mode 100644 docset/winserver2025-ps/mmagent/Debug-MMAppPrelaunch.md create mode 100644 docset/winserver2025-ps/mmagent/Disable-MMAgent.md create mode 100644 docset/winserver2025-ps/mmagent/Enable-MMAgent.md create mode 100644 docset/winserver2025-ps/mmagent/Get-MMAgent.md create mode 100644 docset/winserver2025-ps/mmagent/MMAgent.md create mode 100644 docset/winserver2025-ps/mmagent/Set-MMAgent.md create mode 100644 docset/winserver2025-ps/mpio/Clear-MSDSMSupportedHW.md create mode 100644 docset/winserver2025-ps/mpio/Disable-MSDSMAutomaticClaim.md create mode 100644 docset/winserver2025-ps/mpio/Enable-MSDSMAutomaticClaim.md create mode 100644 docset/winserver2025-ps/mpio/Get-MPIOAvailableHW.md create mode 100644 docset/winserver2025-ps/mpio/Get-MPIOSetting.md create mode 100644 docset/winserver2025-ps/mpio/Get-MSDSMAutomaticClaimSettings.md create mode 100644 docset/winserver2025-ps/mpio/Get-MSDSMGlobalDefaultLoadBalancePolicy.md create mode 100644 docset/winserver2025-ps/mpio/Get-MSDSMSupportedHW.md create mode 100644 docset/winserver2025-ps/mpio/MPIO.md create mode 100644 docset/winserver2025-ps/mpio/New-MSDSMSupportedHW.md create mode 100644 docset/winserver2025-ps/mpio/Remove-MSDSMSupportedHW.md create mode 100644 docset/winserver2025-ps/mpio/Set-MPIOSetting.md create mode 100644 docset/winserver2025-ps/mpio/Set-MSDSMGlobalDefaultLoadBalancePolicy.md create mode 100644 docset/winserver2025-ps/mpio/Update-MPIOClaimedHW.md create mode 100644 docset/winserver2025-ps/msdtc/Add-DtcClusterTMMapping.md create mode 100644 docset/winserver2025-ps/msdtc/Complete-DtcDiagnosticTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Get-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcAdvancedHostSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcAdvancedSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcClusterDefault.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcClusterTMMapping.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcDefault.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcLog.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcNetworkSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcTransactionsStatistics.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcTransactionsTraceSession.md create mode 100644 docset/winserver2025-ps/msdtc/Get-DtcTransactionsTraceSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Install-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Join-DtcDiagnosticResourceManager.md create mode 100644 docset/winserver2025-ps/msdtc/MsDtc.md create mode 100644 docset/winserver2025-ps/msdtc/New-DtcDiagnosticTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Receive-DtcDiagnosticTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Remove-DtcClusterTMMapping.md create mode 100644 docset/winserver2025-ps/msdtc/Reset-DtcLog.md create mode 100644 docset/winserver2025-ps/msdtc/Send-DtcDiagnosticTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcAdvancedHostSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcAdvancedSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcClusterDefault.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcClusterTMMapping.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcDefault.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcLog.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcNetworkSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcTransactionsTraceSession.md create mode 100644 docset/winserver2025-ps/msdtc/Set-DtcTransactionsTraceSetting.md create mode 100644 docset/winserver2025-ps/msdtc/Start-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Start-DtcDiagnosticResourceManager.md create mode 100644 docset/winserver2025-ps/msdtc/Start-DtcTransactionsTraceSession.md create mode 100644 docset/winserver2025-ps/msdtc/Stop-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Stop-DtcDiagnosticResourceManager.md create mode 100644 docset/winserver2025-ps/msdtc/Stop-DtcTransactionsTraceSession.md create mode 100644 docset/winserver2025-ps/msdtc/Test-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Undo-DtcDiagnosticTransaction.md create mode 100644 docset/winserver2025-ps/msdtc/Uninstall-Dtc.md create mode 100644 docset/winserver2025-ps/msdtc/Write-DtcTransactionsTraceSession.md create mode 100644 docset/winserver2025-ps/msmq/Clear-MSMQOutgoingQueue.md create mode 100644 docset/winserver2025-ps/msmq/Clear-MSMQQueue.md create mode 100644 docset/winserver2025-ps/msmq/Enable-MSMQCertificate.md create mode 100644 docset/winserver2025-ps/msmq/Get-MSMQCertificate.md create mode 100644 docset/winserver2025-ps/msmq/Get-MSMQOutgoingQueue.md create mode 100644 docset/winserver2025-ps/msmq/Get-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Get-MsmqQueueACL.md create mode 100644 docset/winserver2025-ps/msmq/Get-MsmqQueueManager.md create mode 100644 docset/winserver2025-ps/msmq/Get-MsmqQueueManagerACL.md create mode 100644 docset/winserver2025-ps/msmq/MSMQ.md create mode 100644 docset/winserver2025-ps/msmq/Move-MsmqMessage.md create mode 100644 docset/winserver2025-ps/msmq/New-MsmqMessage.md create mode 100644 docset/winserver2025-ps/msmq/New-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Receive-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Remove-MsmqCertificate.md create mode 100644 docset/winserver2025-ps/msmq/Remove-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Resume-MsmqOutgoingQueue.md create mode 100644 docset/winserver2025-ps/msmq/Send-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Set-MsmqQueue.md create mode 100644 docset/winserver2025-ps/msmq/Set-MsmqQueueACL.md create mode 100644 docset/winserver2025-ps/msmq/Set-MsmqQueueManager.md create mode 100644 docset/winserver2025-ps/msmq/Set-MsmqQueueManagerACL.md create mode 100644 docset/winserver2025-ps/msmq/Suspend-MsmqOutgoingQueue.md create mode 100644 docset/winserver2025-ps/multipoint/Add-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Clear-WmsStation.md create mode 100644 docset/winserver2025-ps/multipoint/Close-WmsApp.md create mode 100644 docset/winserver2025-ps/multipoint/Close-WmsSession.md create mode 100644 docset/winserver2025-ps/multipoint/Disable-WmsDiskProtection.md create mode 100644 docset/winserver2025-ps/multipoint/Disable-WmsScheduledUpdate.md create mode 100644 docset/winserver2025-ps/multipoint/Disable-WmsWebLimiting.md create mode 100644 docset/winserver2025-ps/multipoint/Disconnect-WmsSession.md create mode 100644 docset/winserver2025-ps/multipoint/Enable-WmsDiskProtection.md create mode 100644 docset/winserver2025-ps/multipoint/Enable-WmsScheduledUpdate.md create mode 100644 docset/winserver2025-ps/multipoint/Enable-WmsWebLimiting.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsAlert.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsApp.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsDiskProtection.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsScheduledUpdate.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsSession.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsStation.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsUser.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsVersion.md create mode 100644 docset/winserver2025-ps/multipoint/Get-WmsWebLimiting.md create mode 100644 docset/winserver2025-ps/multipoint/Hide-WmsIdentifier.md create mode 100644 docset/winserver2025-ps/multipoint/Join-WmsStation.md create mode 100644 docset/winserver2025-ps/multipoint/Lock-WmsSession.md create mode 100644 docset/winserver2025-ps/multipoint/Lock-WmsUsbStorage.md create mode 100644 docset/winserver2025-ps/multipoint/MultiPoint.md create mode 100644 docset/winserver2025-ps/multipoint/New-WmsUser.md create mode 100644 docset/winserver2025-ps/multipoint/Open-WmsApp.md create mode 100644 docset/winserver2025-ps/multipoint/Publish-WmsDesktop.md create mode 100644 docset/winserver2025-ps/multipoint/Remove-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Remove-WmsUser.md create mode 100644 docset/winserver2025-ps/multipoint/Restart-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Resume-WmsDiskProtection.md create mode 100644 docset/winserver2025-ps/multipoint/Search-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Set-WmsScheduledUpdate.md create mode 100644 docset/winserver2025-ps/multipoint/Set-WmsStation.md create mode 100644 docset/winserver2025-ps/multipoint/Set-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Set-WmsUser.md create mode 100644 docset/winserver2025-ps/multipoint/Set-WmsWebLimiting.md create mode 100644 docset/winserver2025-ps/multipoint/Show-WmsDesktop.md create mode 100644 docset/winserver2025-ps/multipoint/Show-WmsIdentifier.md create mode 100644 docset/winserver2025-ps/multipoint/Split-WmsStation.md create mode 100644 docset/winserver2025-ps/multipoint/Stop-WmsSystem.md create mode 100644 docset/winserver2025-ps/multipoint/Suspend-WmsDiskProtection.md create mode 100644 docset/winserver2025-ps/multipoint/Unlock-WmsSession.md create mode 100644 docset/winserver2025-ps/multipoint/Unlock-WmsUsbStorage.md create mode 100644 docset/winserver2025-ps/multipoint/Unpublish-WmsDesktop.md create mode 100644 docset/winserver2025-ps/multipoint/Update-WmsStation.md create mode 100644 docset/winserver2025-ps/multipointvdi/Disable-WmsVirtualDesktopRole.md create mode 100644 docset/winserver2025-ps/multipointvdi/Enable-WmsVirtualDesktopRole.md create mode 100644 docset/winserver2025-ps/multipointvdi/Get-WmsVirtualDesktop.md create mode 100644 docset/winserver2025-ps/multipointvdi/Import-WmsVirtualDesktop.md create mode 100644 docset/winserver2025-ps/multipointvdi/MultipointVdi.md create mode 100644 docset/winserver2025-ps/multipointvdi/New-WmsVirtualDesktop.md create mode 100644 docset/winserver2025-ps/multipointvdi/New-WmsVirtualDesktopTemplate.md create mode 100644 docset/winserver2025-ps/multipointvdi/Open-WmsVirtualDesktop.md create mode 100644 docset/winserver2025-ps/nanoserverimagegenerator/Edit-NanoServerImage.md create mode 100644 docset/winserver2025-ps/nanoserverimagegenerator/Get-NanoServerPackage.md create mode 100644 docset/winserver2025-ps/nanoserverimagegenerator/NanoServerImageGenerator.md create mode 100644 docset/winserver2025-ps/nanoserverimagegenerator/New-NanoServerImage.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterBinding.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterChecksumOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterEncapsulatedPacketTaskOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterIPsecOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterLso.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterPowerManagement.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterQos.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterRdma.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterRsc.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterRss.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterSriov.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterUso.md create mode 100644 docset/winserver2025-ps/netadapter/Disable-NetAdapterVmq.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterBinding.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterChecksumOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterEncapsulatedPacketTaskOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterIPsecOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterLso.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterPowerManagement.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterQos.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterRdma.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterRsc.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterRss.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterSriov.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterUso.md create mode 100644 docset/winserver2025-ps/netadapter/Enable-NetAdapterVmq.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterAdvancedProperty.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterBinding.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterChecksumOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterDataPathConfiguration.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterEncapsulatedPacketTaskOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterHardwareInfo.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterIPsecOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterLso.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterPowerManagement.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterQos.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterRdma.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterRsc.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterRss.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterSriov.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterSriovVf.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterStatistics.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterUso.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterVPort.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterVmq.md create mode 100644 docset/winserver2025-ps/netadapter/Get-NetAdapterVmqQueue.md create mode 100644 docset/winserver2025-ps/netadapter/NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/New-NetAdapterAdvancedProperty.md create mode 100644 docset/winserver2025-ps/netadapter/Remove-NetAdapterAdvancedProperty.md create mode 100644 docset/winserver2025-ps/netadapter/Rename-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Reset-NetAdapterAdvancedProperty.md create mode 100644 docset/winserver2025-ps/netadapter/Restart-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapter.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterAdvancedProperty.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterBinding.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterChecksumOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterDataPathConfiguration.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterEncapsulatedPacketTaskOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterIPsecOffload.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterLso.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterPowerManagement.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterQos.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterRdma.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterRsc.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterRss.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterSriov.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterUso.md create mode 100644 docset/winserver2025-ps/netadapter/Set-NetAdapterVmq.md create mode 100644 docset/winserver2025-ps/netconnection/Get-NetConnectionProfile.md create mode 100644 docset/winserver2025-ps/netconnection/NetConnection.md create mode 100644 docset/winserver2025-ps/netconnection/Set-NetConnectionProfile.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventPacketCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventVFPProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventVmNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventVmSwitch.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventVmSwitchProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Add-NetEventWFPCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventPacketCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventSession.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventVFPProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventVmNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventVmSwitch.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventVmSwitchProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Get-NetEventWFPCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/NetEventPacketCapture.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/New-NetEventSession.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventPacketCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventSession.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventVFPProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventVmNetworkAdapter.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventVmSwitch.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventVmSwitchProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Remove-NetEventWFPCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventPacketCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventSession.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventVFPProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventVmSwitchProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Set-NetEventWFPCaptureProvider.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Start-NetEventSession.md create mode 100644 docset/winserver2025-ps/neteventpacketcapture/Stop-NetEventSession.md create mode 100644 docset/winserver2025-ps/netlbfo/Add-NetLbfoTeamMember.md create mode 100644 docset/winserver2025-ps/netlbfo/Add-NetLbfoTeamNic.md create mode 100644 docset/winserver2025-ps/netlbfo/Get-NetLbfoTeam.md create mode 100644 docset/winserver2025-ps/netlbfo/Get-NetLbfoTeamMember.md create mode 100644 docset/winserver2025-ps/netlbfo/Get-NetLbfoTeamNic.md create mode 100644 docset/winserver2025-ps/netlbfo/NetLbfo.md create mode 100644 docset/winserver2025-ps/netlbfo/New-NetLbfoTeam.md create mode 100644 docset/winserver2025-ps/netlbfo/Remove-NetLbfoTeam.md create mode 100644 docset/winserver2025-ps/netlbfo/Remove-NetLbfoTeamMember.md create mode 100644 docset/winserver2025-ps/netlbfo/Remove-NetLbfoTeamNic.md create mode 100644 docset/winserver2025-ps/netlbfo/Rename-NetLbfoTeam.md create mode 100644 docset/winserver2025-ps/netlbfo/Set-NetLbfoTeam.md create mode 100644 docset/winserver2025-ps/netlbfo/Set-NetLbfoTeamMember.md create mode 100644 docset/winserver2025-ps/netlbfo/Set-NetLbfoTeamNic.md create mode 100644 docset/winserver2025-ps/netlldpagent/Disable-NetLldpAgent.md create mode 100644 docset/winserver2025-ps/netlldpagent/Enable-NetLldpAgent.md create mode 100644 docset/winserver2025-ps/netlldpagent/Get-NetLldpAgent.md create mode 100644 docset/winserver2025-ps/netlldpagent/NetLldpAgent.md create mode 100644 docset/winserver2025-ps/netnat/Add-NetNatExternalAddress.md create mode 100644 docset/winserver2025-ps/netnat/Add-NetNatStaticMapping.md create mode 100644 docset/winserver2025-ps/netnat/Get-NetNat.md create mode 100644 docset/winserver2025-ps/netnat/Get-NetNatExternalAddress.md create mode 100644 docset/winserver2025-ps/netnat/Get-NetNatGlobal.md create mode 100644 docset/winserver2025-ps/netnat/Get-NetNatSession.md create mode 100644 docset/winserver2025-ps/netnat/Get-NetNatStaticMapping.md create mode 100644 docset/winserver2025-ps/netnat/NetNat.md create mode 100644 docset/winserver2025-ps/netnat/New-NetNat.md create mode 100644 docset/winserver2025-ps/netnat/Remove-NetNat.md create mode 100644 docset/winserver2025-ps/netnat/Remove-NetNatExternalAddress.md create mode 100644 docset/winserver2025-ps/netnat/Remove-NetNatStaticMapping.md create mode 100644 docset/winserver2025-ps/netnat/Set-NetNat.md create mode 100644 docset/winserver2025-ps/netnat/Set-NetNatGlobal.md create mode 100644 docset/winserver2025-ps/netqos/Get-NetQosPolicy.md create mode 100644 docset/winserver2025-ps/netqos/NetQoS.md create mode 100644 docset/winserver2025-ps/netqos/New-NetQosPolicy.md create mode 100644 docset/winserver2025-ps/netqos/Remove-NetQosPolicy.md create mode 100644 docset/winserver2025-ps/netqos/Set-NetQosPolicy.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Disable-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Disable-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Disable-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Disable-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Enable-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Enable-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Enable-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Find-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-DAPolicyChange.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallAddressFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallApplicationFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallDynamicKeywordAddress.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallHyperVPort.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallHyperVProfile.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallHyperVVMCreator.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallHyperVVMSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallInterfaceFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallInterfaceTypeFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallPortFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallProfile.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallSecurityFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallServiceFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetFirewallSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecDospSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecMainModeSA.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecQuickModeSA.md create mode 100644 docset/winserver2025-ps/netsecurity/Get-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/NetSecurity.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetFirewallDynamicKeywordAddress.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetFirewallHyperVProfile.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetFirewallHyperVVMSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecAuthProposal.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecDospSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecMainModeCryptoProposal.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecQuickModeCryptoProposal.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/New-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Open-NetGPO.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetFirewallDynamicKeywordAddress.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecDospSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecMainModeSA.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecQuickModeSA.md create mode 100644 docset/winserver2025-ps/netsecurity/Remove-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Rename-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Save-NetGPO.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallAddressFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallApplicationFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallHyperVProfile.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallHyperVRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallHyperVVMSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallInterfaceFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallInterfaceTypeFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallPortFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallProfile.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallSecurityFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallServiceFilter.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetFirewallSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecDospSetting.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecMainModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecMainModeRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecPhase1AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecPhase2AuthSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecQuickModeCryptoSet.md create mode 100644 docset/winserver2025-ps/netsecurity/Set-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Show-NetFirewallRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Show-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Sync-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netsecurity/Update-NetFirewallDynamicKeywordAddress.md create mode 100644 docset/winserver2025-ps/netsecurity/Update-NetIPsecRule.md create mode 100644 docset/winserver2025-ps/netswitchteam/Add-NetSwitchTeamMember.md create mode 100644 docset/winserver2025-ps/netswitchteam/Get-NetSwitchTeam.md create mode 100644 docset/winserver2025-ps/netswitchteam/Get-NetSwitchTeamMember.md create mode 100644 docset/winserver2025-ps/netswitchteam/NetSwitchTeam.md create mode 100644 docset/winserver2025-ps/netswitchteam/New-NetSwitchTeam.md create mode 100644 docset/winserver2025-ps/netswitchteam/Remove-NetSwitchTeam.md create mode 100644 docset/winserver2025-ps/netswitchteam/Remove-NetSwitchTeamMember.md create mode 100644 docset/winserver2025-ps/netswitchteam/Rename-NetSwitchTeam.md create mode 100644 docset/winserver2025-ps/nettcpip/Find-NetRoute.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetCompartment.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetIPAddress.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetIPConfiguration.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetIPInterface.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetIPv4Protocol.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetIPv6Protocol.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetNeighbor.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetOffloadGlobalSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetPrefixPolicy.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetRoute.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetTCPConnection.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetTCPSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetTransportFilter.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetUDPEndpoint.md create mode 100644 docset/winserver2025-ps/nettcpip/Get-NetUDPSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/NetTCPIP.md create mode 100644 docset/winserver2025-ps/nettcpip/New-NetIPAddress.md create mode 100644 docset/winserver2025-ps/nettcpip/New-NetNeighbor.md create mode 100644 docset/winserver2025-ps/nettcpip/New-NetRoute.md create mode 100644 docset/winserver2025-ps/nettcpip/New-NetTransportFilter.md create mode 100644 docset/winserver2025-ps/nettcpip/Remove-NetIPAddress.md create mode 100644 docset/winserver2025-ps/nettcpip/Remove-NetNeighbor.md create mode 100644 docset/winserver2025-ps/nettcpip/Remove-NetRoute.md create mode 100644 docset/winserver2025-ps/nettcpip/Remove-NetTransportFilter.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetIPAddress.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetIPInterface.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetIPv4Protocol.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetIPv6Protocol.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetNeighbor.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetOffloadGlobalSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetRoute.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetTCPSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/Set-NetUDPSetting.md create mode 100644 docset/winserver2025-ps/nettcpip/Test-NetConnection.md create mode 100644 docset/winserver2025-ps/netwnv/Get-NetVirtualizationCustomerRoute.md create mode 100644 docset/winserver2025-ps/netwnv/Get-NetVirtualizationGlobal.md create mode 100644 docset/winserver2025-ps/netwnv/Get-NetVirtualizationLookupRecord.md create mode 100644 docset/winserver2025-ps/netwnv/Get-NetVirtualizationProviderAddress.md create mode 100644 docset/winserver2025-ps/netwnv/Get-NetVirtualizationProviderRoute.md create mode 100644 docset/winserver2025-ps/netwnv/NetWNV.md create mode 100644 docset/winserver2025-ps/netwnv/New-NetVirtualizationCustomerRoute.md create mode 100644 docset/winserver2025-ps/netwnv/New-NetVirtualizationLookupRecord.md create mode 100644 docset/winserver2025-ps/netwnv/New-NetVirtualizationProviderAddress.md create mode 100644 docset/winserver2025-ps/netwnv/New-NetVirtualizationProviderRoute.md create mode 100644 docset/winserver2025-ps/netwnv/Remove-NetVirtualizationCustomerRoute.md create mode 100644 docset/winserver2025-ps/netwnv/Remove-NetVirtualizationLookupRecord.md create mode 100644 docset/winserver2025-ps/netwnv/Remove-NetVirtualizationProviderAddress.md create mode 100644 docset/winserver2025-ps/netwnv/Remove-NetVirtualizationProviderRoute.md create mode 100644 docset/winserver2025-ps/netwnv/Select-NetVirtualizationNextHop.md create mode 100644 docset/winserver2025-ps/netwnv/Set-NetVirtualizationCustomerRoute.md create mode 100644 docset/winserver2025-ps/netwnv/Set-NetVirtualizationGlobal.md create mode 100644 docset/winserver2025-ps/netwnv/Set-NetVirtualizationLookupRecord.md create mode 100644 docset/winserver2025-ps/netwnv/Set-NetVirtualizationProviderAddress.md create mode 100644 docset/winserver2025-ps/netwnv/Set-NetVirtualizationProviderRoute.md create mode 100644 docset/winserver2025-ps/networkconnectivitystatus/Get-DAConnectionStatus.md create mode 100644 docset/winserver2025-ps/networkconnectivitystatus/Get-NCSIPolicyConfiguration.md create mode 100644 docset/winserver2025-ps/networkconnectivitystatus/NetworkConnectivityStatus.md create mode 100644 docset/winserver2025-ps/networkconnectivitystatus/Reset-NCSIPolicyConfiguration.md create mode 100644 docset/winserver2025-ps/networkconnectivitystatus/Set-NCSIPolicyConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Add-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Clear-NetworkControllerNodeContent.md create mode 100644 docset/winserver2025-ps/networkcontroller/Disable-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Enable-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerAccessControlList.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerAccessControlListRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerAuditingSettingsConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerBackup.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerCluster.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerConnectivityCheck.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerConnectivityCheckResult.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerCredential.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerDiagnostic.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerDiscovery.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerFabricRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerGatewayPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerIDnsServerConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerInternalResourceInstances.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerIpPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerIpReservation.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerBackendAddressPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerFrontendIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerInboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerMux.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerOutboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancerProbe.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLoadBalancingRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLogicalNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerLogicalSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerMacPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerNetworkInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerNetworkInterfaceIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerPublicIpAddress.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerRestore.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerRouteTable.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerServerInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerServiceInsertion.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerState.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerStatistics.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerSubnetEgressReset.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualGatewayBgpPeer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualGatewayBgpRouter.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualGatewayNetworkConnection.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualGatewayPolicyMap.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualNetworkConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualNetworkPeering.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/Get-NetworkControllerVirtualSwitchConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Install-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontroller/Install-NetworkControllerCluster.md create mode 100644 docset/winserver2025-ps/networkcontroller/Invoke-NetworkControllerConnectivityCheck.md create mode 100644 docset/winserver2025-ps/networkcontroller/Invoke-NetworkControllerState.md create mode 100644 docset/winserver2025-ps/networkcontroller/Invoke-NetworkControllerSubnetEgressReset.md create mode 100644 docset/winserver2025-ps/networkcontroller/NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerAccessControlList.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerAccessControlListRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerBackup.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerCredential.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerFabricRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerGatewayPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerIDnsServerConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerIpPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerIpReservation.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancer.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerBackendAddressPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerFrontendIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerInboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerMux.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerOutboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancerProbe.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLoadBalancingRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLogicalNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerLogicalSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerMacPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerNetworkInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerNetworkInterfaceIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerNodeObject.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerPublicIpAddress.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerRestore.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerRouteTable.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerServerInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerServiceInsertion.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualGatewayBgpPeer.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualGatewayBgpRouter.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualGatewayNetworkConnection.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualGatewayPolicyMap.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualNetworkPeering.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/New-NetworkControllerVirtualSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerAccessControlList.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerAccessControlListRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerBackup.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerCredential.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerFabricRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerGatewayPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerIpPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerIpReservation.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerBackendAddressPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerFrontendIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerInboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerMux.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerOutboundNatRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancerProbe.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLoadBalancingRule.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLogicalNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerLogicalSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerMacPool.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerNetworkInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerNetworkInterfaceIpConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerPublicIpAddress.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerRestore.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerRoute.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerRouteTable.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerServerInterface.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerServiceInsertion.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualGateway.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualGatewayBgpPeer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualGatewayBgpRouter.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualGatewayNetworkConnection.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualGatewayPolicyMap.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualNetwork.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualNetworkPeering.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualServer.md create mode 100644 docset/winserver2025-ps/networkcontroller/Remove-NetworkControllerVirtualSubnet.md create mode 100644 docset/winserver2025-ps/networkcontroller/Repair-NetworkControllerCluster.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerAuditingSettingsConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerCluster.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerDiagnostic.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerNode.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerVirtualNetworkConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Set-NetworkControllerVirtualSwitchConfiguration.md create mode 100644 docset/winserver2025-ps/networkcontroller/Uninstall-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontroller/Uninstall-NetworkControllerCluster.md create mode 100644 docset/winserver2025-ps/networkcontroller/Update-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Debug-NetworkController.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Debug-NetworkControllerConfigurationState.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Debug-ServiceFabricNodeStatus.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Get-NetworkControllerDeploymentInfo.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Get-NetworkControllerManagedDevices.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/Get-NetworkControllerReplica.md create mode 100644 docset/winserver2025-ps/networkcontrollerdiagnostics/NetworkControllerDiagnostics.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Add-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Add-NlbClusterNodeDip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Add-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Add-NlbClusterVip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Disable-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Enable-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterDriverInfo.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterNodeDip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterNodeNetworkInterface.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Get-NlbClusterVip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/NetworkLoadBalancingClusters.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/New-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/New-NlbClusterIpv6Address.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Remove-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Remove-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Remove-NlbClusterNodeDip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Remove-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Remove-NlbClusterVip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Resume-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Resume-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterNodeDip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterPortRule.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterPortRuleNodeHandlingPriority.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterPortRuleNodeWeight.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Set-NlbClusterVip.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Start-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Start-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Stop-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Stop-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Suspend-NlbCluster.md create mode 100644 docset/winserver2025-ps/networkloadbalancingclusters/Suspend-NlbClusterNode.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Disable-NetworkSwitchEthernetPort.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Disable-NetworkSwitchFeature.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Disable-NetworkSwitchVlan.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Enable-NetworkSwitchEthernetPort.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Enable-NetworkSwitchFeature.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Enable-NetworkSwitchVlan.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Get-NetworkSwitchEthernetPort.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Get-NetworkSwitchFeature.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Get-NetworkSwitchGlobalData.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Get-NetworkSwitchVlan.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/NetworkSwitchManager.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/New-NetworkSwitchVlan.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Remove-NetworkSwitchEthernetPortIPAddress.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Remove-NetworkSwitchVlan.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Restore-NetworkSwitchConfiguration.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Save-NetworkSwitchConfiguration.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Set-NetworkSwitchEthernetPortIPAddress.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Set-NetworkSwitchPortMode.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Set-NetworkSwitchPortProperty.md create mode 100644 docset/winserver2025-ps/networkswitchmanager/Set-NetworkSwitchVlanProperty.md create mode 100644 docset/winserver2025-ps/networktransition/Add-NetIPHttpsCertBinding.md create mode 100644 docset/winserver2025-ps/networktransition/Disable-NetDnsTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Disable-NetIPHttpsProfile.md create mode 100644 docset/winserver2025-ps/networktransition/Disable-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Enable-NetDnsTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Enable-NetIPHttpsProfile.md create mode 100644 docset/winserver2025-ps/networktransition/Enable-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-Net6to4Configuration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetDnsTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetDnsTransitionMonitoring.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetIPHttpsState.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetIsatapConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetNatTransitionMonitoring.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetTeredoConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Get-NetTeredoState.md create mode 100644 docset/winserver2025-ps/networktransition/NetworkTransition.md create mode 100644 docset/winserver2025-ps/networktransition/New-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/New-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Remove-NetIPHttpsCertBinding.md create mode 100644 docset/winserver2025-ps/networktransition/Remove-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Remove-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Rename-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Reset-Net6to4Configuration.md create mode 100644 docset/winserver2025-ps/networktransition/Reset-NetDnsTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Reset-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Reset-NetIsatapConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Reset-NetTeredoConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-Net6to4Configuration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-NetDnsTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-NetIPHttpsConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-NetIsatapConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-NetNatTransitionConfiguration.md create mode 100644 docset/winserver2025-ps/networktransition/Set-NetTeredoConfiguration.md create mode 100644 docset/winserver2025-ps/nfs/Disconnect-NfsSession.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsClientConfiguration.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsClientLock.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsClientgroup.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsMappingStore.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsMountedClient.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsNetgroup.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsNetgroupStore.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsOpenFile.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsServerConfiguration.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsSession.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsShare.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsSharePermission.md create mode 100644 docset/winserver2025-ps/nfs/Get-NfsStatistics.md create mode 100644 docset/winserver2025-ps/nfs/Grant-NfsSharePermission.md create mode 100644 docset/winserver2025-ps/nfs/Install-NfsMappingStore.md create mode 100644 docset/winserver2025-ps/nfs/NFS.md create mode 100644 docset/winserver2025-ps/nfs/New-NfsClientgroup.md create mode 100644 docset/winserver2025-ps/nfs/New-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/New-NfsNetgroup.md create mode 100644 docset/winserver2025-ps/nfs/New-NfsShare.md create mode 100644 docset/winserver2025-ps/nfs/Remove-NfsClientgroup.md create mode 100644 docset/winserver2025-ps/nfs/Remove-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/Remove-NfsNetgroup.md create mode 100644 docset/winserver2025-ps/nfs/Remove-NfsShare.md create mode 100644 docset/winserver2025-ps/nfs/Rename-NfsClientgroup.md create mode 100644 docset/winserver2025-ps/nfs/Reset-NfsStatistics.md create mode 100644 docset/winserver2025-ps/nfs/Resolve-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/Revoke-NfsClientLock.md create mode 100644 docset/winserver2025-ps/nfs/Revoke-NfsMountedClient.md create mode 100644 docset/winserver2025-ps/nfs/Revoke-NfsOpenFile.md create mode 100644 docset/winserver2025-ps/nfs/Revoke-NfsSharePermission.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsClientConfiguration.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsClientgroup.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsMappingStore.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsNetgroup.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsNetgroupStore.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsServerConfiguration.md create mode 100644 docset/winserver2025-ps/nfs/Set-NfsShare.md create mode 100644 docset/winserver2025-ps/nfs/Test-NfsMappedIdentity.md create mode 100644 docset/winserver2025-ps/nfs/Test-NfsMappingStore.md create mode 100644 docset/winserver2025-ps/nps/Export-NpsConfiguration.md create mode 100644 docset/winserver2025-ps/nps/Get-NpsRadiusClient.md create mode 100644 docset/winserver2025-ps/nps/Get-NpsSharedSecretTemplate.md create mode 100644 docset/winserver2025-ps/nps/Import-NpsConfiguration.md create mode 100644 docset/winserver2025-ps/nps/NPS.md create mode 100644 docset/winserver2025-ps/nps/New-NpsRadiusClient.md create mode 100644 docset/winserver2025-ps/nps/Remove-NpsRadiusClient.md create mode 100644 docset/winserver2025-ps/nps/Set-NpsRadiusClient.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Clear-PcsvDeviceLog.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Get-PcsvDevice.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Get-PcsvDeviceLog.md create mode 100644 docset/winserver2025-ps/pcsvdevice/PcsvDevice.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Restart-PcsvDevice.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Set-PcsvDeviceBootConfiguration.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Set-PcsvDeviceNetworkConfiguration.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Set-PcsvDeviceUserPassword.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Start-PcsvDevice.md create mode 100644 docset/winserver2025-ps/pcsvdevice/Stop-PcsvDevice.md create mode 100644 docset/winserver2025-ps/persistentmemory/Get-PmemDedicatedMemory.md create mode 100644 docset/winserver2025-ps/persistentmemory/Get-PmemDisk.md create mode 100644 docset/winserver2025-ps/persistentmemory/Get-PmemPhysicalDevice.md create mode 100644 docset/winserver2025-ps/persistentmemory/Get-PmemUnusedRegion.md create mode 100644 docset/winserver2025-ps/persistentmemory/Initialize-PmemPhysicalDevice.md create mode 100644 docset/winserver2025-ps/persistentmemory/New-PmemDedicatedMemory.md create mode 100644 docset/winserver2025-ps/persistentmemory/New-PmemDisk.md create mode 100644 docset/winserver2025-ps/persistentmemory/PersistentMemory.md create mode 100644 docset/winserver2025-ps/persistentmemory/Remove-PmemDedicatedMemory.md create mode 100644 docset/winserver2025-ps/persistentmemory/Remove-PmemDisk.md create mode 100644 docset/winserver2025-ps/pki/Add-CertificateEnrollmentPolicyServer.md create mode 100644 docset/winserver2025-ps/pki/Export-Certificate.md create mode 100644 docset/winserver2025-ps/pki/Export-PfxCertificate.md create mode 100644 docset/winserver2025-ps/pki/Get-Certificate.md create mode 100644 docset/winserver2025-ps/pki/Get-CertificateAutoEnrollmentPolicy.md create mode 100644 docset/winserver2025-ps/pki/Get-CertificateEnrollmentPolicyServer.md create mode 100644 docset/winserver2025-ps/pki/Get-CertificateNotificationTask.md create mode 100644 docset/winserver2025-ps/pki/Get-PfxData.md create mode 100644 docset/winserver2025-ps/pki/Import-Certificate.md create mode 100644 docset/winserver2025-ps/pki/Import-PfxCertificate.md create mode 100644 docset/winserver2025-ps/pki/New-CertificateNotificationTask.md create mode 100644 docset/winserver2025-ps/pki/New-SelfSignedCertificate.md create mode 100644 docset/winserver2025-ps/pki/Remove-CertificateEnrollmentPolicyServer.md create mode 100644 docset/winserver2025-ps/pki/Remove-CertificateNotificationTask.md create mode 100644 docset/winserver2025-ps/pki/Set-CertificateAutoEnrollmentPolicy.md create mode 100644 docset/winserver2025-ps/pki/Switch-Certificate.md create mode 100644 docset/winserver2025-ps/pki/Test-Certificate.md create mode 100644 docset/winserver2025-ps/pki/pki.md create mode 100644 docset/winserver2025-ps/platformidentifier/Get-PlatformIdentifier.md create mode 100644 docset/winserver2025-ps/platformidentifier/PlatformIdentifier.md create mode 100644 docset/winserver2025-ps/pnpdevice/Disable-PnpDevice.md create mode 100644 docset/winserver2025-ps/pnpdevice/Enable-PnpDevice.md create mode 100644 docset/winserver2025-ps/pnpdevice/Get-PnpDevice.md create mode 100644 docset/winserver2025-ps/pnpdevice/Get-PnpDeviceProperty.md create mode 100644 docset/winserver2025-ps/pnpdevice/PnpDevice.md create mode 100644 docset/winserver2025-ps/printmanagement/Add-Printer.md create mode 100644 docset/winserver2025-ps/printmanagement/Add-PrinterDriver.md create mode 100644 docset/winserver2025-ps/printmanagement/Add-PrinterPort.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-PrintConfiguration.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-PrintJob.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-Printer.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-PrinterDriver.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-PrinterPort.md create mode 100644 docset/winserver2025-ps/printmanagement/Get-PrinterProperty.md create mode 100644 docset/winserver2025-ps/printmanagement/PrintManagement.md create mode 100644 docset/winserver2025-ps/printmanagement/Read-PrinterNfcTag.md create mode 100644 docset/winserver2025-ps/printmanagement/Remove-PrintJob.md create mode 100644 docset/winserver2025-ps/printmanagement/Remove-Printer.md create mode 100644 docset/winserver2025-ps/printmanagement/Remove-PrinterDriver.md create mode 100644 docset/winserver2025-ps/printmanagement/Remove-PrinterPort.md create mode 100644 docset/winserver2025-ps/printmanagement/Rename-Printer.md create mode 100644 docset/winserver2025-ps/printmanagement/Restart-PrintJob.md create mode 100644 docset/winserver2025-ps/printmanagement/Resume-PrintJob.md create mode 100644 docset/winserver2025-ps/printmanagement/Set-PrintConfiguration.md create mode 100644 docset/winserver2025-ps/printmanagement/Set-Printer.md create mode 100644 docset/winserver2025-ps/printmanagement/Set-PrinterProperty.md create mode 100644 docset/winserver2025-ps/printmanagement/Suspend-PrintJob.md create mode 100644 docset/winserver2025-ps/printmanagement/Write-PrinterNfcTag.md create mode 100644 docset/winserver2025-ps/processmitigations/ConvertTo-ProcessMitigationPolicy.md create mode 100644 docset/winserver2025-ps/processmitigations/Get-ProcessMitigation.md create mode 100644 docset/winserver2025-ps/processmitigations/ProcessMitigations.md create mode 100644 docset/winserver2025-ps/processmitigations/Set-ProcessMitigation.md create mode 100644 docset/winserver2025-ps/provisioning/Export-ProvisioningPackage.md create mode 100644 docset/winserver2025-ps/provisioning/Export-Trace.md create mode 100644 docset/winserver2025-ps/provisioning/Get-ProvisioningPackage.md create mode 100644 docset/winserver2025-ps/provisioning/Get-TrustedProvisioningCertificate.md create mode 100644 docset/winserver2025-ps/provisioning/Install-ProvisioningPackage.md create mode 100644 docset/winserver2025-ps/provisioning/Install-TrustedProvisioningCertificate.md create mode 100644 docset/winserver2025-ps/provisioning/Provisioning.md create mode 100644 docset/winserver2025-ps/provisioning/Uninstall-ProvisioningPackage.md create mode 100644 docset/winserver2025-ps/provisioning/Uninstall-TrustedProvisioningCertificate.md create mode 100644 docset/winserver2025-ps/rdmgmt/Add-RDServer.md create mode 100644 docset/winserver2025-ps/rdmgmt/Add-RDSessionHost.md create mode 100644 docset/winserver2025-ps/rdmgmt/Add-RDVirtualDesktopToCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Disable-RDVirtualDesktopADMachineAccountReuse.md create mode 100644 docset/winserver2025-ps/rdmgmt/Disconnect-RDUser.md create mode 100644 docset/winserver2025-ps/rdmgmt/Enable-RDVirtualDesktopADMachineAccountReuse.md create mode 100644 docset/winserver2025-ps/rdmgmt/Export-RDPersonalSessionDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Export-RDPersonalVirtualDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDAvailableApp.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDCertificate.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDConnectionBrokerHighAvailability.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDDeploymentGatewayConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDFileTypeAssociation.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDLicenseConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDPersonalSessionDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDPersonalVirtualDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDPersonalVirtualDesktopPatchSchedule.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDRemoteApp.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDRemoteDesktop.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDServer.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDSessionCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDSessionCollectionConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDSessionHost.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDUserSession.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktop.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopCollectionConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopCollectionJobStatus.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopConcurrency.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopIdleCount.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDVirtualDesktopTemplateExportPath.md create mode 100644 docset/winserver2025-ps/rdmgmt/Get-RDWorkspace.md create mode 100644 docset/winserver2025-ps/rdmgmt/Grant-RDOUAccess.md create mode 100644 docset/winserver2025-ps/rdmgmt/Import-RDPersonalSessionDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Import-RDPersonalVirtualDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Invoke-RDUserLogoff.md create mode 100644 docset/winserver2025-ps/rdmgmt/Move-RDVirtualDesktop.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDCertificate.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDPersonalVirtualDesktopPatchSchedule.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDRemoteApp.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDSessionCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDSessionDeployment.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDVirtualDesktopCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/New-RDVirtualDesktopDeployment.md create mode 100644 docset/winserver2025-ps/rdmgmt/RDMgmt.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDDatabaseConnectionString.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDPersonalSessionDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDPersonalVirtualDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDPersonalVirtualDesktopPatchSchedule.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDRemoteApp.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDServer.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDSessionCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDSessionHost.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDVirtualDesktopCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Remove-RDVirtualDesktopFromCollection.md create mode 100644 docset/winserver2025-ps/rdmgmt/Send-RDUserMessage.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDActiveManagementServer.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDCertificate.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDClientAccessName.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDConnectionBrokerHighAvailability.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDDatabaseConnectionString.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDDeploymentGatewayConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDFileTypeAssociation.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDLicenseConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDPersonalSessionDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDPersonalVirtualDesktopAssignment.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDPersonalVirtualDesktopPatchSchedule.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDRemoteApp.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDRemoteDesktop.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDSessionCollectionConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDSessionHost.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDVirtualDesktopCollectionConfiguration.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDVirtualDesktopConcurrency.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDVirtualDesktopIdleCount.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDVirtualDesktopTemplateExportPath.md create mode 100644 docset/winserver2025-ps/rdmgmt/Set-RDWorkspace.md create mode 100644 docset/winserver2025-ps/rdmgmt/Stop-RDVirtualDesktopCollectionJob.md create mode 100644 docset/winserver2025-ps/rdmgmt/Test-RDOUAccess.md create mode 100644 docset/winserver2025-ps/rdmgmt/Test-RDVirtualDesktopADMachineAccountReuse.md create mode 100644 docset/winserver2025-ps/rdmgmt/Update-RDVirtualDesktopCollection.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpCustomRoute.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpRouteAggregate.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpRouter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpRoutingPolicy.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-BgpRoutingPolicyForPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-DAAppServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-DAClient.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-DAClientDnsConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-DAEntryPoint.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-DAMgmtServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-RemoteAccessIpFilter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-RemoteAccessLoadBalancerNode.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-RemoteAccessRadius.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-VpnIPAddressRange.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Add-VpnSstpProxyRule.md create mode 100644 docset/winserver2025-ps/remoteaccess/Clear-BgpRouteFlapDampening.md create mode 100644 docset/winserver2025-ps/remoteaccess/Clear-RemoteAccessInboxAccountingStore.md create mode 100644 docset/winserver2025-ps/remoteaccess/Clear-VpnS2SInterfaceStatistics.md create mode 100644 docset/winserver2025-ps/remoteaccess/Connect-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disable-BgpRouteFlapDampening.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disable-DAMultiSite.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disable-DAOtpAuthentication.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disable-RemoteAccessRoutingDomain.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disconnect-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Disconnect-VpnUser.md create mode 100644 docset/winserver2025-ps/remoteaccess/Enable-BgpRouteFlapDampening.md create mode 100644 docset/winserver2025-ps/remoteaccess/Enable-DAMultiSite.md create mode 100644 docset/winserver2025-ps/remoteaccess/Enable-DAOtpAuthentication.md create mode 100644 docset/winserver2025-ps/remoteaccess/Enable-RemoteAccessRoutingDomain.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpCustomRoute.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpRouteAggregate.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpRouteFlapDampening.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpRouteInformation.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpRouter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpRoutingPolicy.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-BgpStatistics.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAAppServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAClient.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAClientDnsConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAEntryPoint.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAEntryPointDC.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAMgmtServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAMultiSite.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DANetworkLocationServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAOtpAuthentication.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-DAServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccess.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessAccounting.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessConnectionStatistics.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessConnectionStatisticsSummary.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessHealth.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessIpFilter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessLoadBalancer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessRadius.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessRoutingDomain.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RemoteAccessUserActivity.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-RoutingProtocolPreference.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-VpnAuthProtocol.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-VpnS2SInterfaceStatistics.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-VpnServerConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Get-VpnSstpProxyRule.md create mode 100644 docset/winserver2025-ps/remoteaccess/Install-RemoteAccess.md create mode 100644 docset/winserver2025-ps/remoteaccess/New-VpnSstpProxyRule.md create mode 100644 docset/winserver2025-ps/remoteaccess/New-VpnTrafficSelector.md create mode 100644 docset/winserver2025-ps/remoteaccess/RemoteAccess.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpCustomRoute.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpRouteAggregate.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpRouter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpRoutingPolicy.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-BgpRoutingPolicyForPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-DAAppServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-DAClient.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-DAClientDnsConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-DAEntryPoint.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-DAMgmtServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-RemoteAccessIpFilter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-RemoteAccessLoadBalancerNode.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-RemoteAccessRadius.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-VpnIPAddressRange.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Remove-VpnSstpProxyRule.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpRouteAggregate.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpRouteFlapDampening.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpRouter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpRoutingPolicy.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-BgpRoutingPolicyForPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAAppServerConnection.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAClient.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAClientDnsConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAEntryPoint.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAEntryPointDC.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAMultiSite.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DANetworkLocationServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAOtpAuthentication.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-DAServer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccess.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessAccounting.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessInboxAccountingStore.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessIpFilter.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessLoadBalancer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessRadius.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RemoteAccessRoutingDomain.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-RoutingProtocolPreference.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnAuthProtocol.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnAuthType.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnIPAddressAssignment.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnS2SInterface.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnServerConfiguration.md create mode 100644 docset/winserver2025-ps/remoteaccess/Set-VpnSstpProxyRule.md create mode 100644 docset/winserver2025-ps/remoteaccess/Start-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Stop-BgpPeer.md create mode 100644 docset/winserver2025-ps/remoteaccess/Uninstall-RemoteAccess.md create mode 100644 docset/winserver2025-ps/remoteaccess/Update-DAMgmtServer.md create mode 100644 docset/winserver2025-ps/remotedesktopservices/Convert-License.md create mode 100644 docset/winserver2025-ps/remotedesktopservices/RemoteDesktopServices.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Disable-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Enable-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Export-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Get-ClusteredScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Get-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Get-ScheduledTaskInfo.md create mode 100644 docset/winserver2025-ps/scheduledtasks/New-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/New-ScheduledTaskAction.md create mode 100644 docset/winserver2025-ps/scheduledtasks/New-ScheduledTaskPrincipal.md create mode 100644 docset/winserver2025-ps/scheduledtasks/New-ScheduledTaskSettingsSet.md create mode 100644 docset/winserver2025-ps/scheduledtasks/New-ScheduledTaskTrigger.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Register-ClusteredScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Register-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/ScheduledTasks.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Set-ClusteredScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Set-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Start-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Stop-ScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Unregister-ClusteredScheduledTask.md create mode 100644 docset/winserver2025-ps/scheduledtasks/Unregister-ScheduledTask.md create mode 100644 docset/winserver2025-ps/secureboot/Confirm-SecureBootUEFI.md create mode 100644 docset/winserver2025-ps/secureboot/Format-SecureBootUEFI.md create mode 100644 docset/winserver2025-ps/secureboot/Get-SecureBootPolicy.md create mode 100644 docset/winserver2025-ps/secureboot/Get-SecureBootUEFI.md create mode 100644 docset/winserver2025-ps/secureboot/SecureBoot.md create mode 100644 docset/winserver2025-ps/secureboot/Set-SecureBootUEFI.md create mode 100644 docset/winserver2025-ps/servercore/Get-DisplayResolution.md create mode 100644 docset/winserver2025-ps/servercore/ServerCore.md create mode 100644 docset/winserver2025-ps/servercore/Set-DisplayResolution.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMCounterSample.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMPerformanceCollector.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerBpaResult.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerClusterName.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerEvent.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerFeature.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerInventory.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Get-SMServerService.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Remove-SMServerPerformanceLog.md create mode 100644 docset/winserver2025-ps/servermanagertasks/ServerManagerTasks.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Start-SMPerformanceCollector.md create mode 100644 docset/winserver2025-ps/servermanagertasks/Stop-SMPerformanceCollector.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/Get-KeyProtectorFromShieldingDataFile.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/Get-ShieldedVMProvisioningStatus.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/Initialize-ShieldedVM.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/New-ShieldedVMSpecializationDataFile.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/ShieldedVmCmdlets.md create mode 100644 docset/winserver2025-ps/shieldedvmcmdlets/Test-ShieldingDataApplicability.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/Import-ShieldingDataFile.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/New-ShieldingDataFile.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/New-VolumeIDQualifier.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/Save-ShieldedVMRecoveryKey.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/Save-VolumeSignatureCatalog.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/ShieldedVMDataFile.md create mode 100644 docset/winserver2025-ps/shieldedvmdatafile/Unprotect-ShieldedVMRecoveryKey.md create mode 100644 docset/winserver2025-ps/shieldedvmtemplate/Initialize-VMShieldingHelperVHD.md create mode 100644 docset/winserver2025-ps/shieldedvmtemplate/Protect-TemplateDisk.md create mode 100644 docset/winserver2025-ps/shieldedvmtemplate/ShieldedVMTemplate.md create mode 100644 docset/winserver2025-ps/smbshare/Block-SmbShareAccess.md create mode 100644 docset/winserver2025-ps/smbshare/Close-SmbOpenFile.md create mode 100644 docset/winserver2025-ps/smbshare/Close-SmbSession.md create mode 100644 docset/winserver2025-ps/smbshare/Disable-SmbDelegation.md create mode 100644 docset/winserver2025-ps/smbshare/Enable-SmbDelegation.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbBandwidthLimit.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbClientConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbClientNetworkInterface.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbConnection.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbDelegation.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbGlobalMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbMultichannelConnection.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbMultichannelConstraint.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbOpenFile.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbServerCertProps.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbServerCertificateMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbServerConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbServerNetworkInterface.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbSession.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbShare.md create mode 100644 docset/winserver2025-ps/smbshare/Get-SmbShareAccess.md create mode 100644 docset/winserver2025-ps/smbshare/Grant-SmbShareAccess.md create mode 100644 docset/winserver2025-ps/smbshare/New-SmbGlobalMapping.md create mode 100644 docset/winserver2025-ps/smbshare/New-SmbMapping.md create mode 100644 docset/winserver2025-ps/smbshare/New-SmbMultichannelConstraint.md create mode 100644 docset/winserver2025-ps/smbshare/New-SmbServerCertificateMapping.md create mode 100644 docset/winserver2025-ps/smbshare/New-SmbShare.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbBandwidthLimit.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbComponent.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbGlobalMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbMultichannelConstraint.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbServerCertificateMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Remove-SmbShare.md create mode 100644 docset/winserver2025-ps/smbshare/Reset-SmbClientConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Reset-SmbServerConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Revoke-SmbShareAccess.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbBandwidthLimit.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbClientConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbPathAcl.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbServerCertificateMapping.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbServerConfiguration.md create mode 100644 docset/winserver2025-ps/smbshare/Set-SmbShare.md create mode 100644 docset/winserver2025-ps/smbshare/SmbShare.md create mode 100644 docset/winserver2025-ps/smbshare/Unblock-SmbShareAccess.md create mode 100644 docset/winserver2025-ps/smbshare/Update-SmbMultichannelConnection.md create mode 100644 docset/winserver2025-ps/smbwitness/Get-SmbWitnessClient.md create mode 100644 docset/winserver2025-ps/smbwitness/Move-SmbWitnessClient.md create mode 100644 docset/winserver2025-ps/smbwitness/SmbWitness.md create mode 100644 docset/winserver2025-ps/smisconfig/Register-SmisProvider.md create mode 100644 docset/winserver2025-ps/smisconfig/SMISConfig.md create mode 100644 docset/winserver2025-ps/smisconfig/Search-SmisProvider.md create mode 100644 docset/winserver2025-ps/smisconfig/Unregister-SmisProvider.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilComputer.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilComputerIdentity.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilData.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilLogging.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilSoftware.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilUalAccess.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Get-SilWindowsUpdate.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Publish-SilData.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Set-SilLogging.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/SoftwareInventoryLogging.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Start-SilLogging.md create mode 100644 docset/winserver2025-ps/softwareinventorylogging/Stop-SilLogging.md create mode 100644 docset/winserver2025-ps/startlayout/Export-StartLayout.md create mode 100644 docset/winserver2025-ps/startlayout/Export-StartLayoutEdgeAssets.md create mode 100644 docset/winserver2025-ps/startlayout/Get-StartApps.md create mode 100644 docset/winserver2025-ps/startlayout/Import-StartLayout.md create mode 100644 docset/winserver2025-ps/startlayout/StartLayout.md create mode 100644 docset/winserver2025-ps/storage/Add-InitiatorIdToMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Add-PartitionAccessPath.md create mode 100644 docset/winserver2025-ps/storage/Add-PhysicalDisk.md create mode 100644 docset/winserver2025-ps/storage/Add-TargetPortToMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Add-VirtualDiskToMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Block-FileShareAccess.md create mode 100644 docset/winserver2025-ps/storage/Clear-Disk.md create mode 100644 docset/winserver2025-ps/storage/Clear-FileStorageTier.md create mode 100644 docset/winserver2025-ps/storage/Connect-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Debug-FileShare.md create mode 100644 docset/winserver2025-ps/storage/Debug-StorageSubSystem.md create mode 100644 docset/winserver2025-ps/storage/Debug-Volume.md create mode 100644 docset/winserver2025-ps/storage/Disable-PhysicalDiskIdentification.md create mode 100644 docset/winserver2025-ps/storage/Disable-StorageEnclosureIdentification.md create mode 100644 docset/winserver2025-ps/storage/Disable-StorageHighAvailability.md create mode 100644 docset/winserver2025-ps/storage/Disable-StorageMaintenanceMode.md create mode 100644 docset/winserver2025-ps/storage/Disconnect-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Dismount-DiskImage.md create mode 100644 docset/winserver2025-ps/storage/Enable-PhysicalDiskIdentification.md create mode 100644 docset/winserver2025-ps/storage/Enable-StorageEnclosureIdentification.md create mode 100644 docset/winserver2025-ps/storage/Enable-StorageHighAvailability.md create mode 100644 docset/winserver2025-ps/storage/Enable-StorageMaintenanceMode.md create mode 100644 docset/winserver2025-ps/storage/Format-Volume.md create mode 100644 docset/winserver2025-ps/storage/Get-DedupProperties.md create mode 100644 docset/winserver2025-ps/storage/Get-Disk.md create mode 100644 docset/winserver2025-ps/storage/Get-DiskImage.md create mode 100644 docset/winserver2025-ps/storage/Get-DiskStorageNodeView.md create mode 100644 docset/winserver2025-ps/storage/Get-FileIntegrity.md create mode 100644 docset/winserver2025-ps/storage/Get-FileShare.md create mode 100644 docset/winserver2025-ps/storage/Get-FileShareAccessControlEntry.md create mode 100644 docset/winserver2025-ps/storage/Get-FileStorageTier.md create mode 100644 docset/winserver2025-ps/storage/Get-InitiatorId.md create mode 100644 docset/winserver2025-ps/storage/Get-InitiatorPort.md create mode 100644 docset/winserver2025-ps/storage/Get-MaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Get-OffloadDataTransferSetting.md create mode 100644 docset/winserver2025-ps/storage/Get-Partition.md create mode 100644 docset/winserver2025-ps/storage/Get-PartitionSupportedSize.md create mode 100644 docset/winserver2025-ps/storage/Get-PhysicalDisk.md create mode 100644 docset/winserver2025-ps/storage/Get-PhysicalDiskStorageNodeView.md create mode 100644 docset/winserver2025-ps/storage/Get-PhysicalExtent.md create mode 100644 docset/winserver2025-ps/storage/Get-PhysicalExtentAssociation.md create mode 100644 docset/winserver2025-ps/storage/Get-ResiliencySetting.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageAdvancedProperty.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageDiagnosticInfo.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageEnclosure.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageEnclosureStorageNodeView.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageEnclosureVendorData.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageFaultDomain.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageFileServer.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageFirmwareInformation.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageHealthAction.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageHealthReport.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageHealthSetting.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageJob.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageNode.md create mode 100644 docset/winserver2025-ps/storage/Get-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageProvider.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageReliabilityCounter.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageSetting.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageSubSystem.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageTier.md create mode 100644 docset/winserver2025-ps/storage/Get-StorageTierSupportedSize.md create mode 100644 docset/winserver2025-ps/storage/Get-SupportedClusterSizes.md create mode 100644 docset/winserver2025-ps/storage/Get-SupportedFileSystems.md create mode 100644 docset/winserver2025-ps/storage/Get-TargetPort.md create mode 100644 docset/winserver2025-ps/storage/Get-TargetPortal.md create mode 100644 docset/winserver2025-ps/storage/Get-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Get-VirtualDiskSupportedSize.md create mode 100644 docset/winserver2025-ps/storage/Get-Volume.md create mode 100644 docset/winserver2025-ps/storage/Get-VolumeCorruptionCount.md create mode 100644 docset/winserver2025-ps/storage/Get-VolumeScrubPolicy.md create mode 100644 docset/winserver2025-ps/storage/Grant-FileShareAccess.md create mode 100644 docset/winserver2025-ps/storage/Hide-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Initialize-Disk.md create mode 100644 docset/winserver2025-ps/storage/Mount-DiskImage.md create mode 100644 docset/winserver2025-ps/storage/New-FileShare.md create mode 100644 docset/winserver2025-ps/storage/New-MaskingSet.md create mode 100644 docset/winserver2025-ps/storage/New-Partition.md create mode 100644 docset/winserver2025-ps/storage/New-StorageFileServer.md create mode 100644 docset/winserver2025-ps/storage/New-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/New-StorageSubsystemVirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/New-StorageTier.md create mode 100644 docset/winserver2025-ps/storage/New-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/New-VirtualDiskClone.md create mode 100644 docset/winserver2025-ps/storage/New-VirtualDiskSnapshot.md create mode 100644 docset/winserver2025-ps/storage/New-Volume.md create mode 100644 docset/winserver2025-ps/storage/Optimize-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/Optimize-Volume.md create mode 100644 docset/winserver2025-ps/storage/Register-StorageSubsystem.md create mode 100644 docset/winserver2025-ps/storage/Remove-FileShare.md create mode 100644 docset/winserver2025-ps/storage/Remove-InitiatorId.md create mode 100644 docset/winserver2025-ps/storage/Remove-InitiatorIdFromMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Remove-MaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Remove-Partition.md create mode 100644 docset/winserver2025-ps/storage/Remove-PartitionAccessPath.md create mode 100644 docset/winserver2025-ps/storage/Remove-PhysicalDisk.md create mode 100644 docset/winserver2025-ps/storage/Remove-StorageFileServer.md create mode 100644 docset/winserver2025-ps/storage/Remove-StorageHealthSetting.md create mode 100644 docset/winserver2025-ps/storage/Remove-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/Remove-StorageTier.md create mode 100644 docset/winserver2025-ps/storage/Remove-TargetPortFromMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Remove-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Remove-VirtualDiskFromMaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Rename-MaskingSet.md create mode 100644 docset/winserver2025-ps/storage/Repair-FileIntegrity.md create mode 100644 docset/winserver2025-ps/storage/Repair-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Repair-Volume.md create mode 100644 docset/winserver2025-ps/storage/Reset-PhysicalDisk.md create mode 100644 docset/winserver2025-ps/storage/Reset-StorageReliabilityCounter.md create mode 100644 docset/winserver2025-ps/storage/Resize-Partition.md create mode 100644 docset/winserver2025-ps/storage/Resize-StorageTier.md create mode 100644 docset/winserver2025-ps/storage/Resize-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Revoke-FileShareAccess.md create mode 100644 docset/winserver2025-ps/storage/Set-Disk.md create mode 100644 docset/winserver2025-ps/storage/Set-FileIntegrity.md create mode 100644 docset/winserver2025-ps/storage/Set-FileShare.md create mode 100644 docset/winserver2025-ps/storage/Set-FileStorageTier.md create mode 100644 docset/winserver2025-ps/storage/Set-InitiatorPort.md create mode 100644 docset/winserver2025-ps/storage/Set-Partition.md create mode 100644 docset/winserver2025-ps/storage/Set-PhysicalDisk.md create mode 100644 docset/winserver2025-ps/storage/Set-ResiliencySetting.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageFileServer.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageHealthSetting.md create mode 100644 docset/winserver2025-ps/storage/Set-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageProvider.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageSetting.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageSubSystem.md create mode 100644 docset/winserver2025-ps/storage/Set-StorageTier.md create mode 100644 docset/winserver2025-ps/storage/Set-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Set-Volume.md create mode 100644 docset/winserver2025-ps/storage/Set-VolumeScrubPolicy.md create mode 100644 docset/winserver2025-ps/storage/Show-VirtualDisk.md create mode 100644 docset/winserver2025-ps/storage/Start-StorageDiagnosticLog.md create mode 100644 docset/winserver2025-ps/storage/Stop-StorageDiagnosticLog.md create mode 100644 docset/winserver2025-ps/storage/Stop-StorageJob.md create mode 100644 docset/winserver2025-ps/storage/Storage.md create mode 100644 docset/winserver2025-ps/storage/Unblock-FileShareAccess.md create mode 100644 docset/winserver2025-ps/storage/Unregister-StorageSubsystem.md create mode 100644 docset/winserver2025-ps/storage/Update-Disk.md create mode 100644 docset/winserver2025-ps/storage/Update-HostStorageCache.md create mode 100644 docset/winserver2025-ps/storage/Update-StorageFirmware.md create mode 100644 docset/winserver2025-ps/storage/Update-StoragePool.md create mode 100644 docset/winserver2025-ps/storage/Update-StorageProviderCache.md create mode 100644 docset/winserver2025-ps/storage/Write-VolumeCache.md create mode 100644 docset/winserver2025-ps/storageqos/Get-StorageQoSFlow.md create mode 100644 docset/winserver2025-ps/storageqos/Get-StorageQosPolicy.md create mode 100644 docset/winserver2025-ps/storageqos/Get-StorageQosPolicyStore.md create mode 100644 docset/winserver2025-ps/storageqos/Get-StorageQosVolume.md create mode 100644 docset/winserver2025-ps/storageqos/New-StorageQosPolicy.md create mode 100644 docset/winserver2025-ps/storageqos/Remove-StorageQosPolicy.md create mode 100644 docset/winserver2025-ps/storageqos/Set-StorageQosPolicy.md create mode 100644 docset/winserver2025-ps/storageqos/Set-StorageQosPolicyStore.md create mode 100644 docset/winserver2025-ps/storageqos/StorageQoS.md create mode 100644 docset/winserver2025-ps/storagereplica/Clear-SRMetadata.md create mode 100644 docset/winserver2025-ps/storagereplica/Dismount-SRDestination.md create mode 100644 docset/winserver2025-ps/storagereplica/Export-SRConfiguration.md create mode 100644 docset/winserver2025-ps/storagereplica/Get-SRAccess.md create mode 100644 docset/winserver2025-ps/storagereplica/Get-SRDelegation.md create mode 100644 docset/winserver2025-ps/storagereplica/Get-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/Get-SRNetworkConstraint.md create mode 100644 docset/winserver2025-ps/storagereplica/Get-SRPartnership.md create mode 100644 docset/winserver2025-ps/storagereplica/Grant-SRAccess.md create mode 100644 docset/winserver2025-ps/storagereplica/Grant-SRDelegation.md create mode 100644 docset/winserver2025-ps/storagereplica/Mount-SRDestination.md create mode 100644 docset/winserver2025-ps/storagereplica/New-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/New-SRPartnership.md create mode 100644 docset/winserver2025-ps/storagereplica/Remove-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/Remove-SRNetworkConstraint.md create mode 100644 docset/winserver2025-ps/storagereplica/Remove-SRPartnership.md create mode 100644 docset/winserver2025-ps/storagereplica/Revoke-SRAccess.md create mode 100644 docset/winserver2025-ps/storagereplica/Revoke-SRDelegation.md create mode 100644 docset/winserver2025-ps/storagereplica/Set-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/Set-SRNetworkConstraint.md create mode 100644 docset/winserver2025-ps/storagereplica/Set-SRPartnership.md create mode 100644 docset/winserver2025-ps/storagereplica/StorageReplica.md create mode 100644 docset/winserver2025-ps/storagereplica/Suspend-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/Sync-SRGroup.md create mode 100644 docset/winserver2025-ps/storagereplica/Test-SRTopology.md create mode 100644 docset/winserver2025-ps/syncshare/Disable-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Enable-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Get-SyncServerSetting.md create mode 100644 docset/winserver2025-ps/syncshare/Get-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Get-SyncUserStatus.md create mode 100644 docset/winserver2025-ps/syncshare/New-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Remove-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Repair-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/Set-SyncServerSetting.md create mode 100644 docset/winserver2025-ps/syncshare/Set-SyncShare.md create mode 100644 docset/winserver2025-ps/syncshare/SyncShare.md create mode 100644 docset/winserver2025-ps/systeminsights/Add-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Disable-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Disable-InsightsCapabilitySchedule.md create mode 100644 docset/winserver2025-ps/systeminsights/Enable-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Enable-InsightsCapabilitySchedule.md create mode 100644 docset/winserver2025-ps/systeminsights/Get-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Get-InsightsCapabilityAction.md create mode 100644 docset/winserver2025-ps/systeminsights/Get-InsightsCapabilityResult.md create mode 100644 docset/winserver2025-ps/systeminsights/Get-InsightsCapabilitySchedule.md create mode 100644 docset/winserver2025-ps/systeminsights/Invoke-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Remove-InsightsCapability.md create mode 100644 docset/winserver2025-ps/systeminsights/Remove-InsightsCapabilityAction.md create mode 100644 docset/winserver2025-ps/systeminsights/Set-InsightsCapabilityAction.md create mode 100644 docset/winserver2025-ps/systeminsights/Set-InsightsCapabilitySchedule.md create mode 100644 docset/winserver2025-ps/systeminsights/SystemInsights.md create mode 100644 docset/winserver2025-ps/systeminsights/Update-InsightsCapability.md create mode 100644 docset/winserver2025-ps/tls/Disable-TlsCipherSuite.md create mode 100644 docset/winserver2025-ps/tls/Disable-TlsEccCurve.md create mode 100644 docset/winserver2025-ps/tls/Disable-TlsSessionTicketKey.md create mode 100644 docset/winserver2025-ps/tls/Enable-TlsCipherSuite.md create mode 100644 docset/winserver2025-ps/tls/Enable-TlsEccCurve.md create mode 100644 docset/winserver2025-ps/tls/Enable-TlsSessionTicketKey.md create mode 100644 docset/winserver2025-ps/tls/Export-TlsSessionTicketKey.md create mode 100644 docset/winserver2025-ps/tls/Get-TlsCipherSuite.md create mode 100644 docset/winserver2025-ps/tls/Get-TlsEccCurve.md create mode 100644 docset/winserver2025-ps/tls/New-TlsSessionTicketKey.md create mode 100644 docset/winserver2025-ps/tls/TLS.md create mode 100644 docset/winserver2025-ps/troubleshootingpack/Get-TroubleshootingPack.md create mode 100644 docset/winserver2025-ps/troubleshootingpack/Invoke-TroubleshootingPack.md create mode 100644 docset/winserver2025-ps/troubleshootingpack/TroubleshootingPack.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Clear-Tpm.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/ConvertTo-TpmOwnerAuth.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Disable-TpmAutoProvisioning.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Enable-TpmAutoProvisioning.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Get-Tpm.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Get-TpmEndorsementKeyInfo.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Get-TpmSupportedFeature.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Import-TpmOwnerAuth.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Initialize-Tpm.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Set-TpmOwnerAuth.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/TrustedPlatformModule.md create mode 100644 docset/winserver2025-ps/trustedplatformmodule/Unblock-Tpm.md create mode 100644 docset/winserver2025-ps/uev/Clear-UevAppxPackage.md create mode 100644 docset/winserver2025-ps/uev/Clear-UevConfiguration.md create mode 100644 docset/winserver2025-ps/uev/Disable-Uev.md create mode 100644 docset/winserver2025-ps/uev/Disable-UevAppxPackage.md create mode 100644 docset/winserver2025-ps/uev/Disable-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/Enable-Uev.md create mode 100644 docset/winserver2025-ps/uev/Enable-UevAppxPackage.md create mode 100644 docset/winserver2025-ps/uev/Enable-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/Export-UevConfiguration.md create mode 100644 docset/winserver2025-ps/uev/Export-UevPackage.md create mode 100644 docset/winserver2025-ps/uev/Get-UevAppxPackage.md create mode 100644 docset/winserver2025-ps/uev/Get-UevConfiguration.md create mode 100644 docset/winserver2025-ps/uev/Get-UevStatus.md create mode 100644 docset/winserver2025-ps/uev/Get-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/Get-UevTemplateProgram.md create mode 100644 docset/winserver2025-ps/uev/Import-UevConfiguration.md create mode 100644 docset/winserver2025-ps/uev/Register-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/Repair-UevTemplateIndex.md create mode 100644 docset/winserver2025-ps/uev/Restore-UevBackup.md create mode 100644 docset/winserver2025-ps/uev/Restore-UevUserSetting.md create mode 100644 docset/winserver2025-ps/uev/Set-UevConfiguration.md create mode 100644 docset/winserver2025-ps/uev/Set-UevTemplateProfile.md create mode 100644 docset/winserver2025-ps/uev/Test-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/UEV.md create mode 100644 docset/winserver2025-ps/uev/Unregister-UevTemplate.md create mode 100644 docset/winserver2025-ps/uev/Update-UevTemplate.md create mode 100644 docset/winserver2025-ps/updateservices/Add-WsusComputer.md create mode 100644 docset/winserver2025-ps/updateservices/Add-WsusDynamicCategory.md create mode 100644 docset/winserver2025-ps/updateservices/Approve-WsusUpdate.md create mode 100644 docset/winserver2025-ps/updateservices/Deny-WsusUpdate.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusClassification.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusComputer.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusDynamicCategory.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusProduct.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusServer.md create mode 100644 docset/winserver2025-ps/updateservices/Get-WsusUpdate.md create mode 100644 docset/winserver2025-ps/updateservices/Invoke-WsusServerCleanup.md create mode 100644 docset/winserver2025-ps/updateservices/Remove-WsusDynamicCategory.md create mode 100644 docset/winserver2025-ps/updateservices/Set-WsusClassification.md create mode 100644 docset/winserver2025-ps/updateservices/Set-WsusDynamicCategory.md create mode 100644 docset/winserver2025-ps/updateservices/Set-WsusProduct.md create mode 100644 docset/winserver2025-ps/updateservices/Set-WsusServerSynchronization.md create mode 100644 docset/winserver2025-ps/updateservices/UpdateServices.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Disable-Ual.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Enable-Ual.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-Ual.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalDailyAccess.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalDailyDeviceAccess.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalDailyUserAccess.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalDeviceAccess.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalDns.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalHyperV.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalOverview.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalServerDevice.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalServerUser.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalSystemId.md create mode 100644 docset/winserver2025-ps/useraccesslogging/Get-UalUserAccess.md create mode 100644 docset/winserver2025-ps/useraccesslogging/UserAccessLogging.md create mode 100644 docset/winserver2025-ps/vamt/Add-VamtProductKey.md create mode 100644 docset/winserver2025-ps/vamt/Export-VamtData.md create mode 100644 docset/winserver2025-ps/vamt/Find-VamtManagedMachine.md create mode 100644 docset/winserver2025-ps/vamt/Get-VamtConfirmationId.md create mode 100644 docset/winserver2025-ps/vamt/Get-VamtProduct.md create mode 100644 docset/winserver2025-ps/vamt/Get-VamtProductKey.md create mode 100644 docset/winserver2025-ps/vamt/Import-VamtData.md create mode 100644 docset/winserver2025-ps/vamt/Initialize-VamtData.md create mode 100644 docset/winserver2025-ps/vamt/Install-VamtConfirmationId.md create mode 100644 docset/winserver2025-ps/vamt/Install-VamtProductActivation.md create mode 100644 docset/winserver2025-ps/vamt/Install-VamtProductKey.md create mode 100644 docset/winserver2025-ps/vamt/Update-VamtProduct.md create mode 100644 docset/winserver2025-ps/vamt/VAMT.md create mode 100644 docset/winserver2025-ps/vpnclient/Add-VpnConnection.md create mode 100644 docset/winserver2025-ps/vpnclient/Add-VpnConnectionRoute.md create mode 100644 docset/winserver2025-ps/vpnclient/Add-VpnConnectionTriggerApplication.md create mode 100644 docset/winserver2025-ps/vpnclient/Add-VpnConnectionTriggerDnsConfiguration.md create mode 100644 docset/winserver2025-ps/vpnclient/Add-VpnConnectionTriggerTrustedNetwork.md create mode 100644 docset/winserver2025-ps/vpnclient/Get-VpnConnection.md create mode 100644 docset/winserver2025-ps/vpnclient/Get-VpnConnectionTrigger.md create mode 100644 docset/winserver2025-ps/vpnclient/New-EapConfiguration.md create mode 100644 docset/winserver2025-ps/vpnclient/New-VpnServerAddress.md create mode 100644 docset/winserver2025-ps/vpnclient/Remove-VpnConnection.md create mode 100644 docset/winserver2025-ps/vpnclient/Remove-VpnConnectionRoute.md create mode 100644 docset/winserver2025-ps/vpnclient/Remove-VpnConnectionTriggerApplication.md create mode 100644 docset/winserver2025-ps/vpnclient/Remove-VpnConnectionTriggerDnsConfiguration.md create mode 100644 docset/winserver2025-ps/vpnclient/Remove-VpnConnectionTriggerTrustedNetwork.md create mode 100644 docset/winserver2025-ps/vpnclient/Set-VpnConnection.md create mode 100644 docset/winserver2025-ps/vpnclient/Set-VpnConnectionIPsecConfiguration.md create mode 100644 docset/winserver2025-ps/vpnclient/Set-VpnConnectionProxy.md create mode 100644 docset/winserver2025-ps/vpnclient/Set-VpnConnectionTriggerDnsConfiguration.md create mode 100644 docset/winserver2025-ps/vpnclient/Set-VpnConnectionTriggerTrustedNetwork.md create mode 100644 docset/winserver2025-ps/vpnclient/VpnClient.md create mode 100644 docset/winserver2025-ps/wdac/Add-OdbcDsn.md create mode 100644 docset/winserver2025-ps/wdac/Disable-OdbcPerfCounter.md create mode 100644 docset/winserver2025-ps/wdac/Disable-WdacBidTrace.md create mode 100644 docset/winserver2025-ps/wdac/Enable-OdbcPerfCounter.md create mode 100644 docset/winserver2025-ps/wdac/Enable-WdacBidTrace.md create mode 100644 docset/winserver2025-ps/wdac/Get-OdbcDriver.md create mode 100644 docset/winserver2025-ps/wdac/Get-OdbcDsn.md create mode 100644 docset/winserver2025-ps/wdac/Get-OdbcPerfCounter.md create mode 100644 docset/winserver2025-ps/wdac/Get-WdacBidTrace.md create mode 100644 docset/winserver2025-ps/wdac/Remove-OdbcDsn.md create mode 100644 docset/winserver2025-ps/wdac/Set-OdbcDriver.md create mode 100644 docset/winserver2025-ps/wdac/Set-OdbcDsn.md create mode 100644 docset/winserver2025-ps/wdac/Wdac.md create mode 100644 docset/winserver2025-ps/wds/Add-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Approve-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/Copy-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Deny-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/Disable-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Disable-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Disable-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Disconnect-WdsMulticastClient.md create mode 100644 docset/winserver2025-ps/wds/Enable-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Enable-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Enable-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Export-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Export-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsInstallImageGroup.md create mode 100644 docset/winserver2025-ps/wds/Get-WdsMulticastClient.md create mode 100644 docset/winserver2025-ps/wds/Import-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Import-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Import-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/New-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/New-WdsInstallImageGroup.md create mode 100644 docset/winserver2025-ps/wds/Remove-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Remove-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/Remove-WdsDriverPackage.md create mode 100644 docset/winserver2025-ps/wds/Remove-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Remove-WdsInstallImageGroup.md create mode 100644 docset/winserver2025-ps/wds/Set-WdsBootImage.md create mode 100644 docset/winserver2025-ps/wds/Set-WdsClient.md create mode 100644 docset/winserver2025-ps/wds/Set-WdsInstallImage.md create mode 100644 docset/winserver2025-ps/wds/Set-WdsInstallImageGroup.md create mode 100644 docset/winserver2025-ps/wds/WDS.md create mode 100644 docset/winserver2025-ps/webadministration/Add-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Add-WebConfigurationLock.md create mode 100644 docset/winserver2025-ps/webadministration/Add-WebConfigurationProperty.md create mode 100644 docset/winserver2025-ps/webadministration/Backup-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Clear-WebCentralCertProvider.md create mode 100644 docset/winserver2025-ps/webadministration/Clear-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Clear-WebRequestTracingSetting.md create mode 100644 docset/winserver2025-ps/webadministration/Clear-WebRequestTracingSettings.md create mode 100644 docset/winserver2025-ps/webadministration/ConvertTo-WebApplication.md create mode 100644 docset/winserver2025-ps/webadministration/Disable-WebCentralCertProvider.md create mode 100644 docset/winserver2025-ps/webadministration/Disable-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/Disable-WebRequestTracing.md create mode 100644 docset/winserver2025-ps/webadministration/Enable-WebCentralCertProvider.md create mode 100644 docset/winserver2025-ps/webadministration/Enable-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/Enable-WebRequestTracing.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebAppDomain.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebAppPoolState.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebApplication.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebBinding.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebCentralCertProvider.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfigFile.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfigurationBackup.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfigurationLocation.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfigurationLock.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebConfigurationProperty.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebFilePath.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebHandler.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebItemState.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebManagedModule.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebRequest.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebURL.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebVirtualDirectory.md create mode 100644 docset/winserver2025-ps/webadministration/Get-Website.md create mode 100644 docset/winserver2025-ps/webadministration/Get-WebsiteState.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebAppPool.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebApplication.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebBinding.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebFtpSite.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebHandler.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebManagedModule.md create mode 100644 docset/winserver2025-ps/webadministration/New-WebVirtualDirectory.md create mode 100644 docset/winserver2025-ps/webadministration/New-Website.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebAppPool.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebApplication.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebBinding.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebConfigurationBackup.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebConfigurationLocation.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebConfigurationLock.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebConfigurationProperty.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebHandler.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebManagedModule.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-WebVirtualDirectory.md create mode 100644 docset/winserver2025-ps/webadministration/Remove-Website.md create mode 100644 docset/winserver2025-ps/webadministration/Rename-WebConfigurationLocation.md create mode 100644 docset/winserver2025-ps/webadministration/Restart-WebAppPool.md create mode 100644 docset/winserver2025-ps/webadministration/Restart-WebItem.md create mode 100644 docset/winserver2025-ps/webadministration/Restore-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Select-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebBinding.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebCentralCertProvider.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebCentralCertProviderCredential.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebConfiguration.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebConfigurationProperty.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebGlobalModule.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebHandler.md create mode 100644 docset/winserver2025-ps/webadministration/Set-WebManagedModule.md create mode 100644 docset/winserver2025-ps/webadministration/Start-WebAppPool.md create mode 100644 docset/winserver2025-ps/webadministration/Start-WebCommitDelay.md create mode 100644 docset/winserver2025-ps/webadministration/Start-WebItem.md create mode 100644 docset/winserver2025-ps/webadministration/Start-Website.md create mode 100644 docset/winserver2025-ps/webadministration/Stop-WebAppPool.md create mode 100644 docset/winserver2025-ps/webadministration/Stop-WebCommitDelay.md create mode 100644 docset/winserver2025-ps/webadministration/Stop-WebItem.md create mode 100644 docset/winserver2025-ps/webadministration/Stop-Website.md create mode 100644 docset/winserver2025-ps/webadministration/WebAdministration.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Add-WebApplicationProxyApplication.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Get-WebApplicationProxyApplication.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Get-WebApplicationProxyAvailableADFSRelyingParty.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Get-WebApplicationProxyConfiguration.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Get-WebApplicationProxyHealth.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Get-WebApplicationProxySslCertificate.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Install-WebApplicationProxy.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Remove-WebApplicationProxyApplication.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Set-WebApplicationProxyApplication.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Set-WebApplicationProxyConfiguration.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Set-WebApplicationProxySslCertificate.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/Update-WebApplicationProxyDeviceRegistration.md create mode 100644 docset/winserver2025-ps/webapplicationproxy/WebApplicationProxy.md create mode 100644 docset/winserver2025-ps/whea/Get-WheaMemoryPolicy.md create mode 100644 docset/winserver2025-ps/whea/Set-WheaMemoryPolicy.md create mode 100644 docset/winserver2025-ps/whea/WHEA.md create mode 100644 docset/winserver2025-ps/windowsdeveloperlicense/Get-WindowsDeveloperLicense.md create mode 100644 docset/winserver2025-ps/windowsdeveloperlicense/Show-WindowsDeveloperLicenseRegistration.md create mode 100644 docset/winserver2025-ps/windowsdeveloperlicense/Unregister-WindowsDeveloperLicense.md create mode 100644 docset/winserver2025-ps/windowsdeveloperlicense/WindowsDeveloperLicense.md create mode 100644 docset/winserver2025-ps/windowsdiagnosticdata/Clear-WindowsDiagnosticData.md create mode 100644 docset/winserver2025-ps/windowsdiagnosticdata/WindowsDiagnosticData.md create mode 100644 docset/winserver2025-ps/windowserrorreporting/Disable-WindowsErrorReporting.md create mode 100644 docset/winserver2025-ps/windowserrorreporting/Enable-WindowsErrorReporting.md create mode 100644 docset/winserver2025-ps/windowserrorreporting/Get-WindowsErrorReporting.md create mode 100644 docset/winserver2025-ps/windowserrorreporting/WindowsErrorReporting.md create mode 100644 docset/winserver2025-ps/windowssearch/Get-WindowsSearchSetting.md create mode 100644 docset/winserver2025-ps/windowssearch/Set-WindowsSearchSetting.md create mode 100644 docset/winserver2025-ps/windowssearch/WindowsSearch.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBBackupTarget.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBBareMetalRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBFileSpec.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBSystemState.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBVirtualMachine.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Add-WBVolume.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Backup-ACL.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBBackupSet.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBBackupTarget.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBBackupVolumeBrowsePath.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBBareMetalRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBDisk.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBFileSpec.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBJob.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBPerformanceConfiguration.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBPolicy.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBSchedule.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBSummary.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBSystemState.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBVirtualMachine.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBVolume.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Get-WBVssBackupOption.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/New-WBBackupTarget.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/New-WBFileSpec.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/New-WBPolicy.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBBackupSet.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBBackupTarget.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBBareMetalRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBCatalog.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBFileSpec.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBPolicy.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBSystemState.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBVirtualMachine.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Remove-WBVolume.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Restore-ACL.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Restore-WBCatalog.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Resume-WBBackup.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Resume-WBVolumeRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Set-WBPerformanceConfiguration.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Set-WBPolicy.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Set-WBSchedule.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Set-WBVssBackupOption.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBApplicationRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBBackup.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBFileRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBHyperVRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBSystemStateRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Start-WBVolumeRecovery.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/Stop-WBJob.md create mode 100644 docset/winserver2025-ps/windowsserverbackup/WindowsServerBackup.md create mode 100644 docset/winserver2025-ps/windowsupdate/Get-WindowsUpdateLog.md create mode 100644 docset/winserver2025-ps/windowsupdate/WindowsUpdate.md diff --git a/docset/docs-conceptual/winserver2016-ps/module-compatibility.md b/docset/docs-conceptual/winserver2016-ps/module-compatibility.md index 29d3a1bc07..d8e2578a7d 100644 --- a/docset/docs-conceptual/winserver2016-ps/module-compatibility.md +++ b/docset/docs-conceptual/winserver2016-ps/module-compatibility.md @@ -1,9 +1,9 @@ --- description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products. -ms.date: 06/05/2023 +ms.date: 02/07/2024 title: PowerShell 7 module compatibility --- -# PowerShell 7 module compatibility +# PowerShell 7 module compatibility in Windows Server 2016 This article contains a list of PowerShell modules published by Microsoft. These modules provide management and support for various Microsoft products and services. They have been updated to work diff --git a/docset/docs-conceptual/winserver2016-ps/toc.yml b/docset/docs-conceptual/winserver2016-ps/toc.yml index d9017bd563..1c712f011c 100644 --- a/docset/docs-conceptual/winserver2016-ps/toc.yml +++ b/docset/docs-conceptual/winserver2016-ps/toc.yml @@ -1,5 +1,5 @@ items: - name: Windows PowerShell href: get-started.md - - name: PowerShell 7 compatibility + - name: PowerShell 7 compatibility in Windows Server 2016 href: module-compatibility.md \ No newline at end of file diff --git a/docset/docs-conceptual/winserver2019-ps/module-compatibility.md b/docset/docs-conceptual/winserver2019-ps/module-compatibility.md index 29d3a1bc07..fbb04d8773 100644 --- a/docset/docs-conceptual/winserver2019-ps/module-compatibility.md +++ b/docset/docs-conceptual/winserver2019-ps/module-compatibility.md @@ -3,7 +3,7 @@ description: This article lists the status of PowerShell 7 with Powershell modul ms.date: 06/05/2023 title: PowerShell 7 module compatibility --- -# PowerShell 7 module compatibility +# PowerShell 7 module compatibility in Windows Server 2019 This article contains a list of PowerShell modules published by Microsoft. These modules provide management and support for various Microsoft products and services. They have been updated to work diff --git a/docset/docs-conceptual/winserver2019-ps/toc.yml b/docset/docs-conceptual/winserver2019-ps/toc.yml index d9017bd563..50463bfac7 100644 --- a/docset/docs-conceptual/winserver2019-ps/toc.yml +++ b/docset/docs-conceptual/winserver2019-ps/toc.yml @@ -1,5 +1,5 @@ items: - name: Windows PowerShell href: get-started.md - - name: PowerShell 7 compatibility + - name: PowerShell 7 compatibility in Windows Server 2019 href: module-compatibility.md \ No newline at end of file diff --git a/docset/docs-conceptual/winserver2022-ps/get-started.md b/docset/docs-conceptual/winserver2022-ps/get-started.md index 8f42ff39ac..6583609ba7 100644 --- a/docset/docs-conceptual/winserver2022-ps/get-started.md +++ b/docset/docs-conceptual/winserver2022-ps/get-started.md @@ -1,16 +1,16 @@ --- -description: Use this topic to help manage Windows 10 and Windows Server 2022 technologies with Windows PowerShell. -ms.date: 03/29/2021 -title: Windows 10 and Windows Server 2019 +description: Use this topic to help manage Windows 11 and Windows Server 2022 technologies with Windows PowerShell. +ms.date: 02/07/2024 +title: Windows 11 and Windows Server 2022 --- -# Windows 10 and Windows Server 2022 +# Windows 11 and Windows Server 2022 -This topic lists the Windows PowerShell modules included with Windows Server 2022 and Windows 10. +This topic lists the Windows PowerShell modules included with Windows Server 2022 and Windows 11. The Windows PowerShell modules in the list support automating the features of those versions of the Windows operating system and provide links to the cmdlet references for each module. These modules enable you to use Windows PowerShell to administer, maintain, configure, and develop new features -for Windows Server 2019 and Windows 10. +for Windows Server 2022 and Windows 11. The table below also shows the latest published version of the Help for each module. The Help is available through the links below, or as Updatable Help files. Updatable Help was introduced with diff --git a/docset/docs-conceptual/winserver2022-ps/module-compatibility.md b/docset/docs-conceptual/winserver2022-ps/module-compatibility.md index 7a7ae20384..87f9146fd9 100644 --- a/docset/docs-conceptual/winserver2022-ps/module-compatibility.md +++ b/docset/docs-conceptual/winserver2022-ps/module-compatibility.md @@ -1,9 +1,9 @@ --- description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products. -ms.date: 06/05/2023 +ms.date: 02/07/2024 title: PowerShell 7 module compatibility --- -# PowerShell 7 module compatibility +# PowerShell 7 module compatibility in Windows Server 2022 This article contains a list of PowerShell modules published by Microsoft. These modules provide management and support for various Microsoft products and services. They have been updated to work diff --git a/docset/docs-conceptual/winserver2022-ps/toc.yml b/docset/docs-conceptual/winserver2022-ps/toc.yml index d9017bd563..916022e44b 100644 --- a/docset/docs-conceptual/winserver2022-ps/toc.yml +++ b/docset/docs-conceptual/winserver2022-ps/toc.yml @@ -1,5 +1,5 @@ items: - name: Windows PowerShell href: get-started.md - - name: PowerShell 7 compatibility + - name: PowerShell 7 compatibility in Windows Server 2022 href: module-compatibility.md \ No newline at end of file diff --git a/docset/docs-conceptual/winserver2025-ps/get-started.md b/docset/docs-conceptual/winserver2025-ps/get-started.md new file mode 100644 index 0000000000..cc21136f0a --- /dev/null +++ b/docset/docs-conceptual/winserver2025-ps/get-started.md @@ -0,0 +1,145 @@ +--- +description: Use this topic to help manage Windows 11 and Windows Server 2025 technologies with Windows PowerShell. +ms.date: 02/07/2024 +title: Windows 11 and Windows Server 2025 (preview) +--- + +# Windows 11 and Windows Server 2025 (preview) + +This topic lists the Windows PowerShell modules included with Windows Server 2025 and Windows 11. +The Windows PowerShell modules in the list support automating the features of those versions of the +Windows operating system and provide links to the cmdlet references for each module. These modules +enable you to use Windows PowerShell to administer, maintain, configure, and develop new features +for Windows Server 2025 and Windows 11. + +The table below also shows the latest published version of the Help for each module. The Help is +available through the links below, or as Updatable Help files. Updatable Help was introduced with +Windows PowerShell 3.0 and enables you to have the latest Help topics available locally on your +computer. For more information, see +[about_Updatable_Help](/powershell/module/microsoft.powershell.core/about/about_updatable_help). + +| Module name | Title and link to Web version | +| - | - | +| ActiveDirectory | [Active Directory Domain Services Administration](/powershell/module/activedirectory) | +| ADCSAdministration | [Active Directory Certificate Services Administration](/powershell/module/adcsadministration) | +| ADCSDeployment | [Active Directory Certificate Services Deployment](/powershell/module/adcsdeployment) | +| ADDSDeployment | [Active Directory Domain Services Deployment](/powershell/module/addsdeployment) | +| ADFS | [Active Directory Federation Services](/powershell/module/adfs) | +| ADRMSAdmin | [Active Directory Rights Management Services Administration](/powershell/module/adrmsadmin) | +| ADRMS | [Active Directory Rights Management Services Deployment](/powershell/module/adrms) | +| AppBackgroundTask | [App Background Task](/powershell/module/appbackgroundtask) | +| AppLocker | [AppLocker](/powershell/module/applocker) | +| AppvClient | [App-V Client](/powershell/module/appvclient) | +| AppvSequencer | [App-V Sequencer](/powershell/module/appvsequencer) | +| Appx | [Appx](/powershell/module/appx) | +| AssignedAccess | [Assigned Access](/powershell/module/assignedaccess) | +| BestPractices | [Best Practices Analyser](/powershell/module/bestpractices) | +| BitLocker | [BitLocker](/powershell/module/bitlocker) | +| BitsTransfer | [Background Intelligent Transfer Service](/powershell/module/bitstransfer) | +| BootEventCollector | [Boot Event Collector](/powershell/module/booteventcollector) | +| BranchCache | [Branch Cache](/powershell/module/branchcache) | +| ClusterAwareUpdating | [Cluster Aware Updating](/powershell/module/clusterawareupdating) | +| ConfigCI | [Code Integrity](/powershell/module/configci) | +| DcbQos | [Data Center Bridging Quality of Service](/powershell/module/dcbqos) | +| Deduplication | [Data Deduplication](/powershell/module/deduplication) | +| Defender | [Windows Defender](/powershell/module/defender) | +| DeviceHealthAttestion | [Device Health Attestation](/powershell/module/devicehealthattestation) | +| Dfsn | [Distributed File System (DFS) Namespaces](/powershell/module/dfsn/) | +| Dfsr | [DFS Replication](/powershell/module/dfsr) | +| DHCPServer | [DHCP Server](/powershell/module/dhcpserver) | +| DirectAccessClientComponent | [Direct Access client](/powershell/module/directaccessclientcomponents) | +| DISM | [DISM](/powershell/module/dism) | +| DNSClient | [DNS client](/powershell/module/dnsclient) | +| DNSServer | [DNS Server](/powershell/module/dnsserver) | +| EventTracingManagement | [EventTracingManagement](/powershell/module/eventtracingmanagement) | +| FailoverClusters | [Failover clusters](/powershell/module/failoverclusters) | +| FileServerResourceManager | [File Server Resource Manager](/powershell/module/fileserverresourcemanager) | +| GroupPolicy | [Group Policy](/powershell/module/grouppolicy) | +| HardwareCertification | [Hardware Certification](/powershell/module/hardwarecertification) | +| HgsAttestation | [Host Guardian Service Attestation](/powershell/module/hgsattestation) | +| HgsClient | [Host Guardian Service Client](/powershell/module/hgsclient) | +| HgsDiagnostics | [Host Guardian Service Diagnostics](/powershell/module/hgsdiagnostics) | +| HgsKeyProtection | [Host Guardian Service Key Protection](/powershell/module/hgskeyprotection) | +| HgsServer | [Host Guardian Service Server](/powershell/module/hgsserver) | +| HostComputeService | [Containers](/powershell/module/hostcomputeservice)| +| HNVDiagnostics | [HNV Diagnostics](/powershell/module/hnvdiagnostics) | +| Hyper-V | [Hyper-V](/powershell/module/hyper-v) | +| IISAdministration | [IIS Administration](/powershell/module/iisadministration) | +| International | [International](/powershell/module/international) | +| IpamServer | [IP Address Management Server](/powershell/module/ipamserver) | +| Iscsi | [iSCSI](/powershell/module/iscsi) | +| IscsiTarget | [iSCSI Target](/powershell/module/iscsitarget) | +| KDS | [Key Distribution Server](/powershell/module/kds) | +| MMAgent | [Memory Management Agent](/powershell/module/mmagent) | +| Mpio | [MPIO](/powershell/module/mpio) | +| MSDTC | [Distributed Transaction Coordinator](/powershell/module/msdtc) | +| Msmq | [MSMQ](/powershell/module/msmq) | +| Multipoint | [MultiPoint Services](/powershell/module/multipoint) | +| MultiPointVdi | [Multipoint VDI](/powershell/module/multipointvdi) | +| NanoServerImageGenerator | [Nano Server Image Generator](/powershell/module/nanoserverimagegenerator) | +| NetLldpAgent | [NetLldpAgent](/powershell/module/netlldpagent) | +| NetAdapter | [Network Adapter](/powershell/module/netadapter) | +| NetConnection | [Network connection](/powershell/module/netconnection) | +| NetEventPacketCapture | [Network Event Packet Capture](/powershell/module/neteventpacketcapture) | +| NetLbfo | [NIC Teaming](/powershell/module/netlbfo) | +| NetNat | [Network Address Translation](/powershell/module/netnat) | +| NetQoS | [Quality of Service](/powershell/module/netqos) | +| NetSecurity | [Network security](/powershell/module/netsecurity) | +| NetTCPIP | [TCP/IP](/powershell/module/nettcpip) | +| NetWNV | [Network Virtualization](/powershell/module/netwnv) | +| NetworkConnectivityStatus | [Network connectivity status](/powershell/module/networkconnectivitystatus) | +| NetworkController | [Network Controller](/powershell/module/networkcontroller) | +| NetworkControllerDiagnostics | [Network Controller diagnostics](/powershell/module/networkcontrollerdiagnostics) | +| NetworkLoadBalancingClusters | [Network Load Balancing Clusters](/powershell/module/networkloadbalancingclusters) | +| NetworkSwitchManager | [Network Switch Manager](/powershell/module/networkswitchmanager) | +| NetSwitchTeam | [Network Switch Team](/powershell/module/netswitchteam) | +| NetworkTransition | [Network Transition](/powershell/module/networktransition) | +| NFS | [Network File System](/powershell/module/nfs) | +| NPS | [Network Policy Server](/powershell/module/nps) | +| PCSVDevice | [Physical Computer System View device](/powershell/module/pcsvdevice) | +| PKIClient | [Public Key Infrastructure](/powershell/module/pki) | +| PlatformIdentifier | [Platform Identifier](/powershell/module/platformidentifier) | +| PnpDevice | [Plug and Play](/powershell/module/pnpdevice) | +| PrintManagement | [Print management](/powershell/module/printmanagement) | +| ProcessMitigations | [Process Mitigations](/powershell/module/processmitigations) | +| RemoteAccess | [Remote access](/powershell/module/remoteaccess/) | +| RemoteDesktop | [Remote Desktop](/powershell/module/remotedesktop) | +| RemoteDesktopServices | [Remote Desktop Services](/powershell/module/remotedesktopservices) | +| ScheduledTasks | [Scheduled Tasks](/powershell/module/scheduledtasks) | +| SecureBoot | [Secure Boot](/powershell/module/secureboot) | +| ServerCore | [Server Core](/powershell/module/servercore) | +| ServerManager | [Server Manager](/powershell/module/servermanager) | +| ServerManagerTasks | [Server Manager tasks](/powershell/module/servermanagertasks) | +| ShieldedVMDataFile | [Shielded Virtual Machine data file](/powershell/module/shieldedvmdatafile) | +| ShieldedVMProvisioning | [Shielded Virtual Machine provisioning](/powershell/module/shieldedvmcmdlets/) | +| ShieldedVMTemplate | [Shielded Virtual Machine template](/powershell/module/shieldedvmtemplate) | +| SmbShare | [SmbShare share](/powershell/module/smbshare) | +| SmbWitness | [SMB Witness](/powershell/module/smbwitness) | +| SMISConfig | [SMIS Config](/powershell/module/smisconfig) | +| SoftwareInventoryLogging | [Software Inventory Logging](/powershell/module/softwareinventorylogging) | +| StartLayout | [Start Layout](/powershell/module/startlayout) | +| Storage | [Storage](/powershell/module/storage) | +| StorageQoS | [Storage QoS](/powershell/module/storageqos) | +| StorageReplica | [Storage Replica](/powershell/module/storagereplica) | +| SyncShare | [Sync Share](/powershell/module/syncshare) | +| TCPIP | [TCPIP](/powershell/module/nettcpip) +| TLS | [TLS](/powershell/module/tls) | +| TroubleshootingPack | [Troubleshooting Pack](/powershell/module/troubleshootingpack) | +| TrustedPlatformModule | [Trusted Platform Module](/powershell/module/trustedplatformmodule) | +| UpdateServices | [Windows Server Update Services](/powershell/module/updateservices/) | +| UserAccessLogging | [User Access Logging](/powershell/module/useraccesslogging/) | +| UEV | [User Experience Virtualization](/powershell/module/uev) | +| VAMT | [Volume Activation Management Tool](/powershell/module/vamt) | +| VpnClient | [VPN client](/powershell/module/vpnclient) | +| WDAC | [Windows Data Access Components](/powershell/module/wdac) | +| WebAdministration | [Web Administration](/powershell/module/webadministration) | +| WebApplicationProxy | [Web Application Proxy](/powershell/module/webapplicationproxy) | +| WDS | [Windows Deployment Services](/powershell/module/wds) | +| WHEA | [Windows Hardware Error Architecture](/powershell/module/whea) | +| WindowsDevLic | [Windows Developer License](/powershell/module/windowsdeveloperlicense) | +| WindowsErrorReporting | [Windows Error Reporting](/powershell/module/windowserrorreporting) | +| WindowsSearch | [Windows Search](/powershell/module/windowssearch) | +| WindowsServerBackup | [Windows Server Backup](/powershell/module/windowsserverbackup) | +| WindowsUpdate | [Windows Update](/powershell/module/windowsupdate) | + +You can also find these modules by searching the [PowerShell Module Browser](/powershell/module/). diff --git a/docset/docs-conceptual/winserver2025-ps/module-compatibility.md b/docset/docs-conceptual/winserver2025-ps/module-compatibility.md new file mode 100644 index 0000000000..97a146a4fd --- /dev/null +++ b/docset/docs-conceptual/winserver2025-ps/module-compatibility.md @@ -0,0 +1,214 @@ +--- +description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products. +ms.date: 02/07/2024 +title: PowerShell 7 module compatibility in Windows Server 2025 +--- +# PowerShell 7 module compatibility in Windows Server 2025 + +This article contains a list of PowerShell modules published by Microsoft. These modules provide +management and support for various Microsoft products and services. They have been updated to work +natively with PowerShell 7, or tested for compatibility with PowerShell 7. This list will be updated +with new information as more modules are identified and tested. + +If you have information to share or issues with specific modules, please submit feedback in the +Windows Feedback Hub. For more information, see +[Send feedback to Microsoft with the Feedback Hub app][06]. + +## Windows management modules + +The Windows management modules are installed in different ways, dependent on the Edition of Windows, +and how the module was packaged for that Edition. + +On Windows Server, use the feature name with the [Install-WindowsFeature][05] cmdlet as an +Administrator. For example: + +```powershell +Install-WindowsFeature -Name ActiveDirectory +``` + +On Windows 10, the Windows management modules are made available as **Windows Optional Features** or +**Windows Capabilities**. The following commands must be run from an elevated session using **Run as +administrator**. + +- For Windows Optional Features + + To get a list of Optional Features, run the following command: + + ```powershell + Get-WindowsOptionalFeature -Online + ``` + + To install the feature: + + ```powershell + Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell + ``` + + For more information see: + + - [Get-WindowsOptionalFeature][04] + - [Enable-WindowsOptionalFeature][02] + +- For Windows Capabilities + + To get a list of Windows Capabilities, run the following command: + + ```powershell + Get-WindowsCapability -online + ``` + + Notice that the name of the capability package ends with `~~~~0.0.1.0`. You must use the full name + to install the capability: + + ```powershell + Add-WindowsCapability -Online -Name Rsat.ServerManager.Tools~~~~0.0.1.0 + ``` + + For more information see: + + - [Get-WindowsCapability][03] + - [Add-WindowsCapability][01] + +### Module list + +| Module name | Status | Supported OS | +| ---------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------- | +| ActiveDirectory | Natively Compatible | Windows Server 1809+ with RSAT-AD-PowerShell
Windows 10 1809+ with Rsat.ActiveDirectory.DS-LDS.Tools | +| ADDSDeployment | Works with Compatibility Layer | Windows Server 2019 1809+ | +| ADFS | Untested with Compatibility Layer | | +| AppBackgroundTask | Natively Compatible | Windows 10 1903+ | +| AppLocker | Untested with Compatibility Layer | | +| AppvClient | Untested with Compatibility Layer | | +| Appx | Natively Compatible** | Windows Server 1809+
Windows 10 1809+
**Must use Compatibility Layer with PowerShell 7.1 | +| AssignedAccess | Natively Compatible | Windows 10 1809+ | +| BestPractices | Not Supported by Compatibility Layer | | +| BitLocker | Natively Compatible | Windows Server 1809+ with BitLocker
Windows 10 1809+ | +| BitsTransfer | Natively Compatible | Windows Server 20H1
Windows 10 20H1 | +| BootEventCollector | Untested with Compatibility Layer | | +| BranchCache | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| CimCmdlets | Natively Compatible | Built into PowerShell 7 | +| ClusterAwareUpdating | Untested with Compatibility Layer | | +| ConfigCI | Untested with Compatibility Layer | | +| Defender | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| DeliveryOptimization | Natively Compatible | Windows Server 1903+
Windows 10 1903+ | +| DFSN | Natively Compatible | Windows Server 1809+ with FS-DFS-Namespace
Windows 10 1809+ with Rsat.FailoverCluster.Management.Tools | +| DFSR | Untested with Compatibility Layer | | +| DhcpServer | Untested with Compatibility Layer | | +| DirectAccessClientComponents | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| Dism | Natively Compatible | Windows Server 1903+
Windows 10 1903+ | +| DnsClient | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| DnsServer | Natively Compatible | Windows Server 1809+ with DNS or RSAT-DNS-Server
Windows 10 1809+ with Rsat.Dns.Tools | +| EventTracingManagement | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| FailoverClusters | Untested with Compatibility Layer | | +| FailoverClusterSet | Untested with Compatibility Layer | | +| FileServerResourceManager | Natively Compatible | Windows Server 1809+ with FS-Resource-Manager | +| GroupPolicy | Untested with Compatibility Layer | | +| HgsClient | Natively Compatible | Windows Server 1903+ with Hyper-V or RSAT-Shielded-VM-Tools
Windows 10 1903+ with Rsat.Shielded.VM.Tools | +| HgsDiagnostics | Natively Compatible | Windows Server 1809+ with Hyper-V or RSAT-Shielded-VM-Tools
Windows 10 1809+ with Rsat.Shielded.VM.Tools | +| Hyper-V | Natively Compatible | Windows Server 1809+ with Hyper-V-PowerShell
Windows 10 1809+ with Microsoft-Hyper-V-Management-PowerShell | +| IISAdministration | Untested with Compatibility Layer | | +| International | Natively Compatible | Windows Server 1903+
Windows 10 1903+ | +| IpamServer | Untested with Compatibility Layer | | +| iSCSI | Untested with Compatibility Layer | | +| IscsiTarget | Untested with Compatibility Layer | | +| ISE | Untested with Compatibility Layer | | +| Kds | Natively Compatible | Windows Server 20H1
Windows 10 20H1 | +| Microsoft.PowerShell.Archive | Natively Compatible | Built into PowerShell 7 | +| Microsoft.PowerShell.Diagnostics | Natively Compatible | Built into PowerShell 7 | +| Microsoft.PowerShell.Host | Natively Compatible | Built into PowerShell 7 | +| Microsoft.PowerShell.LocalAccounts | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| Microsoft.PowerShell.Management | Natively Compatible | Built into PowerShell 7 | +| Microsoft.PowerShell.ODataUtils | Untested with Compatibility Layer | | +| Microsoft.PowerShell.Security | Natively Compatible | Built into PowerShell 7 | +| Microsoft.PowerShell.Utility | Natively Compatible | Built into PowerShell 7 | +| Microsoft.WSMan.Management | Natively Compatible | Built into PowerShell 7 | +| MMAgent | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| MPIO | Natively Compatible | Windows Server 1809+ with Multipath-IO | +| MsDtc | Untested with Compatibility Layer | | +| NetAdapter | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetConnection | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetEventPacketCapture | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetLbfo | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetLldpAgent | Untested with Compatibility Layer | | +| NetNat | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetQos | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetSecurity | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetSwitchTeam | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetTCPIP | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetWNV | Untested with Compatibility Layer | | +| NetworkConnectivityStatus | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetworkController | Untested with Compatibility Layer | | +| NetworkControllerDiagnostics | Untested with Compatibility Layer | | +| NetworkLoadBalancingClusters | Untested with Compatibility Layer | | +| NetworkSwitchManager | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NetworkTransition | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| NFS | Natively Compatible | Windows Server 1809+
Windows 10 1809+ with Rsat.ServerManager.Tools | +| PackageManagement | Natively Compatible | Built into PowerShell 7 | +| PcsvDevice | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| PersistentMemory | Untested with Compatibility Layer | | +| PKI | Untested with Compatibility Layer | | +| PnpDevice | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| PowerShellGet | Natively Compatible | Built into PowerShell 7 | +| PrintManagement | Natively Compatible | Windows Server 1903+ with Print-Services
Windows 10 1903+ | +| ProcessMitigations | Natively Compatible | Windows Server 1903+
Windows 10 1903+ | +| Provisioning | Untested with Compatibility Layer | | +| PSDesiredStateConfiguration | Partially | Built into PowerShell 7 | +| PSDiagnostics | Natively Compatible | Built into PowerShell 7 | +| PSScheduledJob | Not Supported by Compatibility Layer | Built into PowerShell 5.1 | +| PSWorkflow | Untested with Compatibility Layer | | +| PSWorkflowUtility | Untested with Compatibility Layer | | +| RemoteAccess | Untested with Compatibility Layer | | +| RemoteDesktop | Untested with Compatibility Layer | | +| ScheduledTasks | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| SecureBoot | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| ServerCore | Untested with Compatibility Layer | | +| ServerManager | Natively Compatible | Windows Server 1809+
Windows 10 1809+ with Rsat.ServerManager.Tools
_See notes below_ | +| ServerManagerTasks | Untested with Compatibility Layer | | +| ShieldedVMDataFile | Natively Compatible | Windows Server 1903+ with RSAT-Shielded-VM-Tools
Windows 10 1903+ with Rsat.Shielded.VM.Tools | +| ShieldedVMProvisioning | Natively Compatible | Windows Server 1809+ with HostGuardian
Windows 10 1809+ with HostGuardian | +| ShieldedVMTemplate | Natively Compatible | Windows Server 1809+ with RSAT-Shielded-VM-Tools
Windows 10 1809+ with Rsat.Shielded.VM.Tools | +| SmbShare | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| SmbWitness | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| SMISConfig | Natively Compatible | Windows Server 1903+ with WindowsStorageManagementService | +| SMS | Untested with Compatibility Layer | | +| SoftwareInventoryLogging | Natively Compatible | Windows Server 1809+ | +| StartLayout | Natively Compatible | Windows Server 1809+ with Desktop Experience
Windows 10 1809+ | +| Storage | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| StorageBusCache | Untested with Compatibility Layer | | +| StorageMigrationService | Untested with Compatibility Layer | | +| StorageQOS | Natively Compatible | Windows Server 1809+ with RSAT-Clustering-PowerShell
Windows 10 1809+ with Rsat.FailoverCluster.Management.Tools | +| StorageReplica | Untested with Compatibility Layer | | +| SyncShare | Natively Compatible | Windows Server 1809+ with FS-SyncShareService | +| SystemInsights | Untested with Compatibility Layer | | +| TLS | Untested with Compatibility Layer | | +| TroubleshootingPack | Natively Compatible | Windows 10 1903+ | +| TrustedPlatformModule | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| UEV | Natively Compatible | Windows Server ??Future version of Server with Desktop Experience??
Windows 10 1903+ | +| UpdateServices | Not Supported by Compatibility Layer | | +| VpnClient | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| Wdac | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| WebAdministration | Untested with Compatibility Layer | | +| WHEA | Natively Compatible | Windows Server 1903+
Windows 10 1903+ | +| WindowsDeveloperLicense | Natively Compatible | Windows Server 1809+ with Desktop Experience
Windows 10 1809+ | +| WindowsErrorReporting | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| WindowsSearch | Natively Compatible | Windows 10 1903+ | +| WindowsServerBackup | Natively Compatible | Windows Server 19H2 with Windows-Server-Backup | +| WindowsUpdate | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | +| WindowsUpdateProvider | Natively Compatible | Windows Server 1809+
Windows 10 1809+ | + +## Notes + +### ServerManager module + +This module has some minor compatibility issues with formatted output in PowerShell 7. For example, +the `Get-WindowsFeature` cmdlet returns the proper object with all properties, but the default +display formatting makes some properties appear to be empty. The actual values are available in the +object properties using `Select-Object` or by direct member access. + + +[01]: /powershell/module/dism/add-windowscapability +[02]: /powershell/module/dism/enable-windowsoptionalfeature +[03]: /powershell/module/dism/get-windowscapability +[04]: /powershell/module/dism/get-windowsoptionalfeature +[05]: /powershell/module/servermanager/install-windowsfeature +[06]: https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332 diff --git a/docset/docs-conceptual/winserver2025-ps/toc.yml b/docset/docs-conceptual/winserver2025-ps/toc.yml new file mode 100644 index 0000000000..aa2f895057 --- /dev/null +++ b/docset/docs-conceptual/winserver2025-ps/toc.yml @@ -0,0 +1,5 @@ +items: + - name: Windows PowerShell + href: get-started.md + - name: PowerShell 7 compatibility in Windows Server 2025 + href: module-compatibility.md \ No newline at end of file diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Disable-DiagnosticDataViewing.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Disable-DiagnosticDataViewing.md new file mode 100644 index 0000000000..6ef1ece0f5 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Disable-DiagnosticDataViewing.md @@ -0,0 +1,49 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/disable-diagnosticdataviewing?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-DiagnosticDataViewing +--- + +# Disable-DiagnosticDataViewing + +## SYNOPSIS +Disables diagnostic data viewing. + +## SYNTAX + +``` +Disable-DiagnosticDataViewing [] +``` + +## DESCRIPTION +This cmdlet disables diagnostic data viewing. +Once diagnostic data viewing is disabled, this tool will throw an error. +Note that disabling diagnostic data viewing will also delete the available history of diagnostic data on the device. + +## EXAMPLES + +### EXAMPLE 1 +``` +Disable-DiagnosticDataViewing +``` + +Disable Diagnostic Data Viewing. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.String + +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Enable-DiagnosticDataViewing.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Enable-DiagnosticDataViewing.md new file mode 100644 index 0000000000..669e40ce1b --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Enable-DiagnosticDataViewing.md @@ -0,0 +1,47 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/enable-diagnosticdataviewing?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-DiagnosticDataViewing +--- + +# Enable-DiagnosticDataViewing + +## SYNOPSIS +Enables diagnostic data viewing. + +## SYNTAX + +``` +Enable-DiagnosticDataViewing [] +``` + +## DESCRIPTION +This cmdlet enables diagnostic data viewing. +Once enabled, the device henceforth will start recording each diagnostic data event uploaded to Microsoft, where the total history is limited by the diagnostic store capacity. +It may take some time for events to be shown. + +## EXAMPLES + +### EXAMPLE 1 +``` +Enable-DiagnosticDataViewing +``` + +Enable Diagnostic Data Viewing. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.String +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticData.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticData.md new file mode 100644 index 0000000000..8b9f333afd --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticData.md @@ -0,0 +1,168 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/get-diagnosticdata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-DiagnosticData +--- + +# Get-DiagnosticData + +## SYNOPSIS +Fetches historical Windows Diagnostic Data uploaded by this machine. + +## SYNTAX + +``` +Get-DiagnosticData [[-StartTime] ] [[-EndTime] ] [[-RecordCount] ] + [-DiagnosticDataType ] [-BasicTelemetryOnly] [] +``` + +## DESCRIPTION +This cmdlet fetches historical Windows Diagnostic Data uploaded by this machine. +The total available historical data is limited by the diagnostic data store's configurations. +See 'Set-DiagnosticStoreCapacity' for changes. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-DiagnosticData -StartTime (Get-Date).AddDays(-1) -RecordCount 1 +``` + +Returns first (oldest) diagnostic event since yesterday. +Sample output below. + +Name : Microsoft.Windows.Kernel.PnP.DeviceConfig + +Timestamp : 11/8/2018 4:52:53 PM + +Payload : JSON PAYLOAD + +IsBasic : False + +DiagnosticDataTypes : {11} + +### EXAMPLE 2 +``` +Get-DiagnosticData -StartTime (Get-Date).AddHours(-12) -EndTime (Get-Date).AddHours(-6) -BasicTelemetryOnly +``` + +Returns all basic diagnostic events sent between 12 and 6 hours before now. + +### EXAMPLE 3 +``` +Get-DiagnosticData -DiagnosticDataType 11 +``` + +Returns diagnostic events tagged with diagnostic data type ID 11. +See Get-DiagnosticDataTypes for the list of diagnostic data types. + +## PARAMETERS + +### -StartTime +Query filter parameter. +Specifies start time of the window for the oldest event in the fetched set. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: st, start + +Required: False +Position: 0 +Default value: 1/1/0001 12:00:00 AM +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -EndTime +Query filter parameter. +Specifies end time of the window for the newest event in the fetched set. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: et, end + +Required: False +Position: 1 +Default value: 12/31/9999 11:59:59 PM +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -RecordCount +Specifies maximum number of events to fetch. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: rc, recCount, c, count + +Required: False +Position: 2 +Default value: 0 +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -DiagnosticDataType +Query filter parameter. +Specifies if resultset should only include events having this diagnostic data type. +See Get-DiagnosticDataTypes for data type IDs. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: ddt, dt + +Required: False +Position: Named +Default value: -2147483648 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BasicTelemetryOnly +Query filter parameter. +Specifies if resultset should only include Basic diagnostic data events. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: basic, basicOnly + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.DateTime +Query filter parameter. +Specifies start time of the window for the oldest event in the fetched set. + +### System.DateTime +Query filter parameter. +Specifies end time of the window for the newest event in the fetched set. + +### System.Int32 +Specifies maximum number of events to fetch. + +## OUTPUTS + +### DDVCmdlets.Containers.EventRecord +Persisted event record. + +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS +[About Windows Diagnostic Data](/windows/privacy/windows-diagnostic-data) diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataTypes.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataTypes.md new file mode 100644 index 0000000000..dc9e7806b6 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataTypes.md @@ -0,0 +1,51 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/get-diagnosticdatatypes?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-DiagnosticDataTypes +--- + +# Get-DiagnosticDataTypes + +## SYNOPSIS +Fetches the mapping of diagnostic data type identifiers to their corresponding descriptions. + +## SYNTAX + +``` +Get-DiagnosticDataTypes [] +``` + +## DESCRIPTION +This cmdlet shows the mapping between diagnostic data type identifiers to their official descriptions. +Each diagnostic data event is grouped into a Data Type based on how Microsoft uses the data. +It may take some time for descriptions to be loaded. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-DiagnosticDataTypes +``` + +Fetches Windows Diagnostic Data diagnostic data types. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### DDVCmdlets.Containers.DiagnosticDataType +Diagnostic data type information. + +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS + +[About Windows Diagnostic Data](/windows/privacy/windows-diagnostic-data) diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataViewingSetting.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataViewingSetting.md new file mode 100644 index 0000000000..9810a92b5a --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticDataViewingSetting.md @@ -0,0 +1,46 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/get-diagnosticdataviewingsetting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-DiagnosticDataViewingSetting +--- + +# Get-DiagnosticDataViewingSetting + +## SYNOPSIS +Fetches whether diagnostic data viewing is currently enabled or disabled. + +## SYNTAX + +``` +Get-DiagnosticDataViewingSetting [] +``` + +## DESCRIPTION +This cmdlet returns the current state of diagnostic data viewing. +This state indicates whether diagnostic data viewing is enabled for this device. +If disabled, this tool will throw an error. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-DiagnosticDataViewingSetting +``` + +Checks if Diagnostic Data Viewing is enabled. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.String +## NOTES +Requires Windows 10 version 17134 (1803) or higher +## RELATED LINKS diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticStoreCapacity.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticStoreCapacity.md new file mode 100644 index 0000000000..95558b6e20 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Get-DiagnosticStoreCapacity.md @@ -0,0 +1,94 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/get-diagnosticstorecapacity?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-DiagnosticStoreCapacity +--- + +# Get-DiagnosticStoreCapacity + +## SYNOPSIS +Fetches the current diagnostic store capacity. +Parameter \[-Size\] returns the diagnostic store size capacity in megabytes. +Parameter \[-Time\] returns the diagnostic store capacity in days. +The default diagnostic data store size capacity is 1024 MB. +The default time capacity is 30 days. + +## SYNTAX + +``` +Get-DiagnosticStoreCapacity [-Size] [-Time] [] +``` + +## DESCRIPTION +The amount of Diagnostic Data history that can be shown through this tool is capped based on time in days and size in megabytes. +Once either cap is reached (whichever comes first), diagnostic data is removed based on a first in first out order. +For example, if the size cap is 1GB and the time cap is 30 days, then once the diagnostic data store has reached 1GB of history or the oldest record is 30 days old (whichever comes first), the oldest seen event is dropped. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-DiagnosticStoreCapacity -Size +``` + +Get configured size capacity (megabytes) of the Diagnostic store. + +### EXAMPLE 2 +``` +Get-DiagnosticStoreCapacity -Time +``` + +Get configured time capacity (hours) of the Diagnostic store. + +## PARAMETERS + +### -Size +Get configured size capacity (megabytes) of the Diagnostic store. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: s + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Time +Get configured time capacity (hours) of the Diagnostic store. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: t + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter +Get configured size capacity (megabytes) of the Diagnostic store. + +### System.Management.Automation.SwitchParameter +Get configured time capacity (hours) of the Diagnostic store. + +## OUTPUTS + +### System.String +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Microsoft.DiagnosticDataViewer.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Microsoft.DiagnosticDataViewer.md new file mode 100644 index 0000000000..fac8a67097 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Microsoft.DiagnosticDataViewer.md @@ -0,0 +1,45 @@ +--- +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: {{Please enter version of help manually (X.X.X.X) format}} +Locale: en-US +Module Guid: 9bd99f27-788b-4912-8f67-5d9d1640fd9b +Module Name: Microsoft.DiagnosticDataViewer +title: Microsoft.DiagnosticsDataViewer +--- + +# Microsoft.DiagnosticDataViewer Module +## Description +The Microsoft.DiagnosticDataViewer module provides commands for viewing and analyzing the Diagnostic Data sent by a Windows device. + +## Minimum Requirements +The module requires Windows 10 version 17134 (1803) or higher. + +## Microsoft.DiagnosticDataViewer Cmdlets +### [Disable-DiagnosticDataViewing](Disable-DiagnosticDataViewing.md) +Disables diagnostic data viewing. + +### [Enable-DiagnosticDataViewing](Enable-DiagnosticDataViewing.md) +Enables diagnostic data viewing. + +### [Get-DiagnosticData](Get-DiagnosticData.md) +Fetches historical Windows Diagnostic Data uploaded by this machine. + +### [Get-DiagnosticDataTypes](Get-DiagnosticDataTypes.md) +Fetches the mapping of diagnostic data type identifiers to their corresponding descriptions. + +### [Get-DiagnosticDataViewingSetting](Get-DiagnosticDataViewingSetting.md) +Fetches whether diagnostic data viewing is currently enabled or disabled. + +### [Get-DiagnosticStoreCapacity](Get-DiagnosticStoreCapacity.md) +Fetches the current diagnostic store capacity. +Parameter \[-Size\] returns the diagnostic store size capacity in megabytes. +Parameter \[-Time\] returns the diagnostic store capacity in days. +The default diagnostic data store size capacity is 1024 MB. +The default time capacity is 30 days. + +### [Set-DiagnosticStoreCapacity](Set-DiagnosticStoreCapacity.md) +Sets the diagnostic store time and size capacity. + +## Related Links +[Microsoft Privacy Policy](https://privacy.microsoft.com/en-us/privacy) + diff --git a/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Set-DiagnosticStoreCapacity.md b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Set-DiagnosticStoreCapacity.md new file mode 100644 index 0000000000..86dd12922d --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.DiagnosticDataViewer/Set-DiagnosticStoreCapacity.md @@ -0,0 +1,97 @@ +--- +external help file: DDVCmdlets.dll-Help.xml +Module Name: Microsoft.DiagnosticDataViewer +online version: https://learn.microsoft.com/powershell/module/microsoft.diagnosticdataviewer/set-diagnosticstorecapacity?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-DiagnosticStoreCapacity +--- + +# Set-DiagnosticStoreCapacity + +## SYNOPSIS +Sets the diagnostic store time and size capacity. + +## SYNTAX + +``` +Set-DiagnosticStoreCapacity [[-Size] ] [[-Time] ] [] +``` + +## DESCRIPTION +This cmdlet sets the maximum amount of Diagnostic Data history (by time and by size) that can be shown through this tool. +The size cap is measured in megabytes, and the time cap is measured in days. +Once the either cap is reached (whichever comes first), diagnostic data history is removed based on a first in first out order. + +## EXAMPLES + +### EXAMPLE 1 +``` +Set-DiagnosticStoreCapacity -Size 1024 +``` + +Set store capacity (megabytes) of the diagnostic store. + +### EXAMPLE 2 +``` +Set-DiagnosticStoreCapacity -Time 24 +``` + +Set time capacity (hours) of the diagnostic store. + +### EXAMPLE 3 +``` +Set-DiagnosticStoreCapacity -Size 1024 -Time 24 +``` + +Set store capacity (megabytes) and time capacity (hours) of the diagnostic store at the same time. + +## PARAMETERS + +### -Size +Set size capacity of the diagnostic store. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: s + +Required: False +Position: 0 +Default value: 0 +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Time +Set time capacity of the diagnostic store. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: t + +Required: False +Position: 1 +Default value: 0 +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.UInt32 +Set size capacity of the diagnostic store. + +### System.UInt32 +Set time capacity of the diagnostic store. + +## OUTPUTS + +### System.String +## NOTES +Requires Windows 10 version 17134 (1803) or higher + +## RELATED LINKS diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Disable-ServerManagerStandardUserRemoting.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Disable-ServerManagerStandardUserRemoting.md new file mode 100644 index 0000000000..f22ff0912c --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Disable-ServerManagerStandardUserRemoting.md @@ -0,0 +1,139 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: ServerManager-help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/disable-servermanagerstandarduserremoting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-ServerManagerStandardUserRemoting +--- + +# Disable-ServerManagerStandardUserRemoting + +## SYNOPSIS +Disables access for specified standard users to event, service, performance counter, and role and feature inventory data that is collected by Server Manager for a server. + +## SYNTAX + +``` +Disable-ServerManagerStandardUserRemoting [-User] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-ServerManagerStandardUserRemoting** cmdlet disables access for one or more standard, non-Administrator users to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. +This cmdlet performs the opposite action, for specified users, of the Enable-ServerManagerStandardUserRemoting cmdlet. + +The cmdlet restores the default, administrator-only access to this data, and must be run locally on the server that is being managed by using Server Manager. +The cmdlet works by performing the following actions: + +- Deletes access rights for specified standard users to the root\cimv2 namespace on the local server (for access to role and feature inventory information). +- Removes specified standard users from user groups (Remote Management Users, Event Log Readers, and Performance Log Readers) that allow remote access to event and performance counter logs on the local server. +- Removes access rights in the Service Control Manager for specified standard users who have access to the status of services on the local server. + +## EXAMPLES + +### Example 1: Disable access to event, performance counter, service status and role and feature inventory data for a user +``` +PS C:\> Disable-ServerManagerStandardUserRemoting -User "PattiFul" +``` + +This command disables access to event, performance counter, service status, and role and feature inventory data for a server that is being managed by using either a local or remote Server Manager console, and for which there is a standard user named PattiFul. + +### Example 2: Simulate the outcome of disabling access to event, performance counter, service status and role and feature inventory data for a user +``` +PS C:\> Disable-ServerManagerStandardUserRemoting -User "EvanNar" -WhatIf +``` + +This command views the outcome of running a command to deny a standard user named EvanNar access to event, performance counter, service status, and role and feature inventory data for a server that is being managed by using the Server Manager console running on either the local or a remote computer. +Because the *WhatIf* parameter is used, the command actions are not carried out. + +### Example 3: Disable access to event, performance counter, service status and role and feature inventory data for a user +``` +PS C:\> Disable-ServerManagerStandardUserRemoting -User "PattiFul" -Confirm +``` + +This command denies a standard user named PattiFul access to event, performance counter, service status, and role and feature inventory data for a server that is being managed by using the Server Manager console running on either the local or a remote computer. +Because the *Confirm* parameter is used, the command prompts for confirmation before performing the action. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User +Specifies an array of user account names of standard users who runs Server Manager, and no longer requires access to event, performance counter, service, and role and feature inventory data for a server that is being managed by using either a local or remote Server Manager console. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Enable-ServerManagerStandardUserRemoting.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Enable-ServerManagerStandardUserRemoting.md new file mode 100644 index 0000000000..13b5082335 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Enable-ServerManagerStandardUserRemoting.md @@ -0,0 +1,135 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: ServerManager-help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/enable-servermanagerstandarduserremoting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-ServerManagerStandardUserRemoting +--- + +# Enable-ServerManagerStandardUserRemoting + +## SYNOPSIS +Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. + +## SYNTAX + +``` +Enable-ServerManagerStandardUserRemoting [-User] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-ServerManagerStandardUserRemoting** cmdlet provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing, either locally or remotely, by using Server Manager. +The cmdlet must be run locally on the server that you are managing by using Server Manager. +The cmdlet works by performing the following actions: + +- Adds access rights for specified standard users to the root\cimv2 namespace on the local server (for access to role and feature inventory information). +- Adds specified standard users to required user groups (Remote Management Users, Event Log Readers, and Performance Log Readers) that allow remote access to event and performance counter logs on the managed server. +- Changes access rights in the Service Control Manager to allow specified standard users remote access to the status of services on the managed server.This cmdlet does not provide standard users access to bpa (BPA) results, or allow standard users to run BPA scans. +Aside from the preceding list of changes, this cmdlet provides no additional access that a standard user does not already have, by default, on managed servers. + +Running this cmdlet has security implications for your network environment, because it grants specified non-Administrator users access rights to information that, by default, is restricted to members of the Administrators group on the local computer. +The cmdlet provides access to other WMI providers in the root\cimv2 namespace, but only those providers that can be used by standard users. +We recommend that you run this cmdlet only when you must add a specific standard user to the users who require access to remote server data by using Server Manager. +Additionally, you should promptly run `Disable-ServerManagerStandardUserRemoting` to deny this access to users as soon as they no longer require it. + +## EXAMPLES + +### Example 1: Enable access to event, performance counter, service status, and role and feature inventory data to a user +``` +PS C:\> Enable-ServerManagerStandardUserRemoting -User "PattiFul" +``` + +This command gives a standard user named PattiFul access to event, performance counter, service status, and role and feature inventory data on a server that is being managed, either locally or remotely, by using Server Manager. + +### Example 2: Enable access to event, performance counter, service status, and role and feature inventory data to a user with confirmation +``` +PS C:\> Enable-ServerManagerStandardUserRemoting -User "PattiFul" -Confirm +``` + +This command gives a standard user named PattiFul access to event, performance counter, service status, and role and feature inventory data on a server that is being managed, either locally or remotely, by using Server Manager. +Because the *Confirm* parameter is used, the command prompts for confirmation before performing the action. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User +Specifies an array of user account names of a standard user who runs Server Manager, and requires access to event, performance counter, service, and role and feature inventory data for remote servers that are managed by using the local Server Manager console. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Export-SmigServerSetting.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Export-SmigServerSetting.md new file mode 100644 index 0000000000..e200d593eb --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Export-SmigServerSetting.md @@ -0,0 +1,258 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/export-smigserversetting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-SmigServerSetting +--- + +# Export-SmigServerSetting + +## SYNOPSIS +Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store. + +## SYNTAX + +``` +Export-SmigServerSetting [-FeatureId ] [-Feature ] [-User ] [-Group] [-IPConfig] + -Path -Password [] +``` + +## DESCRIPTION +The **Export-SmigServerSetting** cmdlet exports selected Windows features and operating system settings from the local computer, and stores them in a migration store specified in the *Path* parameter. +Use the Import-SmigServerSetting cmdlet to import Windows features and operating system settings to the destination computer from the migration store populated by the Export-SmigServerSetting command. + +For online Help about the Windows Server Migration Tools cmdlets, see [Server Migration Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=246313) at http://go.microsoft.com/fwlink/?LinkId=246313. + +## EXAMPLES + +### Example 1: Export the DHCP server +``` +PS C:\> Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose +``` + +This sample command exports the Dynamic Host Configuration Protocol (DHCP) server and all other Windows Server features that are required by the DHCP server. +The command also exports local user accounts, local groups, and group memberships to the location c:\temp\store that is specified in the *Path* parameter. + +Creating a password to encrypt the migration store is required. +Because a password is not provided in this sample command, after you enter the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 2: Export IP configuration settings +``` +PS C:\> Export-SmigServerSetting -IPConfig -Path "c:\temp\store" -Password (Read-Host "Create a Password:" -AsSecureString) -Verbose +``` + +This sample command exports basic IP configuration settings, and stores the data in the migration store specified by the *Path* parameter as c:\temp\store. +The sample command also instructs the migration utilities to display the text string "Create a Password:" to prompt the user to create a password for encrypting the migration store. +Password characters are displayed as asterisks (*). +When the new password has been entered, the value is stored by **Export-SmigServerSetting** as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 3: Export Windows Server features +``` +PS C:\> $c = Get-SmigServerFeature +PS C:\> Export-SmigServerSetting -Feature $c -Path "c:\temp\store" -Verbose +``` + +This sample command exports a set of Windows features that have already been specified by using the Get-SmigServerFeature cmdlet. +In the sample, the migration utilities are instructed to use a variable, $c, to represent the features specified by using the **Get-SmigServerFeature** cmdlet. + +The first command retrieves Windows feature objects specified by using the **Get-SmigServerFeature** cmdlet, and saves them in the $c variable. +The second command exports the Windows features represented by the $c variable, and stores the data in the location that is specified in the *Path* parameter, c:\temp\store. + +Creating a password to encrypt the migration store is required. +Because a password is not provided in this sample command, after entering the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 4: Export user accounts +``` +PS C:\> $pass = ConvertTo-SecureString -String "password" -AsPlainText -Force +PS C:\> Export-SmigServerSetting -User All -Password $pass -Path "c:\store" -Verbose +``` + +In this example, the first command instructs the migration utilities to convert the store encryption password, represented by "password," to a secure string, and store it in the variable $pass. +The second command exports all local user accounts, sets the value of the variable $pass as the password to encrypt the migration store, and stores the migration data in the location c:\temp\store. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +## PARAMETERS + +### -Feature +Specifies the Windows features to be exported from the source computer. +Not all Windows features can be migrated by using migration cmdlets. +You can use the Get-SmigServerFeature cmdlet to retrieve a list of Windows features that can be migrated from the local server, and pass the resulting list to the **Export-SmigServerSetting** cmdlet, either by piping the results to the cmdlet, or by storing the results in a variable and then using the variable to represent the results in your command. + +```yaml +Type: Feature[] +Parameter Sets: (All) +Aliases: F + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -FeatureId +Specifies the IDs of the Windows features to be exported from the source computer. +Not all Windows features are supported for migration. +You can use the **Get-SmigServerFeature** cmdlet to retrieve a list of Windows features, along with their feature IDs, that can be migrated from the local server. +Separate multiple feature IDs by using commas. +Standard PowerShell wildcard characters are supported. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: ID + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Group +Exports the source server's local groups. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPConfig +Exports the source server's basic IP configuration settings, including network interface card (NIC) settings such as connection-specific suffix, IPv4 settings, registry key to disable IPv6 components, and global Windows IP configuration settings. +IP configuration for a NIC can only be exported if the NIC is enabled and connected to the network. +See IP Configuration Migration Guide for more information. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Password +Specifies the migration store encryption password as a secure string. +The secure string can be obtained by entering the command `Read-Host -AsSecureString` or `ConvertTo-SecureString`. +Because the *Password* parameter is required, if it is not added to your command, you are prompted to create a password after entering your command. +The password length must be a minimum of six characters and a maximum of 260 characters. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the path to store the exported migration data. +The specified migration store location must be empty. +The path must be a valid local or Universal Naming Convention (UNC) path; if it is a share on a remote computer, the share must be notated as a drive letter on the local computer. +The path length cannot be longer than 246 characters. +Wildcard characters are not supported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User +Specifies the type of user accounts to export to the migration store. +The following are acceptable values for this parameter: + + +- Enabled + +- Disabled + +- All + +User passwords are not migrated. +Users must create a password the first time they log on to the server. +Only the "User Name" and "Account is Disabled" properties are migrated. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Migration.MigrationResult + +## NOTES +* The Windows Server Migration Tools deployment log file is located in %windir%\Logs\SmigDeploy.log. Other Windows Server Migration Tools log files are created at the following locations: + + +- %windir%\Logs\ServerMigration.log + +- On Windows Server 2008 and later versions: %localappdata%\SvrMig\Log + +- On Windows Server 2003: %userprofile%\Local Settings\Application Data\SvrMig\Log + + If the log files cannot be created at these locations, ServerMigration.log and SmigDeploy.log will be created at %temp%, and other logs will be created at %windir%\System32. + + The maximum size of all log files (in MB) is stored in the following registry key. +When the log file grows larger than the size specified in the registry key, the log file is deleted. +Logging begins again in a new log file that uses the same file name and path. +The default maximum log size is 200 MB. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxLogSize (REG_DWORD) + +- Data: Whole numbers between 1 and 1000 (represents log size, in MB) + +## RELATED LINKS + +[Import-SmigServerSetting](./Import-SmigServerSetting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-SmigServerFeature.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-SmigServerFeature.md new file mode 100644 index 0000000000..ec4829e541 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-SmigServerFeature.md @@ -0,0 +1,166 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/get-smigserverfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-SmigServerFeature +--- + +# Get-SmigServerFeature + +## SYNOPSIS +Gets the set of all Windows features that can be migrated from the local server or from a migration store. + +## SYNTAX + +### empty (Default) +``` +Get-SmigServerFeature [] +``` + +### TargetPreview +``` +Get-SmigServerFeature -Path -Password [] +``` + +## DESCRIPTION +The **Get-SmigServerFeature** cmdlet gets the set of all Windows Server features that can be migrated from the local server or from a migration store. +If a migration store is specified in the *Path* parameter, this cmdlet returns only the features in the migration store that can be installed on the local server. + +For online Help about the Windows Server Migration Tools cmdlets, see [Server Migration Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=246313) at http://go.microsoft.com/fwlink/?LinkId=246313. + +## EXAMPLES + +### Example 1: Get all Windows Server features +``` +PS C:\> Get-SmigServerFeature +``` + +This command displays all Windows features that can be migrated from the local computer. + +### Example 2: Get Windows Server features at a specified path +``` +PS C:\> Get-SmigServerFeature -Path "c:\temp\store" +``` + +This command retrieves and displays the set of Windows features that can be migrated from the migration store specified by the *Path* parameter as located at c:\temp\store. +Because a password is not provided in this sample command, after entering the command, the user is prompted to provide a password for decrypting the migration store. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +### Example 3: Get Windows Server features and display a password prompt +``` +PS C:\> $c = Get-SmigServerFeature -Path "c:\temp\store" -Password (Read-Host "Enter a Password:" -AsSecureString) +``` + +The first line of the command uses the **Get-SmigServerFeature** cmdlet to retrieve role or feature objects from the migration store in the location specified by the *Path* parameter, and save them in the $c variable. + +The command also instructs the migration tools to display the string "Enter a Password:" to prompt users to enter the password to decrypt the migration store. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +### Example 4: Get Windows Server features and import them +``` +PS C:\> Get-SmigServerFeature -Path "c:\temp\store" | Import-SmigServerSetting -Path "c:\temp\store" -Verbose +``` + +The first part of the command, before the pipe (|) character, retrieves all role or feature objects listed by using the **Get-SmigServerFeature** cmdlet that are found in the store specified by the *Path* parameter. +The second part of the command imports those Windows features that are both listed by **Get-SmigServerFeature** and available in the migration store. + +Because a password is not provided in this sample command, after entering the command, the user is prompted to enter a password to decrypt the migration store. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 5: Create a secure password variable to get Windows Server features and import them +``` +PS C:\> $pass = ConvertTo-SecureString -String "password" -AsPlainText - +PS C:\> Get-SmigServerFeature -Path "c:\temp\store" -Password $pass | Import-SmigServerSetting -Path "c:\temp\store" -Password $pass -Verbose +``` + +The first command converts the store encryption password, represented by "password," to a secure string, and stores it in the variable $pass. + +The second command has two parts. +The first, by using the **Get-SmigServerFeature** cmdlet, retrieves the set of Windows features that can be migrated from the migration store specified by the *Path* parameter as located at c:\temp\store, and provides the password to decrypt the migration store as represented by the variable $pass. +The second part of the command pipes the Windows features retrieved by the Get cmdlet to the Import-SmigServerSetting cmdlet for installation on a destination computer. +This command also supplies the password to decrypt the migration store, in the variable $pass. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +## PARAMETERS + +### -Password +Specifies the password, as a secure string, to decrypt the migration store. +The secure string can be obtained by entering the command `Read-Host -AsSecureString` or `ConvertTo-SecureString`. + +```yaml +Type: SecureString +Parameter Sets: TargetPreview +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the path to the migration store from which you want to retrieve Windows features. +The path must be a well-formed local or Universal Naming Convention (UNC) path; if it is a share on a remote computer, the share must be notated as a drive letter on the local computer. +The path length cannot be longer than 246 characters. +Wildcard characters are not supported. +The returned list of Windows features contains only those Windows features that are both in the migration store and installable on the local computer. + +```yaml +Type: String +Parameter Sets: TargetPreview +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Migration.Feature[] +Gets the set of all Windows features that can be migrated from the local server or from a migration store. +If a migration store is specified in the *Path* parameter, this cmdlet returns only the features in the migration store that can be installed on the local server. + +## NOTES +* The Windows Server Migration Tools deployment log file is located in %windir%\Logs\SmigDeploy.log. Other Windows Server Migration Tools log files are created at the following locations: + + +- %windir%\Logs\ServerMigration.log + +- On Windows Server 2008 and later versions: %localappdata%\SvrMig\Log + +- On Windows Server 2003: %userprofile%\Local Settings\Application Data\SvrMig\Log + + If the log files cannot be created at these locations, ServerMigration.log and SmigDeploy.log will be created at %temp%, and other logs will be created at %windir%\System32. + + The maximum size of all log files (in MB) is stored in the following registry key. +When the log file grows larger than the size specified in the registry key, the log file is deleted. +Logging begins again in a new log file that uses the same file name and path. +The default maximum log size is 200 MB. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxLogSize (REG_DWORD) + +- Data: Whole numbers between 1 and 1000 (represents log size, in MB) + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-WindowsFeature.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-WindowsFeature.md new file mode 100644 index 0000000000..2187487f06 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Get-WindowsFeature.md @@ -0,0 +1,193 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/get-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-WindowsFeature +--- + +# Get-WindowsFeature + +## SYNOPSIS +Gets information about Windows Server roles, role services, and features that are available for installation and installed on a specified server. + +## SYNTAX + +``` +Get-WindowsFeature [[-Name] ] [-Vhd ] [-ComputerName ] [-Credential ] + [-LogPath ] [] +``` + +## DESCRIPTION +The **Get-WindowsFeature** cmdlet gets information about features that are both available for installation and already installed on a computer that is running Windows Server 2012 R2 or an offline virtual hard disk (VHD) that is running Windows Server 2012 R2. + +## EXAMPLES + +### Example 1: Get a list of features that are available and installed on the specified computer +``` +PS C:\> Get-WindowsFeature -ComputerName "Server1" -Credential "contoso.com\user1" +``` + +This command gets a list of features that are available and installed on the target computer named Server1. +The credentials for user user1 in the Contoso.com domain, a user who has Administrator rights on Server1, are provided. + +### Example 2: Get a list of features that is available and installed on the specified offline VHD +``` +PS C:\> Get-WindowsFeature -Vhd "D:\ps-test\vhd1.vhd" +``` + +This command gets a list of features that is available and installed on the specified offline VHD located at D:\ps-test\vhd1.vhd. + +### Example 3: Get a list of available and installed features by command ID +``` +PS C:\> Get-WindowsFeature -Name "AD*, Web*" +``` + +This command gets a list of available and installed features that have a command ID starting with AD or Web. + +### Example 4: Get a list of features that is installed on a specific server +``` +PS C:\> Get-WindowsFeature -ComputerName "Server01" | Where Installed +``` + +This command gets a list of features that is installed on the server named Server01. + +### Example 5: Get a list of features on a server that have installation files that are removed +``` +PS C:\> Get-WindowsFeature -ComputerName "Server01" | Where InstallState -Eq Removed +``` + +This command gets a list of features on the server named Server01 that have installation files removed from the local side-by-side store, and require an external file source for installation. + +## PARAMETERS + +### -ComputerName +Specifies a list of available rrsandf_plural from the specified remote computer that is running Windows Server 2012 R2. +The parameter accepts only one computer name. +If this parameter is not added, or no computer name is specified, the default target is the local computer. +Valid values for the parameter include a NetBIOS name, an IP address, or a fully qualified domain name (FQDN) of a remote computer. + +To use a remote computer's IP address as the value of this parameter, your command must include the *Credential* parameter. +The computer must either be configured for HTTPS transport, or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. +For information about adding a computer name to the WinRM TrustedHosts list, see [How to Add a Computer to the Trusted Host List in about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has access rights to perform this action. +If the parameter is not added, or no value is specified, the default value of this parameter is the current user. +Enter a user name in one of the following formats. +Quotation marks are optional. + +-- "UserName" +-- "Domain\User" +-- "User@Domain.com" +-- A Credential object returned by the [Get-Credential](https://go.microsoft.com/fwlink/p/?LinkID=113311) cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath +Specifies a name and path to a log file. +Use this parameter if the results of this cmdlet must be stored in a log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies an array of command IDs of roles, role services, or features from which this cmdlet returns information. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Vhd +Specifies the path to an offline virtual hard drive (VHD). +The path can either point to a VHD file, or to a location on which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer, or on a network shared folder. +If the VHD is in a network shared folder, then the value of this parameter is a UNC path to the VHD. +In this case, the computer account of the computer that you are using to mount the VHD must have read and write permissions (Read/Write permissions in the File Sharing dialog box, or Full Control on the Security tab of the folder Properties dialog box) on the shared folder, or the VHD will not be accessible. +Local loopback UNC paths are not supported. +Use either of the following formats for the computer account: DOMAIN\SERVERNAME$ or SERVERNAME$. + +Add the *ComputerName* parameter to specify the target computer you want to use to mount the VHD. +If the *ComputerName* parameter is not specified, then the local computer is used. +The computer that you are using to mount the VHD must be running Windows Server 2012 R2. +Any local path, such as D:\myFolder, that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Commands.Feature[] + +## NOTES + +## RELATED LINKS + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Import-SmigServerSetting.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Import-SmigServerSetting.md new file mode 100644 index 0000000000..d79fd11deb --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Import-SmigServerSetting.md @@ -0,0 +1,385 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/import-smigserversetting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Import-SmigServerSetting +--- + +# Import-SmigServerSetting + +## SYNOPSIS +Imports selected Windows features, and operating system settings from a migration store, and applies them to the local computer. + +## SYNTAX + +``` +Import-SmigServerSetting [-Feature ] [-FeatureId ] [-Group] + [-SourcePhysicalAddress ] [-TargetPhysicalAddress ] [-Force] -Path + [-User ] [-IPConfig ] -Password [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Import-SmigServerSetting** cmdlet imports selected Windows features and operating system settings from a migration store identified in the *Path* parameter, and applies them to the local computer. +Before running this cmdlet, you must first use the Export-SmigServerSetting cmdlet to export Windows features, and settings from a source server to the migration store. +The order in which settings are applied is not guaranteed. +To migrate settings that must be migrated in sequential order, run the **Import-SmigServerSetting** cmdlet multiple times to apply the settings in the required order. +You can also use this cmdlet to install Windows features and their dependencies, if the Windows features you are migrating have not been installed. +Some Windows features might require that the destination computer be restarted to complete installation. +After restarting the computer, you must run the cmdlet again with *Force* parameter to complete the import operation. + +For online Help about the Windows Server Migration Tools cmdlets, see [http://go.microsoft.com/fwlink/?LinkId=246313](https://go.microsoft.com/fwlink/?LinkId=246313). + +## EXAMPLES + +### Example 1: Import a DHCP server +``` +PS C:\> Import-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose +``` + +This sample command imports the Dynamic Host Configuration Protocol (DHCP) server, and all other Windows features required by this technology. +The command also import local user accounts, local groups, and group memberships to the location c:\temp\store that is specified in the *Path* parameter. + +Entering the password to decrypt the migration store is required. +Because a password is not provided in this sample command, after you enter the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 2: Import an IP configuration +``` +PS C:\> Import-SmigServerSetting -IPConfig All -SourcePhysicalAddress "00-13-D3-F7-A1-3A","00-13-D3-F7-A1-4A" -TargetPhysicalAddress "11-13-D3-F7-A1-3A","11-13-D3-F7-A1-4A" -Path "c:\temp\store" -Password (Read-Host "Enter a Password:" -AsSecureString)-Verbose +``` + +This command imports the IP configuration from the migration store specified at c:\temp\store, and applies it to the local server. +The IP configuration from the network interface card (NIC) with the physical address 00-13-D3-F7-A1-3A is migrated to the NIC with the physical address 11-13-D3-F7-A1-3A, and from the NIC with the physical address 00-13-D3-F7-A1-4A to the NIC with the physical address 11-13-D3-F7-A1-4A. +This command also instructs the migration tools to import Windows IP configuration settings such as DNS Suffix Search List settings and Disable IPv6 registry key value. + +The command also instructs the migration tools to display the string "Enter a Password:" to prompt users to enter the password to decrypt the migration store. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 3: Get Windows Server features and import them +``` +PS C:\> $c = Get-SmigServerFeature -Path "c:\temp\store" +PS C:\> Import-SmigServerSetting -Feature $c -Path "c:\temp\store" -Verbose +``` + +This command imports a set of Windows features that have already been retrieved by using the Get-SmigServerFeature cmdlet. + +The first line of the command retrieves role or feature objects specified by using the **Get-SmigServerFeature** cmdlet, and saves them in the $c variable. +The second line of the command imports the Windows features represented by the $c variable from the migration store that is specified in the *Path* parameter, c:\temp\store. + +Entering the password to decrypt the migration store is required. +Because a password is not provided in this sample command, after you enter the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 4: Get Windows Server features and import them +``` +PS C:\> Get-SmigServerFeature -Path "c:\temp\store" | Import-SmigServerSetting -Path "c:\temp\store" -Verbose +``` + +This command pipes a set of features that have already been retrieved by using the Get-SmigServerFeature cmdlet to the **Import-SmigServerSetting** cmdlet. + +The first part of the command, before the pipe (|) character, retrieves all role or feature objects listed by using the **Get-SmigServerFeature** cmdlet that are found in the store specified by the *Path* parameter. +The second part of the command imports those Windows features that are both listed by **Get-SmigServerFeature** and available in the migration store. + +Entering the password to decrypt the migration store is required. +Because a password is not provided in this sample command, after you enter the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 5: Create a password variable and use it to import user accounts +``` +PS C:\> $pass = ConvertTo-SecureString -String "password" -AsPlainText -Force +PS C:\> Import-SmigServerSetting -User All -Password $pass -Path "c:\store" -Verbose +``` + +In this example, the first command converts the store encryption password, represented by "password," to a secure string, and stores it in the variable $pass. +The second command imports all local user accounts, uses the value of the variable $pass as the password to decrypt the migration store. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +## PARAMETERS + +### -Feature +Specifies the Windows feature objects that you want to import from the migration store. +Not all Windows features can be migrated by using migration cmdlets. +You can use the Get-SmigServerFeature cmdlet to retrieve a list of Windows features that can be migrated from the migration store to the destination server, and pass the resulting list to the **Import-SmigServerSetting** cmdlet, either by piping the results to the cmdlet, or by storing the results in a variable and then using the variable to represent the results in your command. + +This cmdlet also installs Windows features and their dependencies, if the features you are migrating have not been installed. +Some Windows features might require that the destination computer be restarted to complete installation. +After restarting the computer, you must run the cmdlet again with the *Force* parameter to complete the import operation. + +```yaml +Type: Feature[] +Parameter Sets: (All) +Aliases: F + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -FeatureId +Specifies the IDs of the Windows features that you want to import from the migration store. +Not all Windows features are supported for migration. +You can use the **Get-SmigServerFeature** cmdlet to retrieve a list of Windows features, along with their feature IDs, which can be migrated from the migration store to the destination server. +Separate multiple feature IDs by using commas. +Standard PowerShell wildcard characters are supported. + +This cmdlet also installs Windows features and their dependencies, if the features you are migrating have not been installed. +Some Windows features might require that the destination computer be restarted to complete installation. +After restarting the computer, you must run the cmdlet again with the *Force* parameter to complete the import operation. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: ID + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Specifies that imported settings overwrite existing Windows feature settings on the destination computer. +If this parameter is not used, by default, existing Windows feature settings on the destination computer are preserved. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Group +Imports the local groups and their memberships from the migration store. +If a group already exists on the destination server, it is not overwritten. +Group memberships from the source server are added to existing groups on the destination server, and the existing group memberships on the destination server are preserved. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPConfig +Imports the source server's basic IP configuration settings. +The following are acceptable values for this parameter: + + +- NIC: network interface card (NIC) IP configuration settings such as connection-specific suffix, IPv4 settings and Disable IPv6 Component registry key. +IP configuration can only be imported for a NIC if it is enabled and connected to the network. +You must restart your computer for disabling IPv6 components to take effect. + +- Global: Windows IP configuration settings for the local computer. + +- All: both NIC and Global settings. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Password +Specifies the password, as a secure string, to decrypt the migration store. +The secure string can be obtained by entering the command `Read-Host -AsSecureString` or `ConvertTo-SecureString`. +Because the *Password* parameter is required, if it is not added to your command, you are prompted to specify a password after entering your command. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the path to the migration store from which you want to import Windows features and operating system settings. +The path must be a well-formed local or Universal Naming Convention (UNC) path; if it is a share on a remote computer, the share must be notated as a drive letter on the local computer. +The path length cannot be longer than 246 characters. +Wildcard characters are not supported. +Because the *Path* parameter is required, if it is not added to your command, you are prompted to specify a path after entering your command. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourcePhysicalAddress +Specifies, in double quotations, the physical addresses of the source network interface cards (NICs) from which to import IP settings. +To specify multiple source physical addresses, use commas to separate each address. +The number of source physical addresses must be the same as the number of destination physical addresses specified in the *TargetPhysicalAddress* parameter. +Wildcard characters are not supported. +This parameter is required when migrating NIC or all IP configurations. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetPhysicalAddress +Specifies, in double quotations, the physical addresses of the destination network interface cards (NICs) to which you want to apply IP settings. +If you specify multiple destination physical addresses, use commas to separate each address. +The number of destination physical addresses must be the same as the number of source physical addresses specified in the *SourcePhysicalAddress* parameter. +Wildcard characters are not supported. +This parameter is required when migrating NIC or all IP configurations. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User +Specify the type of local user accounts to import from the migration store. +The following are acceptable values for this parameter: + + +- Enabled: import only enabled local users + +- Disabled: import only disabled local users + +- All: import both enabled and disabled local users + +User passwords are not migrated. +Users must create a password the first time they log on to the server. +Only the "User Name" and "Account is Disabled" properties are migrated. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Migration.MigrationResult [] + +## NOTES +* The Windows Server Migration Tools deployment log file is located in %windir%\Logs\SmigDeploy.log. Other Windows Server Migration Tools log files are created at the following locations: + + +- %windir%\Logs\ServerMigration.log + +- On Windows Server 2008 and later versions: %localappdata%\SvrMig\Log + +- On Windows Server 2003: %userprofile%\Local Settings\Application Data\SvrMig\Log + + If the log files cannot be created at these locations, ServerMigration.log and SmigDeploy.log will be created at %temp%, and other logs will be created at %windir%\System32. + + The maximum size of all log files (in MB) is stored in the following registry key. +When the log file grows larger than the size specified in the registry key, the log file is deleted. +Logging begins again in a new log file that uses the same file name and path. +The default maximum log size is 200 MB. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxLogSize (REG_DWORD) + +- Data: Whole numbers between 1 and 1000 (represents log size, in MB) + +## RELATED LINKS + +[Export-SmigServerSetting](./Export-SmigServerSetting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Install-WindowsFeature.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Install-WindowsFeature.md new file mode 100644 index 0000000000..645764e7cd --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Install-WindowsFeature.md @@ -0,0 +1,360 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/install-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-WindowsFeature +--- + +# Install-WindowsFeature + +## SYNOPSIS +Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. + +## SYNTAX + +### ComponentNamesAndRunningComputer (Default) +``` +Install-WindowsFeature [-Name] [-Restart] [-IncludeAllSubFeature] [-IncludeManagementTools] + [-Source ] [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] + [-Confirm] [] +``` + +### ComponentNamesAndVhdPath +``` +Install-WindowsFeature [-Name] -Vhd [-IncludeAllSubFeature] [-IncludeManagementTools] + [-Source ] [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] + [-Confirm] [] +``` + +### ConfigurationFile +``` +Install-WindowsFeature -ConfigurationFilePath [-Vhd ] [-Restart] [-Source ] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Install-WindowsFeature** cmdlet installs the specified rrsandf_plural on a computer that is running Windows Server 2012 R2, or on an offline virtual hard disk (VHD) on which Windows Server 2012 R2 is installed. +This cmdlet is equivalent to and replaces the **Add-WindowsFeature** cmdlet, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.This cmdlet works similarly to the arfw in Server Manager, with an important exception: the cmdlet does not install management tools for rrsandf_plural by default. +To install management tools such as snap-ins on a target server, you must add the *IncludeManagementTools* parameter to your command. + +This cmdlet requires elevation; you must be running a Windows PowerShell session as an administrator to use this cmdlet. + +## EXAMPLES + +### Example 1: Install IIS, including all role services and applicable management tools on the specified computer +``` +PS C:\> Install-WindowsFeature -Name "Web-Server" -IncludeAllSubFeature -IncludeManagementTools -ComputerName "Server1" -Credential "contoso.com\PattiFul" +``` + +This command installs Web Server (IIS), including all role services and applicable management tools, on a computer named Server1, by using the credentials of a user account named contoso.com\PattiFul. + +### Example 2: Install all role services and applicable management tools from a configuration file to the default computer +``` +PS C:\> Install-WindowsFeature -ConfigurationFilePath "d:\ConfigurationFiles\ADCSConfigFile.xml" +``` + +This command installs all roles, role services and features that are specified in a configuration file named ADCSConfigFile.xml. +The configuration file was created by clicking Export configuration settings on the Confirm installation selections page of the arfw in Server Manager. + +### Example 3: Install AD CS, as specified, from a configuration file to a list of computers +``` +PS C:\> $Servers = ('server1', 'server2') +PS C:\> foreach ($Server in $Servers) {Install-WindowsFeature -ConfigurationFilePath D:\ConfigurationFiles\ADCSConfigFile.xml -ComputerName $Server} +``` + +This command installs Active Directory Certificate Services (AD CS) as specified in a configuration file named ADCSConfigFile.xml. +AD CS is installed on a list of computers that is contained in the variable $Servers. +The configuration file was created by clicking Export configuration settings on the Confirm installation selections page of the arfw in Server Manager. +On the first line, the value of the $Servers variable is set; on the second line, the installation instructions in the ADCSConfigFile.xml configuration file are applied to each of the servers that has been named in $Servers. + +### Example 4: Get a list of Windows features using a search string then pipe the results to Install-WindowsFeatures +``` +PS C:\> Get-WindowsFeature -Name "Web-*" | Install-WindowsFeature +``` + +This command retrieves a list of all Windows features beginning with the characters Web, and then pipes the resulting list to **Install-WindowsFeature**. +The result of this cmdlet is all features that start with Web are installed on the local computer. + +### Example 5: Install IIS to the local computer specifying a folder that contains the feature files +``` +PS C:\> Install-WindowsFeature -Name "Web-Server" -Source "\\server2\winsxs" +``` + +This command installs Web Server (IIS) on the local computer, specifying that the source of feature files for the installation is a folder, winsxs, on a computer named Server2. +The computer account of the local computer must have Read permissions on the specified share. + +## PARAMETERS + +### -ComputerName +Specifies a remote computer for which this cmdlet installs one or more available rrsandf_plural. +This parameter accepts only one computer name. +If this parameter is not added, or no computer name is specified, the default target is the local computer. + +Valid values for the parameter include a NetBIOS name, an IP address, or a fully qualified domain name of a remote computer that is running Windows Server + +To use an IP address of a remote computer as the value of this parameter, your command must include the *Credential* parameter. +The computer must either be configured for HTTPS transport, or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. +For information about adding a computer name to the WinRM TrustedHosts list, see [How to Add a Computer to the Trusted Host List in about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConfigurationFilePath +Specifies a single path to a configuration file which specifies roles and features to be installed, and any configuration parameters needed. +The path can be specified by using a local relative path or by using built-in environment variables prefixed with the `$env` tag (such as $env:systemdrive\filename). +A configuration file can be generated by running the arfw in Server Manager. + +If this parameter is specified, then the *Name* parameter cannot be used. + +```yaml +Type: String +Parameter Sets: ConfigurationFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has access rights to perform this action. +If the parameter is not added, or no value is specified, the default value of this parameter is the current user. +Enter a user name in one of the following formats. +Quotation marks are optional. + +- UserName +- Domain\User +- User@Domain.com +- A Credential object returned by the Get-Credential cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeAllSubFeature +Indicates that the cmdlet installs all subordinate role services, and all subfeatures of parent roles, role services, or features specified by the *Name* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeManagementTools +Indicates that the cmdlet installs all applicable management tools of the roles, role services, or features specified by the *Name* parameter. +Although management tools are installed by default when you are installing features by using the arfw, management tools are not installed by default when you install features by using the **Install-WindowsFeature** cmdlet; this parameter must be added to install management tools. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath +Specifies a name and path to a log file. +Add this parameter if the results of your command must be stored in a log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a list of features to install. +This parameter does not support wildcard characters. +If this parameter is specified, then the *ConfigurationFilePath* parameter cannot be used. + +```yaml +Type: Feature[] +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Restart +Indicates that cmdlet automatically restarts the target computer if a restart is required by the installation process for the specified roles or features. +This parameter cannot be used with the *Vhd* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ConfigurationFile +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Source +Specifies the path to feature files, if the files are not available in the local feature store of the target computer or VHD. +Valid values for this parameter are either a network path or the path to a Windows image file (WIM). +If you are installing roles or features on an offline VHD, you must use a mounted WIM. +It is not necessary to mount the WIM file for installing on a running physical computer, because a WIM is mounted internally for deployments to a physical computer. +Specify the path by using a local relative path, or by using built-in environment variables that are prefixed with the `$env` tag as shown in the following examples. + +The path specified in this parameter is only used if the command cannot find feature files in the local side-by-side store of the specified target computer or VHD. +The command searches for feature files in the following order: + +- On the target computer or offline VHD. +- Path specified as the value of this parameter. If you add a Universal Naming Convention (UNC) path, verify that the computer account of the target server has Read permissions on the share. The computer account should be in one of the following formats: DOMAIN\SERVERNAME$ or SERVER$ +- Repository path specified by the Group Policy Object (GPO), Specify settings for optional component installation and component repair, located in Computer Configuration/Administrative Templates/System in Local Group Policy Editor. This Group Policy setting controls the following Windows Registry setting: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\LocalSourcePath. +- Windows Update. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Vhd +Specifies the path to an offline VHD. +The path can either point to a VHD file, or to a location on which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer, or on a network shared folder. +If the VHD is in a network shared folder, then the value of this parameter is a UNC path to the VHD. +In this case, the computer account of the computer that you are using to mount the VHD must have read and write permissions (Read/Write permissions in the File Sharing dialog box, or Full Control on the Security tab of the folder Properties dialog box) on the shared folder, or the VHD will not be accessible. +Local loopback UNC paths are not supported. +Use either of the following formats for the computer account: DOMAIN\SERVERNAME$ or SERVERNAME$. + +Add the *ComputerName* parameter to specify the target computer you want to use to mount the VHD. +If the *ComputerName* parameter is not specified, then the local computer is used. +The computer that you are using to mount the VHD must be running Windows Server 2012 R2. +Any local path, such as D:\myFolder, that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: String +Parameter Sets: ComponentNamesAndVhdPath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: ConfigurationFile +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### Microsoft.Windows.ServerManager.Commands.Feature[] + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Commands.FeatureOperationResult + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Microsoft.Windows.ServerManager.Migration.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Microsoft.Windows.ServerManager.Migration.md new file mode 100644 index 0000000000..4b04a682f3 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Microsoft.Windows.ServerManager.Migration.md @@ -0,0 +1,31 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +title: Microsoft.Windows.ServerManager.Migration +--- + + +# Microsoft.Windows.ServerManager.Migration Module +## Description +This reference provides cmdlet descriptions and syntax for all Server Migration cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +Administrators can use the Windows Server Migration Tools cmdlets for Windows PowerShell to migrate server roles, features, operating system settings, and other data and shares to computers that are running the latest version of Windows Server. + +## Microsoft.Windows.ServerManager.Migration Cmdlets +### [Export-SmigServerSetting](./Export-SmigServerSetting.md) +Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store. + +### [Get-SmigServerFeature](./Get-SmigServerFeature.md) +Gets the set of all Windows features that can be migrated from the local server or from a migration store. + +### [Import-SmigServerSetting](./Import-SmigServerSetting.md) +Imports selected Windows features, and operating system settings from a migration store, and applies them to the local computer. + +### [Receive-SmigServerData](./Receive-SmigServerData.md) +Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server. + +### [Send-SmigServerData](./Send-SmigServerData.md) +Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Receive-SmigServerData.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Receive-SmigServerData.md new file mode 100644 index 0000000000..441ebce4ce --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Receive-SmigServerData.md @@ -0,0 +1,138 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/receive-smigserverdata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Receive-SmigServerData +--- + +# Receive-SmigServerData + +## SYNOPSIS +Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server. +The cmdlet Send-SmigServerData must be run on the source server at the same time Receive-SmigServerData is running on the destination server. + +## SYNTAX + +``` +Receive-SmigServerData -Password [] +``` + +## DESCRIPTION +The **Receive-SmigServerData** cmdlet allows a destination server to receive, over port 7000, shares, folders, files, and associated permissions and share properties that are migrated from a source server. +The cmdlet Send-SmigServerData must be started on the source server to send data. +By default, the cmdlet **Receive-SmigServerData** can wait for a maximum of five minutes to establish a connection with the cmdlet **Send-SmigServerData** on the source server. +You can use a registry key to change the default maximum connection time; for more information about this registry setting, see the Notes. + +In this release of Windows Server, you can send and receive data between servers that are not necessarily on the same subnets. +You can also specify IP addresses as the names of the source or destination servers. +To support migration across subnets, and migrate by specifying IP addresses, port numbers 7001 and 7002 must be opened on source and destination servers. + +File access rights are maintained during the migration; the same set of users is able to access files on the destination server after they have been migrated. +Because files are sent by using an encrypted connection, a password must be provided to decrypt migrated files on both the source and destination servers. +Transporting encrypted files (EFS) and junction points is not supported. + +For online Help about the Windows Server Migration Tools cmdlets, see [Server Migration Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=246313) at http://go.microsoft.com/fwlink/?LinkId=246313. + +## EXAMPLES + +### Example 1: Receive server data +``` +PS C:\> Receive-SmigServerData +``` + +This command receives data that is migrated from a source computer by using the cmdlet Send-SmigServerData. +Because a password is not provided in this sample command, after entering the command, the user is prompted to enter a password for decrypting the migrated data. +Password characters are displayed as asterisks (*).When the password is entered, the value is passed to the command as a SecureString. + +### Example 2: Receive server data with the specified password +``` +PS C:\> Receive-SmigServerData -Password (Read-Host "Enter a Password:" -AsSecureString) +``` + +This command receives data that is migrated from a source computer by using the cmdlet **Send-SmigServerData**. +The command also instructs the migration tools to display the string "Enter a Password:" to prompt users to enter the password to decrypt the migrated data. +Password characters are displayed as asterisks (*). +When the password is entered, the value is passed to the command as a SecureString. + +### Example 3: Create a password variable and receive server data +``` +PS C:\> $pass = ConvertTo-SecureString -String "password" -AsPlainText -Force +PS C:\> Receive-SmigServerData -Password $pass +``` + +In this example, the first line of the command instructs the migration utilities to convert the data decryption password, represented by "password," to a secure string, and store it in the variable $pass. + +The second line of the sample command receives data that is migrated from a source computer by using the cmdlet **Send-SmigServerData**. +The second command also sets the value of the variable $pass, specified in the first command, as the password to decrypt the data transfer. + +## PARAMETERS + +### -Password +Use this parameter to specify the password, as a secure string, to decrypt the data transfer by using 256-bit advanced encryption standard (AES). +The secure string can be obtained by entering the command `Read-Host -AsSecureString` or `ConvertTo-SecureString`. + +You must specify a password to protect your data because migrated data is broadcast over a network. +If the *Password* parameter is not added to your command, you are prompted to specify a password after entering your command. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +* The Windows Server Migration Tools deployment log file is located in %windir%\Logs\SmigDeploy.log. Other Windows Server Migration Tools log files are created at the following locations: + + +- %windir%\Logs\ServerMigration.log + +- On Windows Server 2008 and later versions: %localappdata%\SvrMig\Log + +- On Windows Server 2003: %userprofile%\Local Settings\Application Data\SvrMig\Log + + If the log files cannot be created at these locations, ServerMigration.log and SmigDeploy.log will be created at %temp%, and other logs will be created at %windir%\System32. + + The maximum size of all log files (in MB) is stored in the following registry key. +When the log file grows larger than the size specified in the registry key, the log file is deleted. +Logging begins again in a new log file that uses the same file name and path. +The default maximum log size is 200 MB. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxLogSize (REG_DWORD) + +- Data: Whole numbers between 1 and 1000 (represents log size, in MB) + + The maximum connection time for the **Send-SmigServerData** and **Receive-SmigServerData** cmdlets is stored in the following registry key. +**Send-SmigServerData** and **Receive-SmigServerData** operations stop if a connection cannot be established within the specified time. +The default maximum connection time is 300 seconds, or five minutes. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxConnectionTime (REG_DWORD) + +- Data: Between 1 and 3600 (represents connection time, in seconds). +If a value larger than 3600 is specified, 3600 seconds is used as the maximum connection time. + +## RELATED LINKS + +[Send-SmigServerData](./Send-SmigServerData.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Send-SmigServerData.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Send-SmigServerData.md new file mode 100644 index 0000000000..912fd9cfd1 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Send-SmigServerData.md @@ -0,0 +1,297 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 01/03/2017 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/send-smigserverdata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Send-SmigServerData +--- + +# Send-SmigServerData + +## SYNOPSIS +Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. +The cmdlet Receive-SmigServerData must be run on the destination server at the same time Send-SmigServerData is running on the source server. + +## SYNTAX + +``` +Send-SmigServerData -ComputerName -Password -Include + -DestinationPath [-Force] [-Recurse] -SourcePath [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Send-SmigServerData** cmdlet migrates folders, files, and associated permissions and share properties from the local server to a destination server through port 7000. +The cmdlet Receive-SmigServerData must be started on the destination server to receive data. +By default, the cmdlet **Send-SmigServerData** can wait for a maximum of five minutes to establish a connection with the cmdlet **Receive-SmigServerData** on the destination server. +You can use a registry key to change the default maximum connection time; for more information about this registry setting, see the Notes. + +In this release of Windows Server, you can send and receive data between servers that are not necessarily on the same subnets. +You can also specify IP addresses as the names of the source or destination servers. +To support migration across subnets, and migrate by specifying IP addresses, port numbers 7001 and 7002 must be opened on source and destination servers. + +File access rights are maintained during the migration; the same set of users is able to access files on the destination server after they have been migrated. +Because files are sent by using an encrypted connection, a password must be provided to decrypt migrated files on both the source and destination servers. +Transporting encrypted files (EFS) and junction points is not supported. + +For online Help about the [Server Migration Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=246313) at http://go.microsoft.com/fwlink/?LinkId=246313. + +## EXAMPLES + +### Example 1: Send files +``` +PS C:\> Send-SmigServerData -Include Data -ComputerName "Server2" -SourcePath "c:\users" -DestinationPath "d:\shares\users" -Verbose +``` + +This sample command migrates all files from the folder c:\users on the local (source) computer to the folder d:\shares\users on the destination computer. +By default, subfolders in c:\users are not transferred. +The command uses the computer name Server2, as provided in the *ComputerName* parameter, to find the destination server in the subnet. + +Because a password is not provided in this sample command, after entering the command, the user is prompted to enter a password for encrypting the migrated data. +Password characters are displayed as asterisks (*).When the password is entered, the value is passed to the command as a SecureString. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 2: Create a password variable and use it to send files +``` +PS C:\> $pass = ConvertTo-SecureString -String "password" -AsPlainText -Force +PS C:\> Send-SmigServerData -Include Share -ComputerName "Server2" -SourcePath "c:\users" -DestinationPath "d:\shares\users" -Recurse -Password $pass -Verbose +``` + +In this example, the first line of the command instructs the migration utilities to convert the data encryption password, represented by "password," to a secure string, and store it in the variable $pass. + +The second sample command migrates only share status and permissions for folder c:\users and for all subfolders by using the *Include* and *Recurse* parameters. +The files and subfolders in folder c:\users are not migrated. +This command also sets the value of the variable $pass, specified in the first command, as the password to encrypt the data transfer. +The command uses the computer name Server2, as provided in the *ComputerName* parameter, to find the destination server in the subnet. + +By using the *Verbose* parameter, the command also displays detailed information about the migration operation. + +### Example 3: Send files and include subfolders +``` +PS C:\> Send-SmigServerData -Include All -ComputerName "Server2" -SourcePath "c:\users" -DestinationPath "d:\shares\users" -Recurse -Password (Read-Host "Enter a Password:" -AsSecureString) -Verbose +``` + +In this example, the command migrates all migration data in the folder C:\users on the local server to the folder D:\shares\users on a remote server, Server2. +Because the *Recurse* parameter has been added, the command also migrates data that is stored in subfolders of the source folder. +To encrypt the data as it is transferred to the destination server, the *Password* parameter is added. +The value of the *Password* parameter is actually a second command, `(Read-Host "Enter a Password:" -AsSecureString)`, to prompt the administrator to provide a password, and encrypt the provided password as a secure string. +Finally, the *Verbose* parameter is added to display full details about the actions and progress of the command. + +## PARAMETERS + +### -ComputerName +Specifies the name or IP address of the destination server to which you want to copy data. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DestinationPath +Specifies the path on the destination server to which you want to copy data. +To avoid migration failures, verify that the destination path you specify exists for share-only migration. +For other migration types, verify that the path can be created on the destination computer. +The path must be a valid local path. +The path length cannot be longer than 246 characters. +Wildcard characters are not supported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overwrites existing files automatically if the files that you are migrating from the source server are newer. +Also overwrites existing shares' properties if the shares' names already exist on the source server. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Include +Specifies the type of content to copy to the destination server. +The following are acceptable values for this parameter: + + +- Data: Copies only files in the folder designated by the *SourcePath* parameter to the folder designated by the *DestinationPath* parameter. +Subfolders and their content are not copied unless the *Recurse* parameter is added. + +- Share: Copies only the share properties assigned to the folder specified in the *SourcePath* parameter to the folder specified in the *DestinationPath* parameter. +For example, if a folder was shared on the source server, it is shared on the destination server if the Share value is provided in the cmdlet, thereby preserving all share properties and permissions. +Share properties for subfolders and their content are not copied unless the *Recurse* parameter is added. +The files and subfolders in the folder designated by *SourcePath* are not migrated. +To avoid migration failures, verify that the folder specified in the *DestinationPath* parameter (and all subfolders if the *Recurse* parameter is added) exists. +- All: Copies both data and associated share properties. + +```yaml +Type: MigrationIncludeTypes +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Password +Specifies the password, as a secure string, to encrypt the data transfer by using the 256-bit advanced encryption standard (AES). +The secure string can be obtained by entering the command `Read-Host -AsSecureString` or `ConvertTo-SecureString`. + +You must specify a password to protect your data because transferred data is broadcast over a network. +If the *Password* parameter is not added to your command, you are prompted to specify a password after entering your command. +The password length must be a minimum of six characters and a maximum of 260 characters. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Recurse +Copies all content of the type specified by *Include* parameter in the path specified in the *SourcePath* parameter. +If this parameter is not used, subfolders of the *SourcePath* are not copied. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourcePath +Specifies the folder on the source server from which you want to copy data. +To avoid migration failures, it is required that you first verify that the source path you specify exists on the source computer, except in the case of share-only migration. +The path must be a valid local path. +The path length cannot be longer than 246 characters. +Wild card characters are not supported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Migration.Commands.MigrationResult [] +A **MigrationResult** object contains basic information about the success or failure of a requested migration item. + +## NOTES +* The Windows Server Migration Tools deployment log file is located in %windir%\Logs\SmigDeploy.log. Other Windows Server Migration Tools log files are created at the following locations: + + +- %windir%\Logs\ServerMigration.log + +- On Windows Server 2008 and later versions: %localappdata%\SvrMig\Log + +- On Windows Server 2003: %userprofile%\Local Settings\Application Data\SvrMig\Log + + If the log files cannot be created at these locations, ServerMigration.log and SmigDeploy.log will be created at %temp%, and other logs will be created at %windir%\System32. + + The maximum size of all log files (in MB) is stored in the following registry key. +When the log file grows larger than the size specified in the registry key, the log file is deleted. +Logging begins again in a new log file that uses the same file name and path. +The default maximum log size is 200 MB. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxLogSize (REG_DWORD) + +- Data: Whole numbers between 1 and 1000 (represents log size, in MB) + + The maximum connection time for **Send-SmigServerData** and **Receive-SmigServerData** cmdlet is stored in the following registry key. +**Send-SmigServerData** and **Receive-SmigServerData** operations terminate if a connection cannot be established within the specified time. +The default maximum connection time is 300 seconds, or five minutes. + + +- Key: HKLM\Software\Microsoft\ServerMigration + +- Value: MaxConnectionTime (REG_DWORD) + +- Data: Between 1 and 3600 (represents connection time, in seconds). +If a value larger than 3600 is specified, 3600 seconds is used as the maximum connection time. + +## RELATED LINKS + +[Receive-SmigServerData](./Receive-SmigServerData.md) + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/ServerManager.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/ServerManager.md new file mode 100644 index 0000000000..c46e959d03 --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/ServerManager.md @@ -0,0 +1,36 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: http://go.microsoft.com/fwlink/?linkid=390825 +Help Version: 5.0.0.1 +Locale: en-US +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/servermanager?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +title: ServerManager +--- + +# ServerManager Module +## Description +To download the most current Windows PowerShell console help for this cmdlet module, run Update-Help -Module ServerManager in an elevated (Run as Administrator) Windows PowerShell session. + +All cmdlets in this module require elevation. + +This reference provides cmdlet descriptions and syntax for all Server Manager role and feature deployment cmdlets, and for the cmdlets that control standard user access to data in Server Manager. It lists the cmdlets in alphabetical order, based on the verb at the beginning of the cmdlet. + +## ServerManager Cmdlets +### [Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) +Disables access for specified standard users to event, service, performance counter, and role and feature inventory data that is collected by Server Manager for a server. + +### [Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) +Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. + +### [Get-WindowsFeature](./Get-WindowsFeature.md) +Gets information about Windows Server roles, role services, and features that are available for installation and installed on a specified server. + +### [Install-WindowsFeature](./Install-WindowsFeature.md) +Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. + +### [Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) +Uninstalls specified Windows Server roles, role services, and features from a computer that is running Windows Server 2012 R2. + + diff --git a/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Uninstall-WindowsFeature.md b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Uninstall-WindowsFeature.md new file mode 100644 index 0000000000..1d55989cad --- /dev/null +++ b/docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration/Uninstall-WindowsFeature.md @@ -0,0 +1,277 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: Microsoft.Windows.ServerManager.Migration +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/microsoft.windows.servermanager.migration/uninstall-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-WindowsFeature +--- + +# Uninstall-WindowsFeature + +## SYNOPSIS +Uninstalls specified Windows Server roles, role services, and features from a computer that is running Windows Server 2012 R2. + +## SYNTAX + +### RunningComputer (Default) +``` +Uninstall-WindowsFeature [-Name] [-Restart] [-IncludeManagementTools] [-Remove] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +### VhdPath +``` +Uninstall-WindowsFeature [-Name] [-Vhd ] [-IncludeManagementTools] [-Remove] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Uninstall-WindowsFeature** cmdlet uninstalls and optionally removes specified roles, role services, and features from a computer that is running Windows Server 2012 R2, or from an offline virtual hard disk (VHD) on which Windows Server 2012 R2 is installed. +By adding the *Remove* parameter, the cmdlet also uninstalls feature files, or payload, from a computer. +This cmdlet replaces the **Remove-WindowsFeature** cmdlet that was used to uninstall roles, role services, and features in Windows Server 2008 R2.This cmdlet works similarly to the rrfw in Server Manager, with an important exception: by default, management tools are not uninstalled when you run the **Uninstall-WindowsFeature** cmdlet; you must add the *IncludeManagementTools* parameter to uninstall associated management tools. + +This cmdlet requires elevation; you must be running a Windows PowerShell session as an administrator to use this cmdlet. + +## EXAMPLES + +### Example 1: Uninstall various roles and features installed on the target server +``` +PS C:\> Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $TRUE } | Uninstall-WindowsFeature +``` + +This command uninstalls any roles or features that are currently installed on the target server. + +### Example 2: Remove all role services from the specified server +``` +PS C:\> Uninstall-WindowsFeature -Name "Web-Server" -ComputerName "Server1" -Credential "contoso\user1" +``` + +This command removes Web Server (IIS) from Server1, including all role services. +The user account specified to perform the operation is contoso\user1. + +### Example 3: Remove feature files for any roles or features currently not installed on the local server +``` +PS C:\> Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $FALSE } | Uninstall-WindowsFeature -Remove +``` + +This command removes the feature files for any roles or features that currently are not installed on the local server. + +## PARAMETERS + +### -ComputerName +Specifies the remote computer for which this cmdlet uninstalls and optionally removes one or more rrsandf_plural. +This parameter accepts only one computer name. +If this parameter is not added, or no computer name is specified, the default target is the local computer. + +Valid values for the parameter include a NetBIOS name, an IP address, or a fully qualified domain name of a remote computer that is running Windows Server. + +To use an IP address of a remote computer as the value of this parameter, your command must include the *Credential* parameter. +The computer must either be configured for HTTPS transport, or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. +For information about adding a computer name to the WinRM TrustedHosts list, see [How to Add a Computer to the Trusted Host List in about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has access rights to perform this action. +If the parameter is not added, or no value is specified, the default value of this parameter is the current user. +Enter a user name in one of the following formats: + +-- UserName +-- Domain\User +-- User@Domain.com +-- A Credential object returned by the Get-Credential cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeManagementTools +Indicates that the cmdlet uninstalls all applicable management tools along with the roles, role services, or features that are specified in the *Name* parameter. +By default, management tools are not uninstalled when you run the **Uninstall-WindowsFeature** cmdlet; you must add this parameter to uninstall associated management tools. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath +Specifies a name and path to a log file. +Add this parameter if the results of this cmdlet must be stored in a log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a list of features that this cmdlet uninstalls. +This parameter does not support wildcard characters. + +```yaml +Type: Feature[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Remove +Indicates that the cmdlet deletes feature files for the specified rrsandf_plural from the side-by-side store, located at %SystemDrive%:\Windows\WinSxS. +If the feature is not yet uninstalled, the command uninstalls the feature. + +When you delete feature files, features that depend upon the files you remove are also deleted. +When you delete feature files for a subfeature, and no other subfeatures for the parent feature are installed, then files for the entire parent role or feature are deleted. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Restart +Indicates that this cmdlet automatically restarts the target computer, if a restart is required by the uninstallation process for the specified roles or features. +This parameter cannot be used with the *Vhd* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: RunningComputer +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Vhd +Specifies the path to an offline VHD. +The path can either point to a VHD file, or to a location on which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer, or on a network shared folder. +If the VHD is in a network shared folder, then the value of this parameter is a UNC path to the VHD. +In this case, the computer account of the computer that you are using to mount the VHD must have read and write permissions (Read/Write permissions in the File Sharing dialog box, or Full Control on the Security tab of the folder Properties dialog box) on the shared folder, or the VHD will not be accessible. +Local loopback Universal Naming Convention (UNC) paths are not supported. +Use either of the following formats for the computer account: DOMAIN\SERVERNAME$ or SERVERNAME$. + +Use the *ComputerName* parameter to specify the target computer you want to use to mount the VHD. +If the *ComputerName* parameter is not specified, then the local computer is used. +The computer that you are using to mount the VHD must be running Windows Server 2012 R2. +Any local path, such as D:\myFolder, that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: String +Parameter Sets: VhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### Microsoft.Windows.ServerManager.Commands.Feature[] + +## OUTPUTS + +### Microsoft.Windows.ServerManager.Commands.FeatureOperationResult + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/ServerManager/Disable-ServerManagerStandardUserRemoting.md b/docset/winserver2025-ps/ServerManager/Disable-ServerManagerStandardUserRemoting.md new file mode 100644 index 0000000000..db11121cd8 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/Disable-ServerManagerStandardUserRemoting.md @@ -0,0 +1,173 @@ +--- +description: Disables access for specified standard users to event, service, performance counter, and role and feature inventory data that is collected by Server Manager for a server. +external help file: ServerManager-help.xml +Module Name: ServerManager +ms.date: 09/15/2021 +online version: https://learn.microsoft.com/powershell/module/servermanager/disable-servermanagerstandarduserremoting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-ServerManagerStandardUserRemoting +--- + +# Disable-ServerManagerStandardUserRemoting + +## SYNOPSIS + +Disables access for specified standard users to event, service, performance counter, and role and +feature inventory data that is collected by Server Manager for a server. This cmdlet performs the +opposite action, for specified users, of the `Enable-ServerManagerStandardUserRemoting` cmdlet. + +## SYNTAX + +``` +Disable-ServerManagerStandardUserRemoting [-User] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +Disables access for one or more standard, non-Administrator users to event, service, performance +counter, and role and feature inventory data for a server that you are managing by using Server +Manager. The cmdlet restores the default, administrator-only access to this data, and must be run +locally on the server that is being managed by using Server Manager. The cmdlet works by performing +the following actions: + +- Deletes access rights for specified standard users to the `root\cimv2` namespace on the local server + (for access to role and feature inventory information). + +- Removes specified standard users from user groups (Remote Management Users, Event Log Readers, and + Performance Log Readers) that allow remote access to event and performance counter logs on the + local server. + +- Removes access rights in the Service Control Manager for specified standard users who have access + to the status of services on the local server. + +## EXAMPLES + +### Example 1 + +```powershell +Disable-ServerManagerStandardUserRemoting -User JennyL +``` + +In this example, the administrator disables access to event, performance counter, service +status, and role and feature inventory data for a server that is being managed by using either a +local or remote Server Manager console, and for which there is a standard user named `JennyL`. + +### Example 2 + +```powershell +Disable-ServerManagerStandardUserRemoting -User JennyL -WhatIf +``` + +In this example, the administrator views the outcome of running a command to deny a standard user +named `JennyL` access to event, performance counter, service status, and role and feature inventory +data for a server that is being managed by using the Server Manager console running on either the +local or a remote computer. The **WhatIf** parameter is added, meaning that the command actions are +not carried out. + +### Example 3 + +```powershell +Disable-ServerManagerStandardUserRemoting -User JennyL -Confirm +``` + +In this example, the administrator denies a standard user named `JennyL` access to event, performance +counter, service status, and role and feature inventory data for a server that is being managed by +using the Server Manager console running on either the local or a remote computer. The **Confirm** +parameter is added, meaning that the command prompts for confirmation before performing the action. + +## PARAMETERS + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User + +Specifies the user account name of a standard user who runs Server Manager and no longer requires +access to event, performance counter, service, and role and feature inventory data for a server that +is being managed by using either a local or remote Server Manager console. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet were run. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + diff --git a/docset/winserver2025-ps/ServerManager/Enable-ServerManagerStandardUserRemoting.md b/docset/winserver2025-ps/ServerManager/Enable-ServerManagerStandardUserRemoting.md new file mode 100644 index 0000000000..6dfe021062 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/Enable-ServerManagerStandardUserRemoting.md @@ -0,0 +1,183 @@ +--- +description: Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. +external help file: ServerManager-help.xml +Module Name: ServerManager +ms.date: 09/08/2021 +online version: https://learn.microsoft.com/powershell/module/servermanager/enable-servermanagerstandarduserremoting?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-ServerManagerStandardUserRemoting +--- + +# Enable-ServerManagerStandardUserRemoting + +## SYNOPSIS + +Provides one or more standard, non-Administrator users access to event, service, performance +counter, and role and feature inventory data for a server that you are managing by using Server +Manager. + +## SYNTAX + +``` +Enable-ServerManagerStandardUserRemoting [-User] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +Provides one or more standard, non-Administrator users access to event, service, performance +counter, and role and feature inventory data for a server that you are managing, either locally or +remotely, by using Server Manager. The cmdlet must be run locally on the server that you are +managing by using Server Manager. The cmdlet works by performing the following actions: + +- Adds access rights for specified standard users to the root\cimv2 namespace on the local server + (for access to role and feature inventory information). + +- Adds specified standard users to required user groups (Remote Management Users, Event Log Readers, + and Performance Log Readers) that allow remote access to event and performance counter logs on the + managed server. + +- Changes access rights in the Service Control Manager to allow specified standard users remote + access to the status of services on the managed server. + +This cmdlet does not provide standard users access to bpa (BPA) results, or allow standard users to +run BPA scans. Aside from the preceding list of changes, this cmdlet provides no additional access +that a standard user does not already have, by default, on managed servers. + +Running this cmdlet has security implications for your network environment because it grants +specified non-Administrator users access rights to information that, by default, is restricted to +members of the Administrators group on the local computer. The cmdlet provides access to other WMI +providers in the root\cimv2 namespace, but only those providers that can be used by standard users. +We recommend that you run this cmdlet only when you must add a specific standard user to the users +who require access to remote server data by using Server Manager. Additionally, you should promptly +run `Disable-ServerManagerStandardUserRemoting` to deny this access to users as soon as they no +longer require it. + +## EXAMPLES + +### Example 1 + +```powershell +Enable-ServerManagerStandardUserRemoting -User JennyL +``` + +In this example, the administrator gives a standard user named `JennyL` access to event, performance +counter, service status, and role and feature inventory data on a server that is being managed, +either locally or remotely, by using Server Manager. + +### Example 2 + +```powershell +Enable-ServerManagerStandardUserRemoting -User JennyL -WhatIf +``` + +In the following example, the administrator views the outcome of running a command to give a +standard user named JennyL access to event, performance counter, service status, and role and +feature inventory data on a server that is being managed, either locally or remotely, by using +Server Manager. The `WhatIf` parameter is added, meaning that the command actions are not carried +out. + +### Example 3 + +```powershell +Enable-ServerManagerStandardUserRemoting -User JennyL -Confirm +``` + +In the following example, the administrator gives a standard user named `JennyL` access to event, +performance counter, service status, and role and feature inventory data on a server that is being +managed, either locally or remotely, by using Server Manager. The `Confirm` parameter is added, +meaning that the command prompts for confirmation before performing the action. + +## PARAMETERS + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User + +Specifies the user account name of a standard user who runs Server Manager, and requires access to +event, performance counter, service, and role and feature inventory data for remote servers that are +managed by using the local Server Manager console. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` +### -WhatIf + +Shows what would happen if the cmdlet were run. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) diff --git a/docset/winserver2025-ps/ServerManager/Get-WindowsFeature.md b/docset/winserver2025-ps/ServerManager/Get-WindowsFeature.md new file mode 100644 index 0000000000..af2a57c0c4 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/Get-WindowsFeature.md @@ -0,0 +1,220 @@ +--- +description: Gets information about Windows Server roles, role services, and features that are available for installation and installed on a specified server. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: ServerManager +ms.date: 09/08/2021 +online version: https://learn.microsoft.com/powershell/module/servermanager/get-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-WindowsFeature +--- + +# Get-WindowsFeature + +## SYNOPSIS +Gets information about Windows Server roles, role services, and features that are available for +installation and installed on a specified server. + +## SYNTAX + +``` +Get-WindowsFeature [[-Name] ] [-Vhd ] [-ComputerName ] +[-Credential ] [-LogPath ] [] +``` + +## DESCRIPTION + +The `Get-WindowsFeature` cmdlet gets information about features that are both available for +installation and already installed on a computer that is running Windows Server or an offline +virtual hard disk (VHD) that is running Windows Server. + +## EXAMPLES + +### Example 1 + +```powershell +Get-WindowsFeature -ComputerName Server1 -Credential contoso.com\user1 +``` + +This example gets a list of features that are available and installed on the target computer named +`Server1`. The credentials for `user1` in the `Contoso.com` domain, a user who has Administrator +rights on `Server1`, are provided. + +### Example 2 + +```powershell +Get-WindowsFeature -Vhd D:\ps-test\vhd1.vhd +``` + +This example returns a list of features that are available and installed on the specified offline +VHD located at `D:\ps-test\vhd1.vhd`. + +### Example 3 + +```powershell +Get-WindowsFeature -Name AD*, Web* +``` + +This example returns a list of available and installed features that have a command ID starting with +`AD` or `Web`. + +### Example 4 + +```powershell +Get-WindowsFeature -ComputerName Server01 | Where Installed +``` + +This example returns a list of features installed on a specified server, `Server01`. + +### Example 5 + +```powershell +Get-WindowsFeature -ComputerName Server01 | Where InstallState -Eq Removed +``` + +This example returns a list of features on a specified server, `Server01`, that have installation +files removed from the local side-by-side store and require an external file source for +installation. + +## PARAMETERS + +### -ComputerName + +Gets the list of available features from the specified remote computer that is running Windows +Server. The parameter accepts only one computer name. If this parameter is not added, or no computer +name is specified, the default target is the local computer. Valid values for the parameter include +a NetBIOS name, an IP address, or a fully qualified domain name of a remote computer. + +To use a remote computer's IP address as the value of this parameter, your command must include the +**Credential** parameter. The computer must either be configured for HTTPS transport, or the IP +address of the remote computer must be included in the WinRM TrustedHosts list on the local +computer. For information about adding a computer name to the WinRM TrustedHosts list, see "How to +Add a Computer to the Trusted Host List" in +[about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a user account that has access rights to perform this action. If the parameter is not +added, or no value is specified, the default value of this parameter is the current user. Enter a +user name in one of the following formats. Quotation marks are optional. + +-- "UserName" +-- "Domain\User" +-- "User@Domain.com" +- A **PSCredential** object returned by the + [Get-Credential](https://go.microsoft.com/fwlink/p/?LinkID=113311) cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies a name and path to a log file. +Add this parameter if the results of this cmdlet must be stored in a log. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name + +Specifies the command IDs of roles, role services, or features about which to return information. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Vhd + +Specifies the path to an offline VHD. The path can either point to a VHD file, or to a location on +which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer or on a network shared folder. If the VHD is +in a network shared folder, then the value of this parameter is a UNC path to the VHD. In this case, +the computer account of the computer that you are using to mount the VHD must have read and write +permissions (Read/Write permissions in the File Sharing dialog box or Full Control on the Security +tab of the folder Properties dialog box) on the shared folder or the VHD will not be accessible. +Local loopback UNC paths are not supported. Use either of the following formats for the computer +account: DOMAIN\SERVERNAME$ or SERVERNAME$. + +Add the **ComputerName** parameter to specify the target computer you want to use to mount the VHD. +If the **ComputerName** parameter is not specified, then the local computer is used. The computer +that you are using to mount the VHD must be running Windows Server. Any local path, such as +`D:\myFolder`, that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) diff --git a/docset/winserver2025-ps/ServerManager/Install-WindowsFeature.md b/docset/winserver2025-ps/ServerManager/Install-WindowsFeature.md new file mode 100644 index 0000000000..cc63d81fc9 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/Install-WindowsFeature.md @@ -0,0 +1,441 @@ +--- +description: Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: ServerManager +ms.date: 09/08/2021 +online version: https://learn.microsoft.com/powershell/module/servermanager/install-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-WindowsFeature +--- + +# Install-WindowsFeature + +## SYNOPSIS + +Installs one or more roles, role services, or features on either the local or a specified remote +server that is running Windows Server. + +## SYNTAX + +### ComponentNamesAndRunningComputer (Default) + +``` +Install-WindowsFeature [-Name] [-Restart] [-IncludeAllSubFeature] [-IncludeManagementTools] + [-Source ] [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] + [-Confirm] [] +``` + +### ComponentNamesAndVhdPath + +``` +Install-WindowsFeature [-Name] -Vhd [-IncludeAllSubFeature] [-IncludeManagementTools] + [-Source ] [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] + [-Confirm] [] +``` + +### ConfigurationFile + +``` +Install-WindowsFeature -ConfigurationFilePath [-Vhd ] [-Restart] [-Source ] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The `Install-WindowsFeature` cmdlet installs the specified features on a computer that is running +Windows Server, or on an offline virtual hard disk (VHD) on which Windows Server is installed. This +cmdlet works similarly to the installation of roles and features in Server Manager, with an +important exception: the cmdlet does not install management tools for the features by default. To +install management tools such as snap-ins on a target server, you must add the +`IncludeManagementTools` parameter to your command. + +This cmdlet requires elevation; you must be running a Windows PowerShell session as an administrator +to use this cmdlet. + +## EXAMPLES + +### Example 1 + +```powershell +Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -ComputerName Server1 -WhatIf +``` + +This example shows what is installed with Web Server (IIS), including all role services, on a +computer named `Server1`. By adding the **WhatIf** parameter, you can view the results of the +installation command without running it. + +### Example 2 + +```powershell +Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools -ComputerName Server1 -Credential contoso.com\johnj99 +``` + +This example installs Web Server (IIS), including all role services and applicable management tools, +on a computer named `Server1`, by using the credentials of a user account named `contoso.com\johnj99`. + +### Example 3 + +```powershell +Install-WindowsFeature -ConfigurationFilePath d:\ConfigurationFiles\ADCSConfigFile.xml +``` + +This example installs all roles, role services and features that are specified in a configuration +file named `ADCSConfigFile.xml`. The configuration file was created by clicking Export configuration +settings on the Confirm installation selections page of the Add Roles and Features Wizard in Server +Manager. + +### Example 4 + +```powershell +$servers = ('server1', 'server2') +foreach ($server in $servers) {Install-WindowsFeature -ConfigurationFilePath D:\ConfigurationFiles\ADCSConfigFile.xml -ComputerName $server} +``` + +This example installs Active Directory Certificate Services (AD CS) as specified in a configuration +file named `ADCSConfigFile.xml`. AD CS is installed on a list of computers that is contained in the +variable `$servers`. The configuration file was created by clicking Export configuration settings on +the Confirm installation selections page of the Add Roles and Feature Wizard in Server Manager. On +the first line, the value of the `$servers` variable is set; on the second line, the installation +instructions in the ADCSConfigFile.xml configuration file are applied to each of the servers that +has been named in `$servers`. + +### Example 5 + +```powershell +Get-WindowsFeature -Name Web-* | Install-WindowsFeature +``` + +This example retrieves a list of all Windows features beginning with the characters `Web`, and then +pipes the resulting list to `Install-WindowsFeature`. The result of this cmdlet is all features that +start with `Web` are installed on the local computer. + +### Example 6 + +```powershell +Install-WindowsFeature -Name Web-Server -Source \\server2\winsxs +``` + +This example installs Web Server (IIS) on the local computer, specifying that the source of feature +files for the installation is a folder, `winsxs`, on a computer named `Server2`. The computer +account of the local computer must have Read permissions on the specified share. + +## PARAMETERS + +### -ComputerName + +Installs one or more available features on a specified remote computer. This parameter accepts only +one computer name. If this parameter is not added, or no computer name is specified, the default +target is the local computer. + +Valid values for the parameter include a NetBIOS name, an IP address, or a fully qualified domain +name of a remote computer that is running Windows Server + +To use an IP address of a remote computer as the value of this parameter, your command must include +the **Credential** parameter. The computer must either be configured for HTTPS transport, or the IP +address of the remote computer must be included in the WinRM TrustedHosts list on the local +computer. For information about adding a computer name to the WinRM TrustedHosts list, see "How to +Add a Computer to the Trusted Host List" in +[about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConfigurationFilePath + +Provides a single path to a configuration file which specifies roles and features to be installed +and any configuration parameters needed. The path can be specified by using a local relative path +(such as `D:\myfolder`) or by using built-in environment variables prefixed with the `$env` tag (such +as `$env:systemdrive\filename`). A configuration file can be generated by running the Add Roles and +Feature Wizard in Server Manager. + +If this parameter is specified, then the Name parameter cannot be used. + +```yaml +Type: String +Parameter Sets: ConfigurationFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a user account that has access rights to perform this action. If the parameter is not +added, or no value is specified, the default value of this parameter is the current user. Enter a +user name in one of the following formats. Quotation marks are optional. + +"UserName" + +"Domain\User" + +"User@Domain.com" + +A Credential object returned by the +[Get-Credential](https://go.microsoft.com/fwlink/p/?LinkID=113311) cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeAllSubFeature + +Specifies that all subordinate role services and all subfeatures of parent roles, role services, or +features specified by the **Name** parameter should be installed. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeManagementTools + +Specifies that all applicable management tools of the roles, role services, or features specified by +the **Name** parameter should be installed. + +Note: Although management tools are installed by default when you are installing features by using +the Add Roles and Feature Wizard, management tools are not installed by default when you install +features by using the `Install-WindowsFeature` cmdlet; this parameter must be added to install +management tools. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies a name and path to a log file. Add this parameter if the results of your command must be +stored in a log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name + +Specifies a list of features to install. This parameter does not support wildcard characters. If +this parameter is specified, then the **ConfigurationFilePath** parameter cannot be used. + +```yaml +Type: Feature[] +Parameter Sets: ComponentNamesAndRunningComputer, ComponentNamesAndVhdPath +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Restart + +Specifies that the target computer is restarted automatically if a restart is required by the +installation process for the specified roles or features. This parameter cannot be used with the +**Vhd** parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: ComponentNamesAndRunningComputer, ConfigurationFile +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Source + +Specifies the path to feature files if the files are not available in the local feature store of +the target computer or VHD. Valid values for this parameter are either a network path or the path to +a Windows image file (WIM). If you are installing roles or features on an offline VHD, you must use +a mounted WIM. It is not necessary to mount the WIM file for installing on a running physical +computer, because a WIM is mounted internally for deployments to a physical computer. Specify the +path by using a local relative path, or by using built-in environment variables that are prefixed +with the `$env` tag as shown in the following examples. + +If this parameter is used in combination with the **-ComputerName** parameter, the source path must +be accessible by the target computer (e.g. local devices/drives/paths on the client system will +cause the installation to fail). + +The path specified in this parameter is only used if the command cannot find feature files in the +local side-by-side store of the specified target computer or VHD. The command searches for feature +files in the following order: + +1) On the target computer or offline VHD. + +2) Path specified as the value of this parameter. If you add a UNC path, verify that the computer +account of the target server has Read permissions on the share. The computer account should be in +one of the following formats: DOMAIN\SERVERNAME$ or SERVER$ + +3) Repository path specified by the Group Policy Object (GPO). Specify settings for optional +component installation and component repair located in Computer Configuration/Administrative +Templates/System in Local Group Policy Editor. This Group Policy setting controls the following +Windows Registry setting: +HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\LocalSourcePath. + +4) Windows Update. + +This parameter is optional. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Vhd + +Specifies the path to an offline VHD. The path can either point to a VHD file or to a location on +which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer or on a network shared folder. If the VHD is +in a network shared folder, then the value of this parameter is a UNC path to the VHD. In this case, +the computer account of the computer that you are using to mount the VHD must have read and write +permissions (Read/Write permissions in the File Sharing dialog box or Full Control on the Security +tab of the folder Properties dialog box) on the shared folder or the VHD will not be accessible. +Local loopback UNC paths are not supported. Use either of the following formats for the computer +account: `DOMAIN\SERVERNAME$` or `SERVERNAME$`. + +Add the **ComputerName** parameter to specify the target computer you want to use to mount the VHD. +If the **ComputerName** parameter is not specified, then the local computer is used. The computer that +you are using to mount the VHD must be running Windows Server. Any local path, such as `D:\myFolder`. +that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: String +Parameter Sets: ComponentNamesAndVhdPath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: ConfigurationFile +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet were run. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Windows.ServerManager.Commands.Feature[] + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) diff --git a/docset/winserver2025-ps/ServerManager/ServerManager.md b/docset/winserver2025-ps/ServerManager/ServerManager.md new file mode 100644 index 0000000000..35c3b26067 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/ServerManager.md @@ -0,0 +1,45 @@ +--- +description: Server Manager-specific PowerShell cmdlet descriptions and syntax. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: d8e0cae9-8e9b-45bc-bfed-0aad50938af0 +Module Name: ServerManager +ms.date: 09/15/2021 +title: ServerManager +--- + +# ServerManager Module + +## Description + +This reference provides cmdlet descriptions and syntax for all Server Manager-specific cmdlets. It +lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +## ServerManager Cmdlets + +### [Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) + +Disables access for specified standard users to event, service, performance counter, and role and +feature inventory data that is collected by Server Manager for a server. + +### [Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +Provides one or more standard, non-Administrator, users access to event, service, performance +counter, and role and feature inventory data for a server that you are managing by using Server +Manager. + +### [Get-WindowsFeature](./Get-WindowsFeature.md) + +Gets information about Windows Server roles, role services, and features that are available for +installation and installed on a specified server. + +### [Install-WindowsFeature](./Install-WindowsFeature.md) + +Installs one or more roles, role services, or features on either the local or a specified remote +server that is running Windows Server. + +### [Uninstall-WindowsFeature](./Uninstall-WindowsFeature.md) + +Uninstalls specified Windows Server roles, role services, and features from a computer that is +running Windows Server. diff --git a/docset/winserver2025-ps/ServerManager/Uninstall-WindowsFeature.md b/docset/winserver2025-ps/ServerManager/Uninstall-WindowsFeature.md new file mode 100644 index 0000000000..1a354aff00 --- /dev/null +++ b/docset/winserver2025-ps/ServerManager/Uninstall-WindowsFeature.md @@ -0,0 +1,312 @@ +--- +description: Uninstalls specified Windows Server roles, role services, and features from a computer. +external help file: Microsoft.Windows.ServerManager.PowerShell.dll-Help.xml +Module Name: ServerManager +ms.date: 09/08/2021 +online version: https://learn.microsoft.com/powershell/module/servermanager/uninstall-windowsfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-WindowsFeature +--- + +# Uninstall-WindowsFeature + +## SYNOPSIS + +Uninstalls specified Windows Server roles, role services, and features from a computer that is +running Windows Server. By adding the Remove parameter, also deletes feature files or payload, from +a computer. + +## SYNTAX + +### RunningComputer (Default) + +``` +Uninstall-WindowsFeature [-Name] [-Restart] [-IncludeManagementTools] [-Remove] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +### VhdPath + +``` +Uninstall-WindowsFeature [-Name] [-Vhd ] [-IncludeManagementTools] [-Remove] + [-ComputerName ] [-Credential ] [-LogPath ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The `Uninstall-WindowsFeature` cmdlet uninstalls and optionally removes specified roles, role +services, and features from a computer that is running Windows Server or from an offline virtual +hard disk (VHD) on which Windows Server is installed. This cmdlet works similarly to the +uninstallation of roles and features in Server Manager with an important exception: by default, +management tools are not uninstalled when you run the `Uninstall-WindowsFeature` cmdlet; you must +add the **IncludeManagementTools** parameter to uninstall associated management tools. + +This cmdlet requires elevation; you must be running a Windows PowerShell session as an administrator +to use this cmdlet. + +## EXAMPLES + +### Example 1 + +```powershell +Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $TRUE } | Uninstall-WindowsFeature +``` + +This example uninstalls any roles or features that are currently installed on the target server. + +### Example 2 + +```powershell +Uninstall-WindowsFeature -Name Web-Server -ComputerName Server1 -Credential contoso\user1 +``` + +This example removes Web Server (IIS) from `Server1`, including all role services. The user account +specified to perform the operation is `contoso\user1`. + +### Example 3 + +``` +Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $FALSE } | Uninstall-WindowsFeature -Remove +``` + +This example deletes the feature files for any roles or features that currently are not installed on +the local server. + +## PARAMETERS + +### -ComputerName + +Uninstalls and optionally removes one or more roles or features from a specified remote computer. +This parameter accepts only one computer name. If this parameter is not added or no computer name +is specified, the default target is the local computer. + +Valid values for the parameter include a NetBIOS name, an IP address, or a fully qualified domain +name of a remote computer that is running Windows Server. + +To use an IP address of a remote computer as the value of this parameter, your command must include +the **Credential** parameter. The computer must either be configured for HTTPS transport or the IP +address of the remote computer must be included in the WinRM TrustedHosts list on the local +computer. For information about adding a computer name to the WinRM TrustedHosts list, see "How to +Add a Computer to the Trusted Host List" in +[about_Remote_Troubleshooting](https://go.microsoft.com/fwlink/p/?LinkID=135188). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a user account that has access rights to perform this action. If the parameter is not +added or no value is specified, the default value of this parameter is the current user. Enter a +user name in one of the following formats. Quotation marks are optional. + +-- "UserName" +-- "Domain\User" +-- "User@Domain.com" +-- A Credential object returned by the [Get-Credential](https://go.microsoft.com/fwlink/p/?LinkID=113311) cmdlet. + +If a user name is entered, then a prompt for a password is displayed. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeManagementTools + +Specifies the uninstallation of all applicable management tools along with the roles, role services, +or features that are specified in the `Name` parameter. Note that by default, management tools are +not uninstalled when you run the `Uninstall-WindowsFeature` cmdlet; you must add this parameter to +uninstall associated management tools. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies a name and path to a log file. Add this parameter if the results of this cmdlet must be +stored in a log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name + +Specifies a list of features to uninstall. This parameter does not support wildcard characters. + +```yaml +Type: Feature[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Remove + +Deletes feature files for the specified features from the side-by-side store, located at +`%SystemDrive%:\Windows\WinSxS`. If the feature is not yet uninstalled, the command uninstalls the +feature. + +When you delete feature files, features that depend upon the files you remove are also deleted. When +you delete feature files for a subfeature, and no other subfeatures for the parent feature are +installed, then files for the entire parent role or feature are deleted. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Restart + +Specifies that the target computer is restarted automatically, if a restart is required by the +uninstallation process for the specified roles or features. This parameter cannot be used with the +**Vhd** parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: RunningComputer +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Vhd + +Specifies the path to an offline VHD. The path can either point to a VHD file or to a location on +which the VHD is already mounted by using Deployment Image Servicing and Management (DISM) tools. + +The VHD can be on a local disk on the target computer or on a network shared folder. If the VHD is +in a network shared folder, then the value of this parameter is a UNC path to the VHD. In this case, +the computer account of the computer that you are using to mount the VHD must have read and write +permissions (Read/Write permissions in the File Sharing dialog box or Full Control on the Security +tab of the folder Properties dialog box) on the shared folder or the VHD will not be accessible. +Local loopback UNC paths are not supported. Use either of the following formats for the computer +account: DOMAIN\SERVERNAME$ or SERVERNAME$. + +Add the **ComputerName** parameter to specify the target computer you want to use to mount the VHD. +If the **ComputerName** parameter is not specified, then the local computer is used. The computer +that you are using to mount the VHD must be running Windows Server. Any local path, such as +`D:\myFolder`, that is specified by using this parameter is always relative to the target computer. + +```yaml +Type: String +Parameter Sets: VhdPath +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet were run. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Windows.ServerManager.Commands.Feature[] + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-WindowsFeature](./Get-WindowsFeature.md) + +[Install-WindowsFeature](./Install-WindowsFeature.md) + +[Enable-ServerManagerStandardUserRemoting](./Enable-ServerManagerStandardUserRemoting.md) + +[Disable-ServerManagerStandardUserRemoting](./Disable-ServerManagerStandardUserRemoting.md) diff --git a/docset/winserver2025-ps/activedirectory/ActiveDirectory.md b/docset/winserver2025-ps/activedirectory/ActiveDirectory.md new file mode 100644 index 0000000000..8cb26e9a15 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/ActiveDirectory.md @@ -0,0 +1,460 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 4.0.6.1 +Locale: en-US +Module Guid: 43c15630-959c-49e4-a977-758c5cc93408 +Module Name: ActiveDirectory +ms.date: 12/27/2016 +title: ActiveDirectory +--- + +# ActiveDirectory Module +## Description +The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package. + +If you don't have the Active Directory module installed on your machine, you need to download the correct Remote Server Administration Tools (RSAT) package for your OS. If you're running Windows 7, you will also need to run the `import-module ActiveDirectory` command from an elevated PowerShell prompt. For more detail, see [RSAT for Windows operating systems](https://support.microsoft.com/help/2693643/remote-server-administration-tools-rsat-for-windows-operating-systems). Starting with Windows 10 October 2018 Update, RSAT is included as a set of Features on Demand right from Windows 10. Now, instead of downloading an RSAT package you can just go to Manage optional features in Settings and click Add a feature to see the list of available RSAT tools. Select and install the specific RSAT tools you need. To see installation progress, click the Back button to view status on the Manage optional features page. + +If you want to use this module in PowerShell 7, see [PowerShell 7 module compatibility](/powershell/scripting/whats-new/module-compatibility). + +## ActiveDirectory Cmdlets +### [Add-ADCentralAccessPolicyMember](./Add-ADCentralAccessPolicyMember.md) +Adds central access rules to a central access policy in Active Directory. + +### [Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) +Adds one or more service accounts to an Active Directory computer. + +### [Add-ADDomainControllerPasswordReplicationPolicy](./Add-ADDomainControllerPasswordReplicationPolicy.md) +Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy. + +### [Add-ADFineGrainedPasswordPolicySubject](./Add-ADFineGrainedPasswordPolicySubject.md) +Applies a fine-grained password policy to one or more users and groups. + +### [Add-ADGroupMember](./Add-ADGroupMember.md) +Adds one or more members to an Active Directory group. + +### [Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) +Adds a member to one or more Active Directory groups. + +### [Add-ADResourcePropertyListMember](./Add-ADResourcePropertyListMember.md) +Adds one or more resource properties to a resource property list in Active Directory. + +### [Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) +Clears the expiration date for an Active Directory account. + +### [Clear-ADClaimTransformLink](./Clear-ADClaimTransformLink.md) +Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory. + +### [Disable-ADAccount](./Disable-ADAccount.md) +Disables an Active Directory account. + +### [Disable-ADOptionalFeature](./Disable-ADOptionalFeature.md) +Disables an Active Directory optional feature. + +### [Enable-ADAccount](./Enable-ADAccount.md) +Enables an Active Directory account. + +### [Enable-ADOptionalFeature](./Enable-ADOptionalFeature.md) +Enables an Active Directory optional feature. + +### [Get-ADAccountAuthorizationGroup](./Get-ADAccountAuthorizationGroup.md) +Gets the accounts token group information. + +### [Get-ADAccountResultantPasswordReplicationPolicy](./Get-ADAccountResultantPasswordReplicationPolicy.md) +Gets the resultant password replication policy for an Active Directory account. + +### [Get-ADAuthenticationPolicy](./Get-ADAuthenticationPolicy.md) +Gets one or more Active Directory Domain Services authentication policies. + +### [Get-ADAuthenticationPolicySilo](./Get-ADAuthenticationPolicySilo.md) +Gets one or more Active Directory Domain Services authentication policy silos. + +### [Get-ADCentralAccessPolicy](./Get-ADCentralAccessPolicy.md) +Retrieves central access policies from Active Directory. + +### [Get-ADCentralAccessRule](./Get-ADCentralAccessRule.md) +Retrieves central access rules from Active Directory. + +### [Get-ADClaimTransformPolicy](./Get-ADClaimTransformPolicy.md) +Returns one or more Active Directory claim transform objects based on a specified filter. + +### [Get-ADClaimType](./Get-ADClaimType.md) +Returns a claim type from Active Directory. + +### [Get-ADComputer](./Get-ADComputer.md) +Gets one or more Active Directory computers. + +### [Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) +Gets the service accounts hosted by a computer. + +### [Get-ADDCCloningExcludedApplicationList](./Get-ADDCCloningExcludedApplicationList.md) +Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list. + +### [Get-ADDefaultDomainPasswordPolicy](./Get-ADDefaultDomainPasswordPolicy.md) +Gets the default password policy for an Active Directory domain. + +### [Get-ADDomain](./Get-ADDomain.md) +Gets an Active Directory domain. + +### [Get-ADDomainController](./Get-ADDomainController.md) +Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name. + +### [Get-ADDomainControllerPasswordReplicationPolicy](./Get-ADDomainControllerPasswordReplicationPolicy.md) +Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy. + +### [Get-ADDomainControllerPasswordReplicationPolicyUsage](./Get-ADDomainControllerPasswordReplicationPolicyUsage.md) +Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. + +### [Get-ADFineGrainedPasswordPolicy](./Get-ADFineGrainedPasswordPolicy.md) +Gets one or more Active Directory fine-grained password policies. + +### [Get-ADFineGrainedPasswordPolicySubject](./Get-ADFineGrainedPasswordPolicySubject.md) +Gets the users and groups to which a fine-grained password policy is applied. + +### [Get-ADForest](./Get-ADForest.md) +Gets an Active Directory forest. + +### [Get-ADGroup](./Get-ADGroup.md) +Gets one or more Active Directory groups. + +### [Get-ADGroupMember](./Get-ADGroupMember.md) +Gets the members of an Active Directory group. + +### [Get-ADObject](./Get-ADObject.md) +Gets one or more Active Directory objects. + +### [Get-ADOptionalFeature](./Get-ADOptionalFeature.md) +Gets one or more Active Directory optional features. + +### [Get-ADOrganizationalUnit](./Get-ADOrganizationalUnit.md) +Gets one or more Active Directory organizational units. + +### [Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) +Gets the Active Directory groups that have a specified user, computer, group, or service account. + +### [Get-ADReplicationAttributeMetadata](./Get-ADReplicationAttributeMetadata.md) +Gets the replication metadata for one or more Active Directory replication partners. + +### [Get-ADReplicationConnection](./Get-ADReplicationConnection.md) +Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter. + +### [Get-ADReplicationFailure](./Get-ADReplicationFailure.md) +Returns a collection of data describing an Active Directory replication failure. + +### [Get-ADReplicationPartnerMetadata](./Get-ADReplicationPartnerMetadata.md) +Returns the replication metadata for a set of one or more replication partners. + +### [Get-ADReplicationQueueOperation](./Get-ADReplicationQueueOperation.md) +Returns the contents of the replication queue for a specified server. + +### [Get-ADReplicationSite](./Get-ADReplicationSite.md) +Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter. + +### [Get-ADReplicationSiteLink](./Get-ADReplicationSiteLink.md) +Returns a specific Active Directory site link or a set of site links based on a specified filter. + +### [Get-ADReplicationSiteLinkBridge](./Get-ADReplicationSiteLinkBridge.md) +Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter. + +### [Get-ADReplicationSubnet](./Get-ADReplicationSubnet.md) +Gets one or more Active Directory subnets. + +### [Get-ADReplicationUpToDatenessVectorTable](./Get-ADReplicationUpToDatenessVectorTable.md) +Displays the highest Update Sequence Number (USN) for the specified domain controller. + +### [Get-ADResourceProperty](./Get-ADResourceProperty.md) +Gets one or more resource properties. + +### [Get-ADResourcePropertyList](./Get-ADResourcePropertyList.md) +Gets resource property lists from Active Directory. + +### [Get-ADResourcePropertyValueType](./Get-ADResourcePropertyValueType.md) +Gets a resource property value type from Active Directory. + +### [Get-ADRootDSE](./Get-ADRootDSE.md) +Gets the root of a directory server information tree. + +### [Get-ADServiceAccount](./Get-ADServiceAccount.md) +Gets one or more Active Directory managed service accounts or group managed service accounts. + +### [Get-ADTrust](./Get-ADTrust.md) +Gets all trusted domain objects in the directory. + +### [Get-ADUser](./Get-ADUser.md) +Gets one or more Active Directory users. + +### [Get-ADUserResultantPasswordPolicy](./Get-ADUserResultantPasswordPolicy.md) +Gets the resultant password policy for a user. + +### [Grant-ADAuthenticationPolicySiloAccess](./Grant-ADAuthenticationPolicySiloAccess.md) +Grants permission to join an authentication policy silo. + +### [Install-ADServiceAccount](./Install-ADServiceAccount.md) +Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer. + +### [Move-ADDirectoryServer](./Move-ADDirectoryServer.md) +Moves a directory server in Active Directory to a new site. + +### [Move-ADDirectoryServerOperationMasterRole](./Move-ADDirectoryServerOperationMasterRole.md) +Moves operation master roles to an Active Directory directory server. + +### [Move-ADObject](./Move-ADObject.md) +Moves an Active Directory object or a container of objects to a different container or domain. + +### [New-ADAuthenticationPolicy](./New-ADAuthenticationPolicy.md) +Creates an Active Directory Domain Services authentication policy object. + +### [New-ADAuthenticationPolicySilo](./New-ADAuthenticationPolicySilo.md) +Creates an Active Directory Domain Services authentication policy silo object. + +### [New-ADCentralAccessPolicy](./New-ADCentralAccessPolicy.md) +Creates a new central access policy in Active Directory containing a set of central access rules. + +### [New-ADCentralAccessRule](./New-ADCentralAccessRule.md) +Creates a central access rule in Active Directory. + +### [New-ADClaimTransformPolicy](./New-ADClaimTransformPolicy.md) +Creates a new claim transformation policy object in Active Directory. + +### [New-ADClaimType](./New-ADClaimType.md) +Creates a new claim type in Active Directory. + +### [New-ADComputer](./New-ADComputer.md) +Creates a new Active Directory computer object. + +### [New-ADDCCloneConfigFile](./New-ADDCCloneConfigFile.md) +Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed. + +### [New-ADFineGrainedPasswordPolicy](./New-ADFineGrainedPasswordPolicy.md) +Creates a new Active Directory fine-grained password policy. + +### [New-ADGroup](./New-ADGroup.md) +Creates an Active Directory group. + +### [New-ADObject](./New-ADObject.md) +Creates an Active Directory object. + +### [New-ADOrganizationalUnit](./New-ADOrganizationalUnit.md) +Creates an Active Directory organizational unit. + +### [New-ADReplicationSite](./New-ADReplicationSite.md) +Creates an Active Directory replication site in the directory. + +### [New-ADReplicationSiteLink](./New-ADReplicationSiteLink.md) +Creates a new Active Directory site link for in managing replication. + +### [New-ADReplicationSiteLinkBridge](./New-ADReplicationSiteLinkBridge.md) +Creates a site link bridge in Active Directory for replication. + +### [New-ADReplicationSubnet](./New-ADReplicationSubnet.md) +Creates an Active Directory replication subnet object. + +### [New-ADResourceProperty](./New-ADResourceProperty.md) +Creates a resource property in Active Directory. + +### [New-ADResourcePropertyList](./New-ADResourcePropertyList.md) +Creates a resource property list in Active Directory. + +### [New-ADServiceAccount](./New-ADServiceAccount.md) +Creates a new Active Directory managed service account or group managed service account object. + +### [New-ADUser](./New-ADUser.md) +Creates an Active Directory user. + +### [Remove-ADAuthenticationPolicy](./Remove-ADAuthenticationPolicy.md) +Removes an Active Directory Domain Services authentication policy object. + +### [Remove-ADAuthenticationPolicySilo](./Remove-ADAuthenticationPolicySilo.md) +Removes an Active Directory Domain Services authentication policy silo object. + +### [Remove-ADCentralAccessPolicy](./Remove-ADCentralAccessPolicy.md) +Removes a central access policy from Active Directory. + +### [Remove-ADCentralAccessPolicyMember](./Remove-ADCentralAccessPolicyMember.md) +Removes central access rules from a central access policy in Active Directory. + +### [Remove-ADCentralAccessRule](./Remove-ADCentralAccessRule.md) +Removes a central access rule from Active Directory. + +### [Remove-ADClaimTransformPolicy](./Remove-ADClaimTransformPolicy.md) +Removes a claim transformation policy object from Active Directory. + +### [Remove-ADClaimType](./Remove-ADClaimType.md) +Removes a claim type from Active Directory. + +### [Remove-ADComputer](./Remove-ADComputer.md) +Removes an Active Directory computer. + +### [Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) +Removes one or more service accounts from a computer. + +### [Remove-ADDomainControllerPasswordReplicationPolicy](./Remove-ADDomainControllerPasswordReplicationPolicy.md) +Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy. + +### [Remove-ADFineGrainedPasswordPolicy](./Remove-ADFineGrainedPasswordPolicy.md) +Removes an Active Directory fine-grained password policy. + +### [Remove-ADFineGrainedPasswordPolicySubject](./Remove-ADFineGrainedPasswordPolicySubject.md) +Removes one or more users from a fine-grained password policy. + +### [Remove-ADGroup](./Remove-ADGroup.md) +Removes an Active Directory group. + +### [Remove-ADGroupMember](./Remove-ADGroupMember.md) +Removes one or more members from an Active Directory group. + +### [Remove-ADObject](./Remove-ADObject.md) +Removes an Active Directory object. + +### [Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md) +Removes an Active Directory organizational unit. + +### [Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) +Removes a member from one or more Active Directory groups. + +### [Remove-ADReplicationSite](./Remove-ADReplicationSite.md) +Deletes the specified replication site object from Active Directory. + +### [Remove-ADReplicationSiteLink](./Remove-ADReplicationSiteLink.md) +Deletes an Active Directory site link used to manage replication. + +### [Remove-ADReplicationSiteLinkBridge](./Remove-ADReplicationSiteLinkBridge.md) +Deletes a replication site link bridge from Active Directory. + +### [Remove-ADReplicationSubnet](./Remove-ADReplicationSubnet.md) +Deletes the specified Active Directory replication subnet object from the directory. + +### [Remove-ADResourceProperty](./Remove-ADResourceProperty.md) +Removes a resource property from Active Directory. + +### [Remove-ADResourcePropertyList](./Remove-ADResourcePropertyList.md) +Removes one or more resource property lists from Active Directory. + +### [Remove-ADResourcePropertyListMember](./Remove-ADResourcePropertyListMember.md) +Removes one or more resource properties from a resource property list in Active Directory. + +### [Remove-ADServiceAccount](./Remove-ADServiceAccount.md) +Removes an Active Directory managed service account or group managed service account object. + +### [Remove-ADUser](./Remove-ADUser.md) +Removes an Active Directory user. + +### [Rename-ADObject](./Rename-ADObject.md) +Changes the name of an Active Directory object. + +### [Reset-ADServiceAccountPassword](./Reset-ADServiceAccountPassword.md) +Resets the password for a standalone managed service account. + +### [Restore-ADObject](./Restore-ADObject.md) +Restores an Active Directory object. + +### [Revoke-ADAuthenticationPolicySiloAccess](./Revoke-ADAuthenticationPolicySiloAccess.md) +Revokes membership in an authentication policy silo for the specified account. + +### [Search-ADAccount](./Search-ADAccount.md) +Gets Active Directory user, computer, or service accounts. + +### [Set-ADAccountAuthenticationPolicySilo](./Set-ADAccountAuthenticationPolicySilo.md) +Modifies the authentication policy or authentication policy silo of an account. + +### [Set-ADAccountControl](./Set-ADAccountControl.md) +Modifies user account control (UAC) values for an Active Directory account. + +### [Set-ADAccountExpiration](./Set-ADAccountExpiration.md) +Sets the expiration date for an Active Directory account. + +### [Set-ADAccountPassword](./Set-ADAccountPassword.md) +Modifies the password of an Active Directory account. + +### [Set-ADAuthenticationPolicy](./Set-ADAuthenticationPolicy.md) +Modifies an Active Directory Domain Services authentication policy object. + +### [Set-ADAuthenticationPolicySilo](./Set-ADAuthenticationPolicySilo.md) +Modifies an Active Directory Domain Services authentication policy silo object. + +### [Set-ADCentralAccessPolicy](./Set-ADCentralAccessPolicy.md) +Modifies a central access policy in Active Directory. + +### [Set-ADCentralAccessRule](./Set-ADCentralAccessRule.md) +Modifies a central access rule in Active Directory. + +### [Set-ADClaimTransformLink](./Set-ADClaimTransformLink.md) +Applies a claims transformation to one or more cross-forest trust relationships in Active Directory. + +### [Set-ADClaimTransformPolicy](./Set-ADClaimTransformPolicy.md) +Sets the properties of a claims transformation policy in Active Directory. + +### [Set-ADClaimType](./Set-ADClaimType.md) +Modify a claim type in Active Directory. + +### [Set-ADComputer](./Set-ADComputer.md) +Modifies an Active Directory computer object. + +### [Set-ADDefaultDomainPasswordPolicy](./Set-ADDefaultDomainPasswordPolicy.md) +Modifies the default password policy for an Active Directory domain. + +### [Set-ADDomain](./Set-ADDomain.md) +Modifies an Active Directory domain. + +### [Set-ADDomainMode](./Set-ADDomainMode.md) +Sets the domain mode for an Active Directory domain. + +### [Set-ADFineGrainedPasswordPolicy](./Set-ADFineGrainedPasswordPolicy.md) +Modifies an Active Directory fine-grained password policy. + +### [Set-ADForest](./Set-ADForest.md) +Modifies an Active Directory forest. + +### [Set-ADForestMode](./Set-ADForestMode.md) +Sets the forest mode for an Active Directory forest. + +### [Set-ADGroup](./Set-ADGroup.md) +Modifies an Active Directory group. + +### [Set-ADObject](./Set-ADObject.md) +Modifies an Active Directory object. + +### [Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md) +Modifies an Active Directory organizational unit. + +### [Set-ADReplicationConnection](./Set-ADReplicationConnection.md) +Sets properties on Active Directory replication connections. + +### [Set-ADReplicationSite](./Set-ADReplicationSite.md) +Sets the replication properties for an Active Directory site. + +### [Set-ADReplicationSiteLink](./Set-ADReplicationSiteLink.md) +Sets the properties for an Active Directory site link. + +### [Set-ADReplicationSiteLinkBridge](./Set-ADReplicationSiteLinkBridge.md) +Sets the properties of a replication site link bridge in Active Directory. + +### [Set-ADReplicationSubnet](./Set-ADReplicationSubnet.md) +Sets the properties of an Active Directory replication subnet object. + +### [Set-ADResourceProperty](./Set-ADResourceProperty.md) +Modifies a resource property in Active Directory. + +### [Set-ADResourcePropertyList](./Set-ADResourcePropertyList.md) +Modifies a resource property list in Active Directory. + +### [Set-ADServiceAccount](./Set-ADServiceAccount.md) +Modifies an Active Directory managed service account or group managed service account object. + +### [Set-ADUser](./Set-ADUser.md) +Modifies an Active Directory user. + +### [Show-ADAuthenticationPolicyExpression](./Show-ADAuthenticationPolicyExpression.md) +Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors. + +### [Sync-ADObject](./Sync-ADObject.md) +Replicates a single object between any two domain controllers that have partitions in common. + +### [Test-ADServiceAccount](./Test-ADServiceAccount.md) +Tests a managed service account from a computer. + +### [Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) +Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer. + +### [Unlock-ADAccount](./Unlock-ADAccount.md) +Unlocks an Active Directory account. diff --git a/docset/winserver2025-ps/activedirectory/Add-ADCentralAccessPolicyMember.md b/docset/winserver2025-ps/activedirectory/Add-ADCentralAccessPolicyMember.md new file mode 100644 index 0000000000..7af60834d9 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADCentralAccessPolicyMember.md @@ -0,0 +1,284 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adcentralaccesspolicymember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADCentralAccessPolicyMember +--- + +# Add-ADCentralAccessPolicyMember + +## SYNOPSIS +Adds central access rules to a central access policy in Active Directory. + +## SYNTAX + +``` +Add-ADCentralAccessPolicyMember [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] + [-Members] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION + +The `Add-ADCentralAccessPolicyMember` cmdlet adds central access rules to a central access policy +in Active Directory. + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +$params = @{ + Identity = 'Finance Policy' + Member = 'Finance Documents Rule', 'Corporate Documents Rule' +} +Add-ADCentralAccessPolicyMember @params +``` + +This command adds the central access rules `Finance Documents Rule` and `Corporate Documents Rule` +to the central access policy Finance Policy. + +### EXAMPLE 2 + +```powershell +Get-ADCentralAccessPolicy -Filter "Name -like 'Corporate*'" | + Add-ADCentralAccessPolicyMember -Members 'Corporate Documents Rule' +``` + +This command gets all central access policies that have a name that starts with `Corporate` and then +passes this information to `Add-ADCentralAccessPolicyMember` by using the pipeline operator. The +`Add-ADCentralAccessPolicyMember` cmdlet then adds the central access rule with the name +`Corporate Documents Rule` to it. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User0`1 or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Members + +Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central +access policy. To identify each object, use one of the following property values: + +- Name +- A distinguished name +- GUID (**objectGUID**) + +> [!NOTE] +> The identifier in parentheses is the LDAP display name. + +You can also provide objects to this parameter directly. + +You cannot pass objects through the pipeline to this parameter. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADCentralAccessRule[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy + +An **ADCentralAccessPolicy** object is received by the **Identity** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.ADCentralAccessPolicy + +Returns the modified **ADCentralAccessPolicy** object when the **PassThru** parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Remove-ADCentralAccessPolicyMember](./Remove-ADCentralAccessPolicyMember.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADComputerServiceAccount.md b/docset/winserver2025-ps/activedirectory/Add-ADComputerServiceAccount.md new file mode 100644 index 0000000000..d65713dc81 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADComputerServiceAccount.md @@ -0,0 +1,341 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adcomputerserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADComputerServiceAccount +--- + +# Add-ADComputerServiceAccount + +## SYNOPSIS +Adds one or more service accounts to an Active Directory computer. + +## SYNTAX + +``` +Add-ADComputerServiceAccount [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Partition ] [-PassThru] + [-Server ] [-ServiceAccount] [] +``` + +## DESCRIPTION + +The `Add-ADComputerServiceAccount` cmdlet adds one or more computer service accounts to an Active +Directory computer. + +The **Computer** parameter specifies the Active Directory computer that will host the new service +accounts. You can identify a computer by its distinguished name, GUID, security identifier (SID) or +Security Accounts Manager (SAM) account name. You can also set the **Computer** parameter to a +computer object variable, such as `$`, or pass a computer object through the +pipeline to the **Computer** parameter. For example, you can use the `Get-ADComputer` cmdlet to +retrieve a computer object and then pass the object through the pipeline to the +`Add-ADComputerServiceAccount` cmdlet. + +The **ServiceAccount** parameter specifies the service accounts to add. You can identify a service +account by its distinguished name, GUID, Security Identifier (SID) or Security Accounts Manager +(SAM) account name. You can also specify service account object variables, such as +`$`. If you are specifying more than one account, use a comma-separated +list. + +> [!NOTE] +> Adding a service account is a different operation than installing the service account locally. + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Add-ADComputerServiceAccount -Computer ComputerAcct1 -ServiceAccount SvcAcct1 +``` + +This command adds the service account `SvcAcct1` to a Computer Account `ComputerAcct1`. + +### EXAMPLE 2 + +```powershell +Add-ADComputerServiceAccount -Computer ComputerAcct1 -ServiceAccount SvcAcct1, SvcAcct2 +``` + +This command adds two service accounts, `SvcAcct1` and `SvcAcct2`, to a Computer Account +`ComputerAcct1`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory computer object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- Security Accounts Manager account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If the identifier +given is a distinguished name, the partition to search is computed from that distinguished name. If +two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a +computer object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADComputer +Parameter Sets: (All) +Aliases: Computer + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccount + +Specifies one or more Active Directory service accounts. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A Security Identifier (**objectSid**) +- SAM account name (**sAMAccountName**) + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADServiceAccount[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADComputer + +A computer object is received by the **Computer** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer + +This cmdlet returns the modified computer object when the **PassThru** parameter is specified. By +default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with AD LDS. +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work when targeting a snapshot using the **Server** parameter. + +## RELATED LINKS + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADDomainControllerPasswordReplicationPolicy.md b/docset/winserver2025-ps/activedirectory/Add-ADDomainControllerPasswordReplicationPolicy.md new file mode 100644 index 0000000000..5387d3b61a --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADDomainControllerPasswordReplicationPolicy.md @@ -0,0 +1,328 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-addomaincontrollerpasswordreplicationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADDomainControllerPasswordReplicationPolicy +--- + +# Add-ADDomainControllerPasswordReplicationPolicy + +## SYNOPSIS +Adds users, computers, and groups to the allowed or denied list of a read-only domain controller +password replication policy. + +## SYNTAX + +### AllowedPRP + +``` +Add-ADDomainControllerPasswordReplicationPolicy [-WhatIf] [-Confirm] + -AllowedList [-AuthType ] [-Credential ] + [[-Identity] ] [-Server ] [] +``` + +### DeniedPRP + +``` +Add-ADDomainControllerPasswordReplicationPolicy [-WhatIf] [-Confirm] + [-AuthType ] [-Credential ] -DeniedList + [[-Identity] ] [-Server ] [] +``` + +## DESCRIPTION + +The `Add-ADDomainControllerPasswordReplicationPolicy` cmdlet adds one or more users, computers, +and groups to the allowed or denied list of a read-only domain controller (RODC) password +replication policy. + +The **Identity** parameter specifies the read-only domain controller (RODC) that uses the allowed +and denied lists to apply the password replication policy. You can identify a domain controller by +its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain +controller by the name of the server object that represents the domain controller, the distinguished +name of the NTDS settings object of the server object, the GUID of the NTDS settings object of the +server object under the configuration partition, or the distinguished name of the computer object +that represents the domain controller. You can also set the **Identity** parameter to a domain +controller object variable, such as `$`, or pass a domain controller +object through the pipeline to the **Identity** parameter. For example, you can use the +`Get-ADDomainController` cmdlet to get a domain controller object and then pass the object through +the pipeline to the `Add-ADDomainControllerPasswordReplicationPolicy` cmdlet. You must specify a +read-only domain controller. If you specify a writeable domain controller for this parameter, the +cmdlet returns a non-terminating error. + +The **AllowedList** parameter specifies the users, computers, and groups to add to the allowed list. +Similarly, the **DeniedList** parameter specifies the users, computers, and groups to add to the +denied list. You must specify either one or both of the **AllowedList** and **DeniedList** +parameters. You can identify a user, computer, or group by distinguished name, GUID, security +identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify user, +computer, or group variables, such as `$`. If you are specifying more than one +item, use a comma-separated list. If a specified user, computer, or group is not on the allowed or +denied list, the cmdlet does not return an error. + +## EXAMPLES + +### Example 1 + +```powershell +$params = @{ + Identity = 'USER01-RODC1' + AllowedList = 'PattiFuller', 'DavidChew' +} +Add-ADDomainControllerPasswordReplicationPolicy @params +``` + +This command adds user accounts with the specified SamAccountNames to the Allowed list on the RODC +specified by the **Identity** parameter. + +### Example 2 + +```powershell +$params = @{ + Identity = 'USER02-RODC1' + DeniedList = 'ElisaDaugherty', 'EvanNarvaez' +} +Add-ADDomainControllerPasswordReplicationPolicy @params +``` + +This command adds user accounts with the specified SamAccountNames to the Denied list on the RODC +specified by the **Identity** parameter. + +## PARAMETERS + +### -AllowedList + +Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to +replicate their passwords to this RODC. You can specify more than one value by using a +comma-separated list. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A Security Accounts Manager (SAM) account name (**sAMAccountName**) + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADPrincipal[] +Parameter Sets: AllowedPRP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeniedList + +Specifies the users, computers, groups or other accounts to add to the list of accounts that are +denied the right to replicate their passwords to this RODC. You can specify more than one value by +using a comma-separated list. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A Security Accounts Manager (SAM) account name (**sAMAccountName**) + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADPrincipal[] +Parameter Sets: DeniedPRP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory domain controller object by providing one of the following values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A GUID (**objectGUID**) +- An IPV4Address +- A Global IPV6Address +- A DNS Host Name (**dNSHostName**) +- A name of the server object +- A distinguished name of the NTDS Settings object +- A distinguished name of the server object that represents the domain controller +- A GUID of NTDS settings object under the configuration partition +- A GUID of server object under the configuration partition +- A distinguished name of the computer object that represents the domain controller + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADDomainController +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomainController + +An RODC object is received by the **Identity** parameter. + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet does not work with Active Directory Lightweight Directory Services. +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADDomainController](./Get-ADDomainController.md) + +[Get-ADDomainControllerPasswordReplicationPolicy](./Get-ADDomainControllerPasswordReplicationPolicy.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADFineGrainedPasswordPolicySubject.md b/docset/winserver2025-ps/activedirectory/Add-ADFineGrainedPasswordPolicySubject.md new file mode 100644 index 0000000000..48f8c5ccb0 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADFineGrainedPasswordPolicySubject.md @@ -0,0 +1,365 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adfinegrainedpasswordpolicysubject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADFineGrainedPasswordPolicySubject +--- + +# Add-ADFineGrainedPasswordPolicySubject + +## SYNOPSIS +Applies a fine-grained password policy to one more users and groups. + +## SYNTAX + +``` +Add-ADFineGrainedPasswordPolicySubject [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] + [-Partition ] [-PassThru] [-Server ] [-Subjects] + [] +``` + +## DESCRIPTION + +The `Add-ADFineGrainedPasswordPolicySubject` cmdlet applies a fine-grained password policy to one or +more global security groups and users. + +The **Identity** parameter specifies the fine-grained password policy to apply. You can identify a +fine-grained password policy by its distinguished name, GUID or name. You can also set the +**Identity** parameter to a fine-grained password policy object variable, such as +`$`, or pass a fine-grained password policy object through the pipeline +operator to the **Identity** parameter. For example, you can use the +`Get-ADFineGrainedPasswordPolicy` cmdlet to get a fine-grained password policy object and then pass +the object through the pipeline operator to the `Add-ADFineGrainedPasswordPolicySubject` cmdlet. + +The **Subjects** parameter specifies the users and global security groups. You can identify a user +or global security group by its distinguished name (DN), GUID, security identifier (SID), or +Security Account Manager (SAM) account name. You can also specify user and global security group +object variables, such as `$`. If you are specifying more than one user or group, +use a comma-separated list. To pass user and global security group objects through the pipeline to +the **Subjects** parameter, use the `Get-ADUser` or the `Get-ADGroup` cmdlets to retrieve the user +or group objects, and then pass these objects through the pipeline operator to the +`Add-ADFineGrainedPasswordPolicySubject` cmdlet. + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Add-ADFineGrainedPasswordPolicySubject -Identity DomainUsersPSO -Subjects 'Domain Users' +``` + +This command applies the fine-grained password policy named `DomainUsersPSO` to the `Domain Users` +global security group. + +### EXAMPLE 2 + +```powershell +Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects BobKe, KimAb +``` + +This command applies the fine-grained password policy named `DlgtdAdminsPSO` to users with the SAM +account names `BobKe` and `KimAb`. + +### EXAMPLE 3 + +```powershell +Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects DlgtdAdminGroup +``` + +This command applies the fine-grained password policy named `DlgtdAdminsPSO` to the group +`DlgtdAdminGroup`. + +### EXAMPLE 4 + +```powershell +Get-ADUser -Filter "lastname -eq 'Fuller'" | + Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO +``` + +This command applies the fine-grained password policy named `DlgtdAdminsPSO` to any users whose last +name is `Fuller`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory fine-grained password policy object by providing one of the following +property values. The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) +display name for the attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A name (name) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a +fine-grained password policy object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. By default, this cmdlet does +not generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Subjects + +Specifies one or more users or groups. To specify more than one user or group, use a +comma-separated list. You can identify a user or group by one of the following property values: + +- Distinguished name (DN) +- GUID (**objectGUID**) +- Security Identifier (**objectSid**) +- SAM account name (**sAMAccountName**) + +Note: The identifier in parentheses is the LDAP display name for the attribute. + +You can also provide objects to this parameter directly. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy, Microsoft.ActiveDirectory.Management.ADPrincipal + +A fine-grained password policy object is received by the **Identity** parameter. One or more +principal objects that represent users and security group objects are received by the **Subjects** +parameter. Derived principal types, such as the following, are also accepted by the **Subjects** +parameter: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy + +Returns the modified fine-grained password policy object when the **PassThru** parameter is +specified. By default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with AD LDS. +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADFineGrainedPasswordPolicySubject](./Get-ADFineGrainedPasswordPolicySubject.md) + +[Remove-ADFineGrainedPasswordPolicySubject](./Remove-ADFineGrainedPasswordPolicySubject.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADGroupMember.md b/docset/winserver2025-ps/activedirectory/Add-ADGroupMember.md new file mode 100644 index 0000000000..2ceefcbec2 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADGroupMember.md @@ -0,0 +1,441 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adgroupmember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADGroupMember +--- + +# Add-ADGroupMember + +## SYNOPSIS +Adds one or more members to an Active Directory group. + +## SYNTAX + +``` +Add-ADGroupMember [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Members] + [-MemberTimeToLive ] [-Partition ] [-PassThru] [-Server ] + [-DisablePermissiveModify] [] +``` + +## DESCRIPTION + +The `Add-ADGroupMember` cmdlet adds one or more users, groups, service accounts, or computers as +new members of an Active Directory group. + +The **Identity** parameter specifies the Active Directory group that receives the new members. You +can identify a group by its distinguished name, GUID, security identifier, or Security Account +Manager (SAM) account name. You can also specify group object variable, such as +`$`, or pass a group object through the pipeline to the **Identity** parameter. +For example, you can use the `Get-ADGroup` cmdlet to get a group object and then pass the object +through the pipeline to the `Add-ADGroupMember` cmdlet. + +The **Members** parameter specifies the new members to add to a group. You can identify a new member +by its distinguished name, GUID, security identifier, or SAM account name. You can also specify +user, computer, and group object variables, such as `$`. If you are specifying more +than one new member, use a comma-separated list. You cannot pass user, computer, or group objects +through the pipeline to this cmdlet. To add user, computer, or group objects to a group by using the +pipeline, use the `Add-ADPrincipalGroupMembership` cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the **Partition** +parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +- To specify a default naming context for an AD LDS environment, set the + **msDS-defaultNamingContext** property of the Active Directory directory service agent object + (nTDSDSA) for the AD LDS instance. + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Add-ADGroupMember -Identity SvcAccPSOGroup -Members SQL01, SQL02 +``` + +This command adds the user accounts with the SAM account names `SQL01` and `SQL02` to the group +`SvcAccPSOGroup`. + +### EXAMPLE 2 + +```powershell +$params = @{ + Server = 'localhost:60000' + SearchBase = 'OU=AccountDeptOU,DC=AppNC' + Filter = "name -like 'AccountLeads'" +} +Get-ADGroup @params | + Add-ADGroupMember -Members 'CN=PattiFuller,OU=AccountDeptOU,DC=AppNC' +``` + +This command gets a group from the organizational unit `OU=AccountDeptOU,DC=AppNC` in the AD LDS +instance `localhost:60000` that has the name `AccountLeads`, and then pipes it to +`Add-ADGroupMember`, which then adds the user account with the distinguished name +`CN=PattiFuller,OU=AccountDeptOU,DC=AppNC` to it. + +### EXAMPLE 3 + +```powershell +$userParams = @{ + Identity = 'CN=Chew David,OU=UserAccounts,DC=NORTHAMERICA,DC=FABRIKAM,DC=COM' + Server = 'northamerica.fabrikam.com' +} +$User = Get-ADUser @userParams +$groupParams = @{ + Identity = 'CN=AccountLeads,OU=UserAccounts,DC=EUROPE,DC=FABRIKAM,DC=COM' + Server = 'europe.fabrikam.com' +} +$Group = Get-ADGroup @groupParams +Add-ADGroupMember -Identity $Group -Members $User -Server "europe.fabrikam.com" +``` + +This command adds the user `CN=Chew David,OU=UserAccounts` from the North America domain to the +group `CN=AccountLeads,OU=UserAccounts` in the Europe domain. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisablePermissiveModify + +Group membership updates use permissive modify by default. This suppresses an error when adding a +member that is already member of the group. When this parameter is used, an error "The specified +account name is already a member of the group" is returned. + +This parameter is available in Windows Server 2019 with the September 2020 Updates. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory group object by providing one of the following values. The identifier +in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- Security Accounts Manager account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADGroup +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -MemberTimeToLive + +Specifies a Time to Live (TTL) for the new group members. + +```yaml +Type: System.TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Members + +Specifies an array of user, group, and computer objects in a comma-separated list to add to a group. +To identify each object, use one of the following property values. The identifier in parentheses is +the LDAP display name. The acceptable values for this parameter are: + +- Distinguished name +- GUID (**objectGUID**) +- Security identifier (**objectSid**) +- SAM account name (**sAMAccountName**) + +You can also provide objects to this parameter directly. + +The following examples show how to specify this parameter. + +This example specifies a user and group to add by specifying the distinguished name and the SAM +account name properties. + +`-Members "CN=SaraDavis,CN=employees,CN=Users,DC=contoso,DC=com", "saradavisreports"` + +This example specifies a user and a group object that are defined in the current Windows PowerShell +session as input for the parameter. + +`-Members $userObject, $GroupObject` + +The objects specified for this parameter are processed as +**Microsoft.ActiveDirectory.Management.ADPrincipal** objects. Derived types, such as the following +are also received by this parameter. + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADGroup** + +You cannot pass objects through the pipeline to this parameter. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADGroup + +A group object is received by the **Identity** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup + +Returns the modified group object when the **PassThru** parameter is specified. By default, this +cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. +- This cmdlet will allow you to add a group as a member of itself which could lead to unstable + behavior. + +## RELATED LINKS + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADPrincipalGroupMembership.md b/docset/winserver2025-ps/activedirectory/Add-ADPrincipalGroupMembership.md new file mode 100644 index 0000000000..578084f587 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADPrincipalGroupMembership.md @@ -0,0 +1,400 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adprincipalgroupmembership?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADPrincipalGroupMembership +--- + +# Add-ADPrincipalGroupMembership + +## SYNOPSIS +Adds a member to one or more Active Directory groups. + +## SYNTAX + +``` +Add-ADPrincipalGroupMembership [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-MemberOf] + [-Partition ] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION + +The `Add-ADPrincipalGroupMembership` cmdlet adds a user, group, service account, or computer as a +new member to one or more Active Directory groups. + +The **Identity** parameter specifies the new user, computer, or group to add. You can identify the +user, group, or computer by its distinguished name, GUID, security identifier (SID), or Security +Account Manager (SAM) account name. You can also specify a user, group, or computer object variable, +such as `$`, or pass an object through the pipeline to the **Identity** parameter. +For example, you can use the `Get-ADGroup` cmdlet to get a group object and then pass the object +through the pipeline to the `Add-ADPrincipalGroupMembership` cmdlet. Similarly, you can use +`Get-ADUser` or `Get-ADComputer` to get user and computer objects to pass through the pipeline. + +This cmdlet collects all of the user, computer and group objects from the pipeline, and then adds +these objects to the specified group by using one Active Directory operation. + +The **MemberOf** parameter specifies the groups that receive the new member. You can identify a +group by its distinguished name, GUID, SID, or SAM account name. You can also specify group object +variable, such as `$`. To specify more than one group, use a comma-separated list. +You cannot pass group objects through the pipeline to the **MemberOf** parameter. To add to a group +by passing the group through the pipeline, use the **Add-ADGroupMember** cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the **Partition** +parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** +property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Add a member to a group + +```powershell +Add-ADPrincipalGroupMembership -Identity SQLAdmin1 -MemberOf DlgtdAdminsPSOGroup +``` + +This command adds the user with SAM account name `SQLAdmin1` to the group `DlgtdAdminsPSOGroup`. + +### Example 2: Add filtered users to a group + +```powershell +Get-ADUser -Filter 'Name -like "*SvcAccount*"' | + Add-ADPrincipalGroupMembership -MemberOf SvcAccPSOGroup +``` + +This command gets all users with `SvcAccount` in their name and adds them to the group +`SvcAccPSOGroup`. + +### Example 3: Add filtered users to a distinguished name group + +```powershell +$params = @{ + Server = 'localhost:60000' + SearchBase = 'DC=AppNC' + Filter = "Title -eq 'Account Lead' -and Office -eq 'Branch1'" +} +Get-ADUser @params | + Add-ADPrincipalGroupMembership -MemberOf "CN=AccountLeads,OU=AccountDeptOU,DC=AppNC" +``` + +This command adds all employees in `Branch1` in the AD LDS instance `localhost:60000` whose title is +`Account Lead` to the group with the distinguished name `CN=AccountLeads,OU=AccountDeptOU,DC=AppNC`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory principal object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for +this parameter are: + +- Distinguished name +- GUID (**objectGUID**) +- Security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +This example shows how to set the parameter to a distinguished name. + +`-Identity "CN=saradavis,CN=Users,DC=corp,DC=contoso,DC=com"` + +This example shows how to set this parameter to a principal object instance named principalInstance. + +`-Identity $principalInstance` + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -MemberOf + +Specifies the Active Directory groups to add a user, computer, or group to as a member. You can +identify a group by providing one of the following values. Note: The identifier in parentheses is +the LDAP display name for the attribute. The acceptable values for this parameter are: + +- Distinguished name +- GUID (**objectGUID**) +- Security identifier (**objectSid**) +- Security Account Manager (SAM) account name (**sAMAccountName**) + +If you are specifying more than one group, use commas to separate the groups in the list. + +The following example shows how to specify this parameter by using SAM account name values. + +`-MemberOf "SaraDavisGroup", "JohnSmithGroup"` + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADGroup[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADPrincipal + +A principal object (**Microsoft.ActiveDirectory.Management.ADPrincipal**) that represents a user, +computer or group is received by the Identity parameter. Derived types, such as the following are +also received by this parameter. + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADGroup** + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADPrincipal + +Returns a principal object that represents the modified user, computer or group object when the +**PassThru** parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[Get-ADUser](./Get-ADUser.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) diff --git a/docset/winserver2025-ps/activedirectory/Add-ADResourcePropertyListMember.md b/docset/winserver2025-ps/activedirectory/Add-ADResourcePropertyListMember.md new file mode 100644 index 0000000000..7252844648 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Add-ADResourcePropertyListMember.md @@ -0,0 +1,276 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/add-adresourcepropertylistmember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADResourcePropertyListMember +--- + +# Add-ADResourcePropertyListMember + +## SYNOPSIS +Adds one or more resource properties to a resource property list in Active Directory. + +## SYNTAX + +``` +Add-ADResourcePropertyListMember [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] + [-Members] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION + +The `Add-ADResourcePropertyListMember` cmdlet adds one or more resource properties to a resource +property list in Active Directory. + +## EXAMPLES + +### Example 1: Add members to a resource property list + +```powershell +$params = @{ + Identity = 'Global Resource Property List' + Members = 'Country', 'Authors' +} +Add-ADResourcePropertyListMember @params +``` + +This command adds the resource members named `Country` and `Authors` to the list named +`Global Resource Property List`. + +### Example 2: Add members to a filtered resource property list + +```powershell +Get-ADResourcePropertyList -Filter "Name -like 'Corporate*'" | + Add-ADResourcePropertyListMember -Members Country, Authors +``` + +This command gets any resource property list that has a name that begins with `Corporate` and then +passes it to `Add-ADResourcePropertyListMember`, which then adds the resource properties `Country` +and `Authors` to it. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADResourcePropertyList +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Members + +Specifies a set of **ADResourceProperty** objects in a comma-separated list to add to a resource +property list. To identify each object, use one of the following property values: + +- Name +- Distinguished name +- GUID (**objectGUID**) + +You can also provide objects to this parameter directly. + +You cannot pass objects through the pipeline to this parameter. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADResourceProperty[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTypeList + +An **ADClaimTypeList** object is received by the **Identity** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTypeList + +Returns the modified **ADClaimTypeList** object when the **PassThru** parameter is specified. By +default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with a read-only domain controller. +- This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Remove-ADResourcePropertyListMember](./Remove-ADResourcePropertyListMember.md) diff --git a/docset/winserver2025-ps/activedirectory/Clear-ADAccountExpiration.md b/docset/winserver2025-ps/activedirectory/Clear-ADAccountExpiration.md new file mode 100644 index 0000000000..43b6c7c6d0 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Clear-ADAccountExpiration.md @@ -0,0 +1,329 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/clear-adaccountexpiration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Clear-ADAccountExpiration +--- + +# Clear-ADAccountExpiration + +## SYNOPSIS +Clears the expiration date for an Active Directory account. + +## SYNTAX + +``` +Clear-ADAccountExpiration [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Partition ] [-PassThru] + [-Server ] [] +``` + +## DESCRIPTION + +The `Clear-ADAccountExpiration` cmdlet clears the expiration date for an Active Directory user or +computer account. When you clear the expiration date for an account, the account does not expire. + +The **Identity** parameter specifies the user or computer account to modify. You can identify a user +or group by its distinguished name, GUID, security identifier (SID), or Security Accounts Manager +(SAM) account name. You can also set the **Identity** parameter to a user or computer object +variable, such as `$`, or pass a user or computer object through the pipeline to +the **Identity** parameter. For example, you can use the `Get-ADUser`, `Get-ADComputer`, or +`Search-ADAccount` cmdlet to retrieve an object and then pass the object through the pipeline to the +`Clear-ADAccountExpiration` cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the **Partition** +parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** +property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS +instance. + +## EXAMPLES + +### Example 1: Clear an account expiration date for a specified user + +```powershell +Clear-ADAccountExpiration -Identity PattiFuller +``` + +This command clears the account expiration date for the user with SamAccountName `PattiFuller`. + +### Example 2: Clear an account expiration date by using a distinguished name + +```powershell +Clear-ADAccountExpiration -Identity 'CN=PattiFuller,DC=AppNC' -Server 'PATTIFU-SVR1:60000' +``` + +This command clears the account expiration date for the user with DistinguishedName +`CN=PattiFuller,DC=AppNC` on the AD LDS instance `PATTIFU-SVR1:60000`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory account object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADUser** + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +An account object (**Microsoft.ActiveDirectory.Management.ADAccount**) is received by the +**Identity** parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet does not work with an Active Directory snapshot. +- This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Search-ADAccount](./Search-ADAccount.md) + +[Set-ADAccountExpiration](./Set-ADAccountExpiration.md) + +[Get-ADUser](./Get-ADUser.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Clear-ADClaimTransformLink.md b/docset/winserver2025-ps/activedirectory/Clear-ADClaimTransformLink.md new file mode 100644 index 0000000000..b155306835 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Clear-ADClaimTransformLink.md @@ -0,0 +1,295 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/clear-adclaimtransformlink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Clear-ADClaimTransformLink +--- + +# Clear-ADClaimTransformLink + +## SYNOPSIS +Removes a claims transformation from being applied to one or more cross-forest trust relationships +in Active Directory. + +## SYNTAX + +``` +Clear-ADClaimTransformLink [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-PassThru] + [-Policy ] [-Server ] [-TrustRole ] + [] +``` + +## DESCRIPTION + +The `Clear-ADClaimTransformLink` cmdlet removes a claims transformation from being applied to one or +more cross-forest trust relationships in Active Directory. + +## EXAMPLES + +### Example 1: Remove a specified policy from a trust relationship + +```powershell +Clear-ADClaimTransformLink -Identity 'corp.contoso.com' -Policy DenyAllPolicy +``` + +This command removes the policy named `DenyAllPolicy` from the `corp.contoso.com` trust. + +### Example 2: Remove all policies that are applied to a trusted forest + +```powershell +Clear-ADClaimTransformLink -Identity 'corp.contoso.com' -TrustRole Trusted +``` + +This command removes any policies that are applied to where this forest acts as the trusted forest +in the `corp.contoso.com` trust. Effectively, this cmdlet removes any policies that are applied to +claims flowing out of this forest towards it trust partner. + +### Example 3: Remove a claim transformation policy from being applied to the trust relationship + +```powershell +$params = @{ + Identity = 'corp.contoso.com' + Policy = 'DenyAllPolicy' + TrustRole = 'Trusting' +} +Clear-ADClaimTransformLink @params +``` + +This command removes DenyAllPolicy that is applied to where this forest acts as the trusted domain +in the `corp.contoso.com` trust. Effectively, this cmdlet removes `DenyAllPolicy` from applying to +claims coming into this from its trust partner. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory trust object by providing one of the following values. The identifier +in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADTrust +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Policy + +Removes the specified claim transformation policy from being applied to the trust relationship. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustRole + +Specifies the role of the current forest in the trust relationship specified by the **Identity** +parameter. The allowable values for this parameter are as follows: + +- `Trusted`: Specify this value if the current forest is the trusted forest. +- `Trusting`: Specify this value if the current forest is the trusting forest. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADTrustRole +Parameter Sets: (All) +Aliases: +Accepted values: Trusted, Trusting + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADTrust + +An account object (**Microsoft.ActiveDirectory.Management.ADTrust**) is received by the **Identity** +parameter. + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Set-ADClaimTransformLink](./Set-ADClaimTransformLink.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Disable-ADAccount.md b/docset/winserver2025-ps/activedirectory/Disable-ADAccount.md new file mode 100644 index 0000000000..2526ee75c2 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Disable-ADAccount.md @@ -0,0 +1,346 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/disable-adaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-ADAccount +--- + +# Disable-ADAccount + +## SYNOPSIS +Disables an Active Directory account. + +## SYNTAX + +``` +Disable-ADAccount [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Partition ] [-PassThru] + [-Server ] [] +``` + +## DESCRIPTION + +The `Disable-ADAccount` cmdlet disables an Active Directory user, computer, or service account. + +The **Identity** parameter specifies the Active Directory user, computer service account, or other +service account that you want to disable. You can identify an account by its distinguished name, +GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set +the **Identity** parameter to an object variable such as `$`, or you can pass +an account object through the pipeline to the **Identity** parameter. For example, you can use the +`Get-ADUser` cmdlet to retrieve a user account object and then pass the object through the +pipeline to the `Disable-ADAccount` cmdlet. Similarly, you can use `Get-ADComputer` and +`Search-ADAccount` to retrieve account objects. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the **Partition** +parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** +property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS +instance. + +## EXAMPLES + +### Example 1: Disable an account by identity + +```powershell +Disable-ADAccount -Identity PattiFul +``` + +This command disables the account with identity SAMAccountName `PattiFul`. + +### Example 2: Disable an account by Distinguished Name + +```powershell +Disable-ADAccount -Identity 'CN=Patti Fuller,OU=Finance,OU=Users,DC=FABRIKAM,DC=COM' +``` + +This command disables the account with DistinguishedName +`CN=Patti Fuller,OU=Finance,OU=Users,DC=FABRIKAM,DC=COM`. + +### Example 3: Disable all accounts in an organizational unit + +```powershell +Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Finance,OU=Users,DC=FABRIKAM,DC=COM" | + Disable-ADAccount +``` + +This command disables all accounts in the organizational unit +`OU=Finance,OU=Users,DC=FABRIKAM,DC=COM`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory account object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A Security Identifier (**objectSid**) +- A SAM Account Name (**SAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADUser** + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +An account object is received by the **Identity** parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet does not work with an Active Directory snapshot. +- This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) + +[Enable-ADAccount](./Enable-ADAccount.md) + +[Get-ADAccountAuthorizationGroup](./Get-ADAccountAuthorizationGroup.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[Set-ADAccountControl](./Set-ADAccountControl.md) + +[Set-ADAccountExpiration](./Set-ADAccountExpiration.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) + +[Unlock-ADAccount](./Unlock-ADAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Disable-ADOptionalFeature.md b/docset/winserver2025-ps/activedirectory/Disable-ADOptionalFeature.md new file mode 100644 index 0000000000..dbd4686aab --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Disable-ADOptionalFeature.md @@ -0,0 +1,357 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/disable-adoptionalfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-ADOptionalFeature +--- + +# Disable-ADOptionalFeature + +## SYNOPSIS +Disables an Active Directory optional feature. + +## SYNTAX + +``` +Disable-ADOptionalFeature [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-PassThru] + [-Scope] [-Server ] [-Target] + [] +``` + +## DESCRIPTION + +The `Disable-ADOptionalFeature` disables an Active Directory optional feature that is associated +with a particular domain mode or forest mode. + +The **Identity** parameter specifies the Active Directory optional feature that you want to disable. +You can identify an optional feature by its distinguished name, feature GUID, or object GUID. You +can also set the parameter to an optional feature object variable, such as +`$` or you can pass an optional feature object through the pipeline to +the **Identity** parameter. For example, you can use the `Get-ADOptionalFeature` cmdlet to retrieve +an optional feature object and then pass the object through the pipeline to the +`Disable-ADOptionalFeature` cmdlet. + +The **Scope** parameter specifies the scope at which the optional feature is disabled. + +The **Target** parameter specifies the domain or forest on which the optional feature is disabled. +You can identify the domain or forest by its fully-qualified domain name (FQDN), NetBIOS name, or +the distinguished name of the domain naming context. + +## EXAMPLES + +### Example 1: Disable a feature for a NetBIOS target + +```powershell +$params = @{ + Identity = 'Feature 1' + Scope = 'ForestOrConfigurationSet' + Target = 'fabrikam' + Server = 'DC1' +} +Disable-ADOptionalFeature @params +``` + +This command disables the optional feature named `Feature 1` for the forest that has the NetBIOS +name `fabrikam`. This operation should be performed against the domain controller that holds the +domain naming master flexible single master operations (FSMO) role. + +### Example 2: Disable a feature by distinguished name + +```powershell +$params = @{ + Identity = 'CN=Feature 1,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=fabrikam,DC=com' + Scope = ForestOrConfigurationSet + Target = 'fabrikam.com' + Server = 'DC1' +} +Disable-ADOptionalFeature @params +``` + +This command disables the optional feature that has the distinguished name +`CN=Feature 1,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=fabrikam,DC=com`, +for the forest named `fabrikam.com`. This operation should be performed against the domain +controller that holds the domain naming master FSMO role. + +### Example 3: Disable a feature by GUID + +```powershell +$params = @{ + Identity = '54ec6e43-75a8-445b-aa7b-346a1e096659' + Scope = 'Domain' + Target = 'DC=fabrikam,DC=com' + Server = 'DC1' +} +Disable-ADOptionalFeature @params +``` + +This command disables the optional feature that has the GUID `54ec6e43-75a8-445b-aa7b-346a1e096659` +for the domain with the distinguished name `DC=ntdev,DC=fabrikam,DC=com`. This operation should be +performed against the domain controller that holds the domain naming naming master FSMO role. + +### Example 4: Disable a feature for an AD LDS instance + +```powershell +$params = @{ + Identity = 'Feature 1' + Scope = 'ForestOrConfigurationSet' + Target = 'CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}' + Server = 'server1:50000' +} +Disable-ADOptionalFeature @params +``` + +This command disables the optional feature `Feature 1` for the Active Directory Lightweight +Directory Services (AD LDS) instance that has the distinguished name +`CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}`. This operation should be performed +against the AD LDS instance that holds the domain naming master FSMO role. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory optional feature object by providing one of the following values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- FQDN +- Feature GUID (**featureGUID**) +- Object GUID (**objectGUID**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +optional feature object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADOptionalFeature +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet does not +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Scope + +Specifies the scope at which the feature is enabled or disabled. The acceptable values for this +parameter are: + +- `Domain` or `0` +- `Forest` or `1` + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADOptionalFeatureScope +Parameter Sets: (All) +Aliases: +Accepted values: Unknown, ForestOrConfigurationSet, Domain + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Target + +Specifies the domain or forest in which to modify the optional feature. You can identify the target +domain or forest by providing one of the following values: + +- FQDN of the forest or domain +- NetBIOS name of the forest or domain +- Distinguished name of the domain naming context + +The following example shows how to set this parameter to a domain naming context. + +`-Target "DC=corp,DC=Fabrikam,DC=com"` + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADEntity +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADOptionalFeature + +An optional feature object is received by the **Identity** parameter. + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet doesn't work with an Active Directory snapshot. +- This cmdlet doesn't work with a read-only domain controller. + +## RELATED LINKS + +[Enable-ADOptionalFeature](./Enable-ADOptionalFeature.md) + +[Get-ADOptionalFeature](./Get-ADOptionalFeature.md) diff --git a/docset/winserver2025-ps/activedirectory/Enable-ADAccount.md b/docset/winserver2025-ps/activedirectory/Enable-ADAccount.md new file mode 100644 index 0000000000..ec3f8b8db8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Enable-ADAccount.md @@ -0,0 +1,337 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/enable-adaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-ADAccount +--- + +# Enable-ADAccount + +## SYNOPSIS +Enables an Active Directory account. + +## SYNTAX + +``` +Enable-ADAccount [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Partition ] [-PassThru] + [-Server ] [] +``` + +## DESCRIPTION + +The `Enable-ADAccount` cmdlet enables an Active Directory user, computer, or service account. + +The **Identity** parameter specifies the Active Directory user, computer, or service account that +you want to enable. You can identify an account by its distinguished name, GUID, security identifier +(SID) or Security Accounts Manager (SAM) account name. You can also set the **Identity** parameter +to an object variable such as `$`, or you can pass an account object through +the pipeline to the **Identity** parameter. For example, you can use the `Get-ADUser` cmdlet to +retrieve an account object and then pass the object through the pipeline to the `Enable-ADAccount` +cmdlet. Similarly, you can use `Get-ADComputer` and `Search-ADAccount` to retrieve account objects. + +## EXAMPLES + +### Example 1: Enable an account by identity + +```powershell +Enable-ADAccount -Identity 'PattiFul' +``` + +This command enables the account with identity SamAccountName `PattiFul`. + +### Example 2: Enable an account by Distinguished Name + +```powershell +Enable-ADAccount -Identity 'CN=Patti Fuller,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM' +``` + +This command enables the account with DistinguishedName +`CN=Patti Fuller,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM`. + +### Example 3: Enable all accounts in an organizational unit using a filter + +```powershell +$params = @{ + Filter = 'Name -like "*"' + SearchBase = 'OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM' +} +Get-ADUser @params | Enable-ADAccount +``` + +This command enables all accounts in the organizational unit: +`OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory account object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A Security Identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet does not +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +An account object is received by the **Identity** parameter. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet doesn't work with an Active Directory snapshot. +- This cmdlet doesn't work with a read-only domain controller. + +## RELATED LINKS + +[Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) + +[Disable-ADAccount](./Disable-ADAccount.md) + +[Get-ADAccountAuthorizationGroup](./Get-ADAccountAuthorizationGroup.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[Set-ADAccountControl](./Set-ADAccountControl.md) + +[Set-ADAccountExpiration](./Set-ADAccountExpiration.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) + +[Unlock-ADAccount](./Unlock-ADAccount.md) diff --git a/docset/winserver2025-ps/activedirectory/Enable-ADOptionalFeature.md b/docset/winserver2025-ps/activedirectory/Enable-ADOptionalFeature.md new file mode 100644 index 0000000000..83da55c402 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Enable-ADOptionalFeature.md @@ -0,0 +1,329 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/enable-adoptionalfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-ADOptionalFeature +--- + +# Enable-ADOptionalFeature + +## SYNOPSIS +Enables an Active Directory optional feature. + +## SYNTAX + +``` +Enable-ADOptionalFeature [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-PassThru] + [-Scope] [-Server ] [-Target] + [] +``` + +## DESCRIPTION + +The `Enable-ADOptionalFeature` cmdlet enables an Active Directory optional feature that is +associated with a particular domain mode or forest mode. Active Directory optional features that +depend on a specified domain mode or forest mode must be explicitly enabled after the domain mode or +forest mode is set. + +The **Identity** parameter specifies the Active Directory optional feature that you want to enable. +You can identify an optional feature by its distinguished name, feature GUID, or object GUID. You +can also set the parameter to an optional feature object variable, such as +`$` or you can pass an optional feature object through the pipeline to +the **Identity** parameter. For example, you can use the `Get-ADOptionalFeature` cmdlet to retrieve +an optional feature object and then pass the object through the pipeline to the +`Enable-ADOptionalFeature` cmdlet. + +The **Scope** parameter specifies the scope at which the optional feature is enabled. + +The **Target** parameter specifies the domain or forest on which the optional feature is enabled. +You can identify the domain or forest by its fully-qualified domain name (FQDN), NetBIOS name, or +distinguished name of the domain naming context. + +## EXAMPLES + +### Example 1: Enable the Recycle Bin feature for a forest + +```powershell +$params = @{ + Identity = 'Recycle Bin Feature' + Scope = 'ForestOrConfigurationSet' + Target = 'fabrikam.com' + Server = 'dc1' +} +Enable-ADOptionalFeature @params +``` + +This command enables the optional feature `Recycle Bin Feature` for the forest `fabrikam.com`. This +operation must be performed on the domain controller that holds the domain naming master flexible +single master operations (FSMO) role. + +### Example 2: Enable the Recycle bin for an AD LDS instance + +```powershell +$params = @{ + Identity = 'Feature 1' + Scope = 'ForestOrConfigurationSet' + Target = 'CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}' + Server = 'lds.fabrikam.com:50000' +} +Enable-ADOptionalFeature @params +``` + +This command enables the optional feature `Feature 1` for the AD LDS instance `lds.fabrikam.com`. +This operation must be performed on the AD LDS instance that holds the domain naming master FSMO +role. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory optional feature object by providing one of the following values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A FQDN +- A feature GUID (**featureGUID**) +- An object GUID (**objectGUID**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +optional feature object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADOptionalFeature +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you're working. By default, this cmdlet doesn't +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Scope + +Specifies the scope at which the feature is enabled or disabled. The acceptable values for this +parameter are: + +- `Domain` or `0` +- `Forest` or `1` + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADOptionalFeatureScope +Parameter Sets: (All) +Aliases: +Accepted values: Unknown, ForestOrConfigurationSet, Domain + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Target + +Specifies the domain or forest in which to modify the optional feature. You can identify the target +domain or forest by providing one of the following values: + +- FQDN of the forest or domain +- NetBIOS name of the forest or domain + +When **Scope** is set to `Domain`, you can use the following value: + +- Distinguished name of the domain naming context + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADEntity +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADOptionalFeature + +An optional feature object is received by the **Identity** parameter. + +## OUTPUTS + +### None + +## NOTES + +- This cmdlet doesn't work with an Active Directory snapshot. +- This cmdlet doesn't work with a read-only domain controller. +- Recycle Bin Feature: Once the Active Directory Recycle Bin is enabled, all objects deleted before + the Active Directory Recycle Bin was enabled (tombstone objects) become recycled objects. They are + no longer visible in the Deleted Objects container and they cannot be recovered using Active + Directory Recycle Bin. The only way to restore these objects is through an authoritative restore + from an AD DS backup taken before the Active Directory Recycle Bin was enabled. + +## RELATED LINKS + +[Disable-ADOptionalFeature](./Disable-ADOptionalFeature.md) + +[Get-ADOptionalFeature](./Get-ADOptionalFeature.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADAccountAuthorizationGroup.md b/docset/winserver2025-ps/activedirectory/Get-ADAccountAuthorizationGroup.md new file mode 100644 index 0000000000..4feb97ed55 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADAccountAuthorizationGroup.md @@ -0,0 +1,354 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adaccountauthorizationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADAccountAuthorizationGroup +--- + +# Get-ADAccountAuthorizationGroup + +## SYNOPSIS +Gets the accounts token group information. + +## SYNTAX + +``` +Get-ADAccountAuthorizationGroup [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADAccountAuthorizationGroup` cmdlet gets the security groups from the specified user, +computer, or service accounts token. This cmdlet requires a global catalog to perform the group +search. If the forest that contains the account doesn't have a global catalog, the cmdlet returns a +non-terminating error. + +The **Identity** parameter specifies the user, computer, or service account. You can identify a +user, computer, or service account object by its distinguished name, GUID, security identifier +(SID), Security Account Manager (SAM) account name or user principal name. You can also set the +**Identity** parameter to an account object variable, such as `$`, or pass an +account object through the pipeline to the **Identity** parameter. For example, you can use the +`Get-ADUser`, `Get-ADComputer`, `Get-ADServiceAccount` or `Search-ADAccount` cmdlets to retrieve an +account object and then pass the object through the pipeline to the +`Get-ADAccountAuthorizationGroup` cmdlet. + +## EXAMPLES + +### Example 1: Get all security groups for a specified account + +```powershell +Get-ADAccountAuthorizationGroup -Identity DavidCh +``` + +```output +GroupScope : DomainLocal +objectGUID : 00000000-0000-0000-0000-000000000000 +GroupCategory : Security +SamAccountName : Everyone +name : Everyone +objectClass : SID : S-1-1-0 +distinguishedName : GroupScope : DomainLocal +objectGUID : 00000000-0000-0000-0000-000000000000 +GroupCategory : Security +SamAccountName : Authenticated Users +name : Authenticated Users +objectClass : SID : S-1-5-11 +distinguishedName : GroupScope : Global +objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 +GroupCategory : Security +SamAccountName : Domain Users +name : Domain Users +objectClass : group +SID : S-1-5-21-41432690-3719764436-1984117282-513 +distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com + +GroupScope : DomainLocal +objectGUID : 869fb7ad-8cf2-4dd0-ac0f-4bd3bf324669 +GroupCategory : Security +SamAccountName : Pre-Windows 2000 Compatible Access +name : Pre-Windows 2000 Compatible Access +objectClass : group +SID : S-1-5-32-554 +distinguishedName : CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=Fabrikam,DC=com + +GroupScope : DomainLocal +objectGUID : c1e397c5-1e44-4270-94d1-88d6c4b78ee6 +GroupCategory : Security +SamAccountName : Users +name : Users +objectClass : group +SID : S-1-5-32-545 +distinguishedName : CN=Users,CN=Builtin,DC=Fabrikam,DC=com +``` + +This command returns all security groups for the specified account with **SamAccountName** +`DavidCh`. + +### Example 2: Get all security groups for a specified account using a distinguished name + +```powershell +Get-ADAccountAuthorizationGroup -Identity "CN=DavidCh,DC=AppNC" -Server ":50000" +``` + +```output +distinguishedName : CN=AdminGroup,DC=AppNC +GroupCategory : Security +GroupScope : Global +name : AdminGroup +objectClass : group +objectGUID : 4d72873f-fe09-4834-9ada-a905636d10df +SamAccountName : AdminGroup +SID : S-1-510474493-936115905-4021890855-1253703389-3958791574-3542197427 +``` + +This command returns all security groups for the specified account with **DistinguishedName** +`CN=DavidCh,DC=AppNC` in the AD LDS instance `:50000`. + +### Example 3: Get a filtered list of security groups + +```powershell +Get-ADAccountAuthorizationGroup -Server ":50000" -Identity Administrator | + Where-Object { $_.objectClass -ne $null } | + Select-Object name, objectClass +``` + +```output +name objectClass +---- ----------- +Domain Users group +Administrators group +Users group +Pre-Windows 2000 Compatible Access group +Group Policy Creator Owners group +Domain Admins group +Enterprise Admins group +Schema Admins group +Denied RODC Password Replication Group group +``` + +This command returns a filtered list of built-in security groups that do not have an empty or null +setting for **objectClass**, such as **Everyone** or **Authenticated Users**. + +> [!NOTE] +> This type of filtering of groups in output can be useful when piping the output of this +> cmdlet to be used as input to other Active Directory cmdlets. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory account object by providing one of the following property values. The +identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the +attribute. The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A Security Identifier (**objectSid**) +- A SAM Account Name (**SAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADUser** + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +An account object that represents the user, computer or service account is received by the +**Identity** parameter. Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADGroup + +Returns group objects that represent the security groups for the account. + +## NOTES + +- This cmdlet doesn't work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADAccountResultantPasswordReplicationPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADAccountResultantPasswordReplicationPolicy.md new file mode 100644 index 0000000000..0cd643ea46 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADAccountResultantPasswordReplicationPolicy.md @@ -0,0 +1,327 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adaccountresultantpasswordreplicationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADAccountResultantPasswordReplicationPolicy +--- + +# Get-ADAccountResultantPasswordReplicationPolicy + +## SYNOPSIS +Gets the resultant password replication policy for an Active Directory account. + +## SYNTAX + +``` +Get-ADAccountResultantPasswordReplicationPolicy [-AuthType ] + [-Credential ] [-DomainController] + [-Identity] [-Partition ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADAccountResultantPasswordReplicationPolicy` cmdlet gets the resultant password replication +policy for a user, computer, or service account on the specified read-only domain controller. + +The policy is one of the following values: + +- `Allow` or `1` +- `DenyExplicit` or `0` +- `DenyImplicit` or `2` +- `Unknown` or `-1` + +The **Identity** parameter specifies the account. You can identify a user, computer, or service +account object by its distinguished name, GUID, security identifier (SID), or Security Account +Manager (SAM) account name. You can also set the **Identity** parameter to an account object +variable, such as `$`, or pass an account object through the pipeline to the +**Identity** parameter. For example, you can use the `Get-ADUser`, `Get-ADComputer`, +`Get-ADServiceAccount`, or `Search-ADAccount` cmdlets to retrieve an account object and then pass +the object through the pipeline to the `Get-ADAccountResultantPasswordReplicationPolicy` cmdlet. + +The **DomainController** parameter specifies the read-only domain controller. You can identify a +domain controller by its IPV4Address, global IPV6Address, or DNS host name. You can also identify a +domain controller by the distinguished name of the NT Directory Services (NTDS) settings object or +the server object, the GUID of the NTDS settings object or the server object under the configuration +partition, or the distinguished name, **SamAccountName**, GUID, SID of the computer object that +represents the domain controller. You can also set the **DomainController** parameter to a domain +controller object variable, such as `$`. + +## EXAMPLES + +### Example 1: Get the password replication policy for a specified user + +```powershell + Get-ADAccountResultantPasswordReplicationPolicy -Identity DavidChe -DomainController DC1 +``` + +This command gets the password replication policy on the domain specified by the +**DomainController** parameter for the user account specified by the **Identity** parameter. + +### Example 2: Get the password replication policy for a specified user using a distinguished name + +```powershell +params = @{ + Identity = 'CN=Elisa Daugherty,OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' + DomainController = 'DC1' +} + Get-ADAccountResultantPasswordReplicationPolicy @params +``` + +This command gets the password replication policy on the domain controller specified by the +**DomainController** parameter for the user account distinguished name specified by the **Identity** +parameter. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainController + +Specifies a read-only domain controller (RODC). The cmdlet returns the password replication policy +of the account for this RODC. You can identify the domain controller by providing one of the +following values: + +- GUID (**objectGUID**) +- IPV4Address +- Global IPV6Address +- DNS Host Name (**dNSHostName**) +- Name of the server object +- A distinguished name of the NTDS Settings object +- A distinguished name of the server object that represents the domain controller +- GUID of NTDS settings object under the configuration partition +- GUID of server object under the configuration partition +- A distinguished Name of the computer object that represents the domain controller + +> [!NOTE] +> The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for +> the attribute. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADDomainController +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory account object by providing one of the following property values. The +identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this +parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. The distinguished name must be +one of the naming contexts on the current directory server. The cmdlet searches this partition to +find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. The +rules for determining the default value are given below. Note that rules listed first are evaluated +first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the +following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the `msDS-defaultNamingContext` property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +An account object is received by the **Identity** parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADResultantPasswordReplicationPolicy + +This cmdlet returns an **ADResultantPasswordReplicationPolicy** enum value that represents the +resultant password replication policy for an account on the specified domain controller. + +## NOTES + +- This cmdlet doesn't work with AD LDS. +- This cmdlet doesn't work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicy.md new file mode 100644 index 0000000000..3d9ef13cb6 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicy.md @@ -0,0 +1,385 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADAuthenticationPolicy +--- + +# Get-ADAuthenticationPolicy + +## SYNOPSIS +Gets one or more Active Directory Domain Services authentication policies. + +## SYNTAX + +### Filter (Default) + +``` +Get-ADAuthenticationPolicy [-AuthType ] [-Credential ] + -Filter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +### Identity + +``` +Get-ADAuthenticationPolicy [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] + [] +``` + +### LdapFilter + +``` +Get-ADAuthenticationPolicy [-AuthType ] [-Credential ] + -LDAPFilter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADAuthenticationPolicy` cmdlet gets an authentication policy or performs a search to get +authentication policies. + +The **Identity** parameter specifies the Active Directory Domain Services authentication policy to +get. You can identify an authentication policy by its distinguished name, GUID or name. You can also +use the **Identity** parameter to specify a variable that contains an authentication policy object, +or you can use the pipeline operator to pass an authentication policy object to the **Identity** +parameter. + +You can search for and use multiple authentication policies by specifying the **Filter** parameter +or the **LDAPFilter** parameter. The **Filter** parameter uses the Windows PowerShell expression +language to write query strings for Active Directory Domain Services. Windows PowerShell expression +language syntax provides rich type conversion support for value types received by the **Filter** +parameter. For more information about the **Filter** parameter syntax, type +`Get-Help about_ActiveDirectory_Filter`. If you have existing Lightweight Directory Access Protocol +(LDAP) query strings, you can use the **LDAPFilter** parameter. + +## EXAMPLES + +### Example 1: Get an authentication policy + +```powershell +Get-ADAuthenticationPolicy -Identity AuthenticationPolicy01 +``` + +This command gets an authentication policy object by specifying the object name. + +### Example 2: Get an authentication policy by using an LDAP filter + +```powershell +Get-ADAuthenticationPolicy -LDAPFilter "(name=AuthenticationPolicy*)" -Server Server01 +``` + +This command gets all authentication policies that match the LDAP filter specified by the +**LDAPFilter** parameter. + +### Example 3: Get an authentication policy by using a filter + +```powershell +Get-ADAuthenticationPolicy -Filter "Name -like 'AuthenticationPolicy*'" -Server Server02 +``` + +This command gets all authentication policies that match the filter specified by the **Filter** +parameter. + +### Example 4: Get all authentication policy objects that match a filter + +```powershell +Get-ADAuthenticationPolicy -Filter * | Format-Table Name, Enforce -AutoSize +``` + +```output +Name Enforce +---- ------- +AuthenticationPolicy1 False +AuthenticationPolicy2 False +``` + +This command gets all the authentication policies available. The output is then passed to the +`Format-Table` cmdlet to display the name of the policy and the value for **Enforce** on each +policy. + +### Example 5: Get all properties for an authentication policy + +```powershell +Get-ADAuthenticationPolicy -Identity "AuthenticationPolicy01" -Properties "*" +``` + +This command gets all properties of the authentication policy specified by the **Identity** +parameter. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory Domain Services objects. This string uses +the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax +provides rich type-conversion support for value types received by the **Filter** parameter. + +Specify the **Filter** parameter in one of the following formats: + +- To match a single filter element: `{Attribute operator "value"}` +- To match multiple filter elements: + `{(Attribute1 operator1 "value1") joinOperator (Attribute2 operator2 "value2")}` + +Windows PowerShell wildcards other than `*`, such as `?`, are not supported by the **Filter** +syntax. + +Valid filter operators are: + + `-eq`, `-le`, `-ge`, `-ne`, `-lt`, `-gt`, `-approx`, `-bor`, `-band`, `-recursivematch`, `-like`, + `-notlike` + +Valid join operators are: + +`-and`, `-or` + +The not operator is `-not`. + +For a list of supported types for values, see `about_ActiveDirectory_ObjectModel`. For more +information about the **Filter** parameter, see `about_ActiveDirectory_Filter`. + +```yaml +Type: System.String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory Domain Services authentication policy object. Specify the +authentication policy object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds +two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies a filter using the LDAP search filter syntax defined in RFC2254 to filter Active Directory +Domain Services objects. + +```yaml +Type: System.String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to get from the server. Use this parameter to get +properties that are not included in the default set. + +Specify the properties to get as a comma separated list of names. For properties that are not +default or extended properties, you must specify the LDAP display name of the property. To display +all of the properties that are set on the object, specify an asterisk (`*`) wildcard. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize + +Specifies the number of objects to include in one page for an Active Directory Domain Services +query. The default value is `256` objects per page. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize + +Specifies the maximum number of objects to return for an Active Directory Domain Services query. If +you want to get all of the objects, set this parameter to `$null`. You can use Ctrl+C to stop the +query and the return of objects. + +The default value is `$null`. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy + +This cmdlet accepts an authentication policy object. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy + +This cmdlet returns one or more authentication policy objects. This cmdlet returns a default set of +**ADAuthenticationPolicy** property values. To retrieve additional **ADAuthenticationPolicy** +properties, use the **Properties** parameter. + +## NOTES + +## RELATED LINKS + +[New-ADAuthenticationPolicy](./New-ADAuthenticationPolicy.md) + +[Remove-ADAuthenticationPolicy](./Remove-ADAuthenticationPolicy.md) + +[Set-ADAuthenticationPolicy](./Set-ADAuthenticationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicySilo.md b/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicySilo.md new file mode 100644 index 0000000000..d96c440381 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADAuthenticationPolicySilo.md @@ -0,0 +1,368 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adauthenticationpolicysilo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADAuthenticationPolicySilo +--- + +# Get-ADAuthenticationPolicySilo + +## SYNOPSIS +Gets one or more Active Directory Domain Services authentication policy silos. + +## SYNTAX + +### Filter (Default) + +``` +Get-ADAuthenticationPolicySilo [-AuthType ] [-Credential ] + -Filter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +### Identity + +``` +Get-ADAuthenticationPolicySilo [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] + [] +``` + +### LdapFilter + +``` +Get-ADAuthenticationPolicySilo [-AuthType ] [-Credential ] + -LDAPFilter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADAuthenticationPolicySilo` cmdlet gets an authentication policy silo or performs a search +to get authentication policy silos. + +The **Identity** parameter specifies the Active Directory Domain Services authentication policy silo +to get. You can identify an authentication policy silo by its distinguished name (DN), GUID or name. +You can also use the **Identity** parameter to specify a variable that contains an authentication +policy silo object, or you can use the pipeline operator to pass an authentication policy silo +object to the **Identity** parameter. + +You can search for and use multiple authentication policies by specifying the **Filter** parameter +or the **LDAPFilter** parameter. The **Filter** parameter uses the Windows PowerShell expression +language to write query strings for Active Directory Domain Services. Windows PowerShell expression +language syntax provides rich type conversion support for value types received by the **Filter** +parameter. For more information about the **Filter** parameter syntax, type +`Get-Help about_ActiveDirectory_Filter`. If you have existing Lightweight Directory Access Protocol +(LDAP) query strings, you can use the **LDAPFilter** parameter. + +## EXAMPLES + +### Example 1: Get an authentication policy silo object + +```powershell +Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo01 +``` + +This command gets an authentication policy silo object named AuthenticationPolicySilo01. + +### Example 2: Get all authentication policy silo objects that match a filter + +```powershell +Get-ADAuthenticationPolicySilo -Filter 'Name -like "*AuthenticationPolicySilo*"' | + Format-Table Name, Enforce -AutoSize +``` + +```output +Name Enforce +---- ------- +silo True +silos False +``` + +This command gets all the authentication policy silos that match the filter specified by the +**Filter** parameter. The output is then passed to the `Format-Table` cmdlet to display the name of +the policy and the value for Enforce on each policy. + +### Example 3: Get all properties of a specific authentication policy silo + +```powershell +Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo02 -Properties * +``` + +This command gets all properties for the authentication policy silo named +`AuthenticationPolicySilo02`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory Domain Services objects. This string uses +the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax +provides rich type-conversion support for value types received by the **Filter** parameter. + +Specify the **Filter** parameter in one of the following formats: + +- To match a single filter element: `{Attribute operator "value"}` +- To match multiple filter elements: + `{(Attribute1 operator1 "value1") joinOperator (Attribute2 operator2 "value2")}` + +Windows PowerShell wildcards other than `*`, such as `?`, are not supported by the **Filter** +syntax. + +Valid filter operators are: + + `-eq`, `-le`, `-ge`, `-ne`, `-lt`, `-gt`, `-approx`, `-bor`, `-band`, `-recursivematch`, `-like`, + `-notlike` + +Valid join operators are: + +`-and`, `-or` + +The not operator is `-not`. + +For a list of supported types for values, see `about_ActiveDirectory_ObjectModel`. For more +information about the **Filter** parameter, see `about_ActiveDirectory_Filter`. + +```yaml +Type: System.String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory Domain Services authentication policy silo object. Specify the +authentication policy silo object in one of the following formats: + +- A distinguished name +- A GUID +- A Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds +two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies a filter using the LDAP search filter syntax defined in RFC2254 to filter Active Directory +Domain Services objects. + +```yaml +Type: System.String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to get from the server. Use this parameter to get +properties that are not included in the default set. + +Specify the properties to get as a comma separated list of names. For properties that are not +default or extended properties, you must specify the LDAP display name of the property. To display +all of the properties that are set on the object, specify an asterisk (`*`) wildcard. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize + +Specifies the number of objects to include in one page for an Active Directory Domain Services +query. The default value is `256` objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize + +Specifies the maximum number of objects to return for an Active Directory Domain Services query. If +you want to get all of the objects, set this parameter to `$null`. You can use Ctrl+C to stop the +query and the return of objects. + +The default value is `$null`. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo + +This cmdlet accepts an authentication policy silo object. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo + +Returns one or more authentication policy silo objects. This cmdlet returns a default set of +**ADAuthenticationPolicySilo** property values. To retrieve additional +**ADAuthenticationPolicySilo** properties, use the **Properties** parameter. + +## NOTES + +## RELATED LINKS + +[New-ADAuthenticationPolicySilo](./New-ADAuthenticationPolicySilo.md) + +[Remove-ADAuthenticationPolicySilo](./Remove-ADAuthenticationPolicySilo.md) + +[Set-ADAuthenticationPolicySilo](./Set-ADAuthenticationPolicySilo.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessPolicy.md new file mode 100644 index 0000000000..c34010b01b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessPolicy.md @@ -0,0 +1,343 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adcentralaccesspolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADCentralAccessPolicy +--- + +# Get-ADCentralAccessPolicy + +## SYNOPSIS +Retrieves central access policies from Active Directory. + +## SYNTAX + +### Filter (Default) + +``` +Get-ADCentralAccessPolicy [-AuthType ] [-Credential ] + -Filter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +### Identity + +``` +Get-ADCentralAccessPolicy [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] + [] +``` + +### LdapFilter + +``` +Get-ADCentralAccessPolicy [-AuthType ] [-Credential ] + -LDAPFilter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADCentralAccessPolicy` cmdlet retrieves central access policies from Active Directory. + +## EXAMPLES + +### Example 1: Get a list off all central access policies + +```powershell +Get-ADCentralAccessPolicy -Filter * +``` + +This command retrieves a list of all central access policies. + +### Example 2: Get a list of specific central access policies using a filter + +```powershell +Get-ADCentralAccessPolicy -Filter "Members -eq 'Finance Documents Rule'" +``` + +This command gets the central access policies that have the central access rule +`Finance Documents Rule` as its members. + +### Example 3: Get information for a central access policy for a specific Active Directory object + +```powershell +Get-ADCentralAccessPolicy -Identity "Finance Policy" +``` + +This command gets information for a central access policy named `Finance Policy`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory Domain Services objects. This string uses +the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax +provides rich type-conversion support for value types received by the **Filter** parameter. + +Specify the **Filter** parameter in one of the following formats: + +- To match a single filter element: `{Attribute operator "value"}` +- To match multiple filter elements: + `{(Attribute1 operator1 "value1") joinOperator (Attribute2 operator2 "value2")}` + +Windows PowerShell wildcards other than `*`, such as `?`, are not supported by the **Filter** +syntax. + +Valid filter operators are: + + `-eq`, `-le`, `-ge`, `-ne`, `-lt`, `-gt`, `-approx`, `-bor`, `-band`, `-recursivematch`, `-like`, + `-notlike` + +Valid join operators are: + +`-and`, `-or` + +The not operator is `-not`. + +For a list of supported types for values, see `about_ActiveDirectory_ObjectModel`. For more +information about the **Filter** parameter, see `about_ActiveDirectory_Filter`. + +```yaml +Type: System.String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory object by providing one of the following property values. The +identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this +parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A Security Identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies a filter using the LDAP search filter syntax defined in RFC2254 to filter Active Directory +Domain Services objects. + +```yaml +Type: System.String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to get from the server. Use this parameter to get +properties that are not included in the default set. + +Specify the properties to get as a comma separated list of names. To display +all of the properties that are set on the object, specify an asterisk (`*`) wildcard. + +To specify an individual extended property, use the name of the property. For properties that are +not default or extended properties, you must specify the LDAP display name of the attribute. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize + +Specifies the number of objects to include in one page for an Active Directory Domain Services +query. The default value is `256` objects per page. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize + +Specifies the maximum number of objects to return for an Active Directory Domain Services query. If +you want to get all of the objects, set this parameter to `$null`. You can use Ctrl+C to stop the +query and the return of objects. + +The default value is `$null`. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy + +An **ADCentralAccessPolicy** object is received by the **Identity** parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy + +This cmdlet returns one or more **ADCentralAccessPolicy** objects. + +The cmdlet returns a default set of **ADCentralAccessPolicy** property +values. To retrieve additional **ADCentralAccessPolicy** properties, use the **Properties** +parameter of the cmdlet. + +## NOTES + +## RELATED LINKS + +[New-ADCentralAccessPolicy](./New-ADCentralAccessPolicy.md) + +[Remove-ADCentralAccessPolicy](./Remove-ADCentralAccessPolicy.md) + +[Set-ADCentralAccessPolicy](./Set-ADCentralAccessPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessRule.md b/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessRule.md new file mode 100644 index 0000000000..4ef5fd01ca --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADCentralAccessRule.md @@ -0,0 +1,345 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adcentralaccessrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADCentralAccessRule +--- + +# Get-ADCentralAccessRule + +## SYNOPSIS +Retrieves central access rules from Active Directory. + +## SYNTAX + +### Filter (Default) + +``` +Get-ADCentralAccessRule [-AuthType ] [-Credential ] + -Filter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +### Identity + +``` +Get-ADCentralAccessRule [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] + [] +``` + +### LdapFilter + +``` +Get-ADCentralAccessRule [-AuthType ] [-Credential ] + -LDAPFilter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADCentralAccessRule` cmdlet retrieves central access rules from Active Directory. + +## EXAMPLES + +### Example 1: Get a list of all central access rules + +```powershell +Get-ADCentralAccessRule -Filter * +``` + +This command retrieves a list of all central access rules. + +### Example 2: Get central access rules that have a specific resource condition + +```powershell +Get-ADCentralAccessRule -Filter "ResourceCondition -like '*Department*'" +``` + +This command retrieves the central access rules that have `Department` in its resource condition. + +### Example 3: Get a specific central access rule by name + +```powershell +Get-ADCentralAccessRule -Identity "Financial Documents Rule" +``` + +This command retrieves a central access rule named `Finance Documents Rule`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory Domain Services objects. This string uses +the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax +provides rich type-conversion support for value types received by the **Filter** parameter. + +Specify the **Filter** parameter in one of the following formats: + +- To match a single filter element: `{Attribute operator "value"}` +- To match multiple filter elements: + `{(Attribute1 operator1 "value1") joinOperator (Attribute2 operator2 "value2")}` + +Windows PowerShell wildcards other than `*`, such as `?`, are not supported by the **Filter** +syntax. + +Valid filter operators are: + + `-eq`, `-le`, `-ge`, `-ne`, `-lt`, `-gt`, `-approx`, `-bor`, `-band`, `-recursivematch`, `-like`, + `-notlike` + +Valid join operators are: + +`-and`, `-or` + +The not operator is `-not`. + +For a list of supported types for values, see `about_ActiveDirectory_ObjectModel`. For more +information about the **Filter** parameter, see `about_ActiveDirectory_Filter`. + +```yaml +Type: System.String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory object by providing one of the following property values. The +identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this +parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADCentralAccessRule +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies a filter using the LDAP search filter syntax defined in RFC2254 to filter Active Directory +Domain Services objects. + +```yaml +Type: System.String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to get from the server. Use this parameter to get +properties that are not included in the default set. + +Specify the properties to get as a comma separated list of names. To display +all of the properties that are set on the object, specify an asterisk (`*`) wildcard. + +To specify an individual extended property, use the name of the property. For properties that are +not default or extended properties, you must specify the LDAP display name of the attribute. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize + +Specifies the number of objects to include in one page for an Active Directory Domain Services +query. The default value is `256` objects per page. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize + +Specifies the maximum number of objects to return for an Active Directory Domain Services query. If +you want to get all of the objects, set this parameter to `$null`. You can use Ctrl+C to stop the +query and the return of objects. + +The default value is `$null`. + +```yaml +Type: System.Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry + +An **ADCentralAccessPolicyEntry** object is received by the **Identity** parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADCentralAccessRule + +Returns one or more **ADCentralAccessRule** objects. + +The cmdlet returns a default set of **ADCentralAccessRule** property +values. To retrieve additional **ADCentralAccessRule** properties, use the **Properties** parameter +of the cmdlet. + +## NOTES + +## RELATED LINKS + +[New-ADCentralAccessRule](./New-ADCentralAccessRule.md) + +[Remove-ADCentralAccessRule](./Remove-ADCentralAccessRule.md) + +[Set-ADCentralAccessRule](./Set-ADCentralAccessRule.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADClaimTransformPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADClaimTransformPolicy.md new file mode 100644 index 0000000000..fd82e9bf2a --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADClaimTransformPolicy.md @@ -0,0 +1,313 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adclaimtransformpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADClaimTransformPolicy +--- + +# Get-ADClaimTransformPolicy + +## SYNOPSIS +Returns one or more Active Directory claim transform objects based on a specified filter. + +## SYNTAX + +### Filter (Default) + +``` +Get-ADClaimTransformPolicy [-AuthType ] [-Credential ] + -Filter [-Properties ] [-Server ] [] +``` + +### Identity + +``` +Get-ADClaimTransformPolicy [-AuthType ] [-Credential ] + [[-Identity] ] [-Properties ] [-Server ] + [] +``` + +### LdapFilter + +``` +Get-ADClaimTransformPolicy [-AuthType ] [-Credential ] + -LDAPFilter [-Properties ] [-Server ] [] +``` + +## DESCRIPTION + +The `Get-ADClaimTransformPolicy` cmdlet returns one or more Active Directory claim transform objects +based on a specified filter. + +## EXAMPLES + +### Example 1: Get a list of all claims transformation policies + +```powershell +Get-ADClaimTransformPolicy -Filter * +``` + +This command retrieves a list of all claims transformation policies. + +### Example 2: Get all the claims transformation policies that are applied to a specific trust + +```powershell +$trust = Get-ADTrust -Identity "corp.contoso.com" +$filter = "IncomingTrust -eq '$trust' -or OutgoingTrust -eq '$trust'" +Get-ADClaimTransformPolicy -Filter $filter +``` + +This example gets all the claims transformation policies that are applied to trusts made with +`corp.contoso.com`. + +### Example 3: Get the claims transformation policy with a specify policy name + +```powershell +Get-ADClaimTransformPolicy -Identity DenyAllPolicy +``` + +This command gets the claims transformation policy with the name `DenyAllPolicy`. + +### Example 4: Get information on claims using a LDAP based query filter + +```powershell +Get-ADClaimTransformPolicy -LDAPFilter "(name=DenyAll*)" +``` + +This command gets information on any claims transformation policies using an LDAP-based query filter +that looks for matches where policies have a name that starts with the word `DenyAll`. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is `Negotiate`. + +A Secure Sockets Layer (SSL) connection is required for the `Basic` authentication method. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory module +for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account +associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can +specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet prompts +for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory Domain Services objects. This string uses +the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax +provides rich type-conversion support for value types received by the **Filter** parameter. + +Specify the **Filter** parameter in one of the following formats: + +- To match a single filter element: `{Attribute operator "value"}` +- To match multiple filter elements: + `{(Attribute1 operator1 "value1") joinOperator (Attribute2 operator2 "value2")}` + +Windows PowerShell wildcards other than `*`, such as `?`, are not supported by the **Filter** +syntax. + +Valid filter operators are: + + `-eq`, `-le`, `-ge`, `-ne`, `-lt`, `-gt`, `-approx`, `-bor`, `-band`, `-recursivematch`, `-like`, + `-notlike` + +Valid join operators are: + +`-and`, `-or` + +The not operator is `-not`. + +For a list of supported types for values, see `about_ActiveDirectory_ObjectModel`. For more +information about the **Filter** parameter, see `about_ActiveDirectory_Filter`. + +```yaml +Type: System.String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory object by providing one of the following property values. The +identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this +parameter are: + +- A distinguished name + +The cmdlet searches the default naming context or partition to find the object. If two or more +objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies a filter using the LDAP search filter syntax defined in RFC2254 to filter Active Directory +Domain Services objects. + +```yaml +Type: System.String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to get from the server. Use this parameter to get +properties that are not included in the default set. + +Specify the properties to get as a comma separated list of names. To display +all of the properties that are set on the object, specify an asterisk (`*`) wildcard. + +To specify an individual extended property, use the name of the property. For properties that are +not default or extended properties, you must specify the LDAP display name of the attribute. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by providing one of the +following values for a corresponding domain name or directory server. The service may be any of the +following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows + PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy + +A claim transform policy object is received by the **Identity** parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy + +## NOTES + +## RELATED LINKS + +[New-ADClaimTransformPolicy](./New-ADClaimTransformPolicy.md) + +[Remove-ADClaimTransformPolicy](./Remove-ADClaimTransformPolicy.md) + +[Set-ADClaimTransformPolicy](./Set-ADClaimTransformPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADClaimType.md b/docset/winserver2025-ps/activedirectory/Get-ADClaimType.md new file mode 100644 index 0000000000..65cf5fbe58 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADClaimType.md @@ -0,0 +1,322 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adclaimtype?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADClaimType +--- + +# Get-ADClaimType + +## SYNOPSIS +Returns a claim type from Active Directory. + +## SYNTAX + +### Filter (Default) +``` +Get-ADClaimType [-AuthType ] [-Credential ] -Filter [-Properties ] + [-ResultPageSize ] [-ResultSetSize ] [-Server ] [] +``` + +### Identity +``` +Get-ADClaimType [-AuthType ] [-Credential ] [-Identity] + [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADClaimType [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADClaimType** cmdlet returns a claim type defined in Active Directory. + +## EXAMPLES + +### Example 1: Get a list of all claim types using a filter +``` +PS C:\> Get-ADClaimType -Filter * +``` + +This command retrieves a list of all claim types. + +### Example 2: Get all the claim types that are sourced from the attribute title. +``` +PS C:\> Get-ADClaimType -Filter "SourceAttribute -eq 'title'" +``` + +This command gets all the claim types that are sourced from the attribute title. + +### Example 3: Get a claim type with a specified display name +``` +PS C:\> Get-ADClaimType -Identity "Employee Type" +``` + +This command gets the claim type with display name Employee Type. + +### Example 4: Get all properties of a claim type with a specified display name +``` +PS C:\> Get-ADClaimType -Identity "Employee Type" -Properties * +``` + +This command gets all properties of the claim type with display name Employee Type. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the Windows PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, see about_ActiveDirectory_ObjectModel. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using Lightweight Directory Access Protocol (LDAP) query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADClaimType +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADClaimType + +## NOTES + +## RELATED LINKS + +[New-ADClaimType](./New-ADClaimType.md) + +[Remove-ADClaimType](./Remove-ADClaimType.md) + +[Set-ADClaimType](./Set-ADClaimType.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADComputer.md b/docset/winserver2025-ps/activedirectory/Get-ADComputer.md new file mode 100644 index 0000000000..86198f08f2 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADComputer.md @@ -0,0 +1,676 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adcomputer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADComputer +--- + +# Get-ADComputer + +## SYNOPSIS + +Gets one or more Active Directory computers. + +## SYNTAX + +### Filter (Default) + +```powershell +Get-ADComputer [-AuthType ] [-Credential ] + -Filter [-Properties ] [-ResultPageSize ] + [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [] +``` + +### Identity + +```powershell +Get-ADComputer [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Properties ] + [-Server ] [] +``` + +### LdapFilter + +```powershell +Get-ADComputer [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] + [-SearchBase ] [-SearchScope ] [-Server ] + [] +``` + +## DESCRIPTION + +The `Get-ADComputer` cmdlet gets a computer or performs a search to retrieve multiple computers. + +The **Identity** parameter specifies the Active Directory computer to retrieve. +You can identify a computer by its distinguished name, GUID, security identifier +(SID) or Security Accounts Manager (SAM) account name. You can also set the +parameter to a computer object variable, such as `$` or +pass a computer object through the pipeline to the **Identity** parameter. + +To search for and retrieve more than one computer, use the **Filter** or **LDAPFilter** parameters. +The **Filter** parameter uses the PowerShell Expression Language to write query strings for Active +Directory. PowerShell Expression Language syntax provides rich type conversion support for value +types received by the **Filter** parameter. For more information about the **Filter** parameter +syntax, type `Get-Help` +[about_ActiveDirectory_Filter](/previous-versions/windows/server/hh531527(v=ws.10)). If you have +existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the **LDAPFilter** +parameter. + +This cmdlet retrieves a default set of computer object properties. To retrieve additional +properties use the **Properties** parameter. For more information about the how to determine the +properties for computer objects, see the **Properties** parameter description. + +## EXAMPLES + +### Example 1: Get specific computer that shows all properties + +```powershell +Get-ADComputer -Identity "User01-SRV1" -Properties * +``` + +```Output + + +AccountExpirationDate : +accountExpires : 9223372036854775807 +AccountLockoutTime : +AccountNotDelegated : False +AllowReversiblePasswordEncryption : False +BadLogonCount : +CannotChangePassword : False +CanonicalName : fabrikam.com/Computers/User01-srv1 +Certificates : {} +CN : User01-srv1 +codePage : 0 +countryCode : 0 +Created : 3/16/2009 4:15:00 PM +createTimeStamp : 3/16/2009 4:15:00 PM +Deleted : +Description : DisplayName : +DistinguishedName : CN= User01-srv1,CN=Computers,DC=fabrikam,DC=com +DNSHostName : User01-srv1 +DoesNotRequirePreAuth : False +dSCorePropagationData : {3/16/2009 4:21:51 PM, 12/31/1600 4:00:01 PM} +Enabled : True +HomedirRequired : False +HomePage : +instanceType : 0 +IPv4Address : +IPv6Address : +isCriticalSystemObject : False +isDeleted : +LastBadPasswordAttempt : +LastKnownParent : +LastLogonDate : +localPolicyFlags : 0 +Location : NA/HQ/Building A +LockedOut : False +ManagedBy : CN=SQL Administrator 01,OU=UserAccounts,OU=Managed,DC=fabrikam,DC=com +MemberOf : {} +MNSLogonAccount : False +Modified : 3/16/2009 4:23:01 PM +modifyTimeStamp : 3/16/2009 4:23:01 PM +msDS-User-Account-Control-Computed : 0 +Name : User01-srv1 +nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity +ObjectCategory : CN=Computer,CN=Schema,CN=Configuration,DC=fabrikam,DC=com +ObjectClass : computer +ObjectGUID : 828306a3-8ccd-410e-9537-e6616662c0b0 +objectSid : S-1-5-21-41432690-3719764436-1984117282-1130 +OperatingSystem : +OperatingSystemHotfix : +OperatingSystemServicePack : +OperatingSystemVersion : +PasswordExpired : False +PasswordLastSet : +PasswordNeverExpires : False +PasswordNotRequired : False +PrimaryGroup : CN=Domain Computers,CN=Users,DC=fabrikam,DC=com +primaryGroupID : 515 +ProtectedFromAccidentalDeletion : False +pwdLastSet : 0 +SamAccountName : User01-srv1$ +sAMAccountType : 805306369 +sDRightsEffective : 0 +ServiceAccount : {} +servicePrincipalName : {MSOLAPSVC.3/User01-SRV1.fabrikam.com:analyze, MSSQLSVC/User01-SRV1.fabrikam.com:1456} +ServicePrincipalNames : {MSOLAPSVC.3/User01-SRV1.fabrikam.com:analyze, MSSQLSVC/User01-SRV1.fabrikam.com:1456} +SID : S-1-5-21-41432690-3719764436-1984117282-1130 +SIDHistory : {} +TrustedForDelegation : False +TrustedToAuthForDelegation : False +UseDESKeyOnly : False +userAccountControl : 4096 +userCertificate : {} +UserPrincipalName : +uSNChanged : 36024 +uSNCreated : 35966 +whenChanged : 3/16/2009 4:23:01 PM +whenCreated : 3/16/2009 4:15:00 PM +``` + +This command gets a specific computer showing all the properties. + +### Example 2: Get all computers with a name starting with a particular string + +```powershell +Get-ADComputer -Filter 'Name -like "User01*"' -Properties IPv4Address | + Format-Table Name, DNSHostName, IPv4Address -AutoSize +``` + +```Output +name dnshostname ipv4address +---- ----------- ----------- +User01-SRV1 User01-SRV1.User01.com 10.194.99.181 +User01-SRV2 User01-SRV2.User01.com 10.194.100.3 +``` + +This command gets all the computers with a name starting with a particular +string and shows the name, DNS hostname, and IPv4 address. + +### Example 3: Gets all computers that have changed their password in specific time frame + +```powershell +$Date = [DateTime]::Today.AddDays(-90) +Get-ADComputer -Filter 'PasswordLastSet -ge $Date' -Properties PasswordLastSet | + Format-Table Name, PasswordLastSet +``` + +```Output +Name PasswordLastSet +---- --------------- +USER01-SRV4 3/12/2009 6:40:37 PM +USER01-SRV5 3/12/2009 7:05:45 PM +``` + +This command gets all the computers that have changed their password in the last 90 days. + +### Example 4: Get computer accounts in a specific location using an LDAPFilter + +```powershell +Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC= User01,DC=com" +``` + +```Output +name +---- +pattiful-laptop +davidche-laptop +``` + +This command gets the computer accounts in the location +`CN=Computers,DC=User01,DC=com` that are listed as laptops by using an +**LDAPFilter**. + +### Example 5: Get all computer accounts using a filter + +```powershell +Get-ADComputer -Filter * +``` + +This command gets all computer accounts. + +### Example 6: Get all computers with a name starting with Computer01 or Computer02 + +```powershell +Get-ADComputer -Filter 'Name -like "Computer01*" -or Name -like "Computer02*"' -Properties IPv4Address | + Format-Table Name, DNSHostName, IPv4Address -AutoSize +``` + +```Output +name dnshostname ipv4address +---- ----------- ----------- +Computer01-SRV1 Computer01-SRV1.Computer01.com 10.194.99.181 +Computer02-SRV2 Computer02-SRV2.Computer02.com 10.194.100.3 +``` + +### Example 7: Get all computers with a name starting with a string AND password last set before 30 days + +```powershell +$Date = [DateTime]::Today.AddDays(-30) +Get-ADComputer -Filter 'Name -like "Computer01*" -and PasswordLastSet -ge $Date' -Properties IPv4Address | + Format-Table Name, DNSHostName, IPv4Address -AutoSize +``` + +```Output +name dnshostname ipv4address +---- ----------- ----------- +Computer01-SRV1 Computer01-SRV1.Computer01.com 10.194.99.181 +``` + +This command shows the name, DNS hostname, and IPv4 address. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default +credentials are the credentials of the currently logged on user unless the +cmdlet is run from an Active Directory module for Windows PowerShell provider +drive. If the cmdlet is run from such a provider drive, the account associated +with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you +can specify a **PSCredential** object. If you specify a user name for this parameter, the cmdlet +prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the +`Get-Credential` cmdlet. You can then set the **Credential** parameter to the +**PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, the cmdlet +returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter + +Specifies a query string that retrieves Active Directory objects. This string +uses the Windows PowerShell Expression Language syntax. The Windows PowerShell +Expression Language syntax provides rich type-conversion support for value types received by the +**Filter** parameter. The syntax uses an in-order representation, which means that the operator is +placed between the operand and the value. For more information about the **Filter** parameter, type +`Get-Help` [about_ActiveDirectory_Filter](/previous-versions/windows/server/hh531527(v=ws.10)). + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the Windows +PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +> [!NOTE] +> Wildcards other than `*`, such as `?`, are not supported by the **Filter** syntax. + +> [!NOTE] +> To query using LDAP query strings, use the **LDAPFilter** parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory computer object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (`objectGUID`) +- A security identifier (`objectSid`) +- A Security Accounts Manager account name (`sAMAccountName`) + +The cmdlet searches the default naming context or partition to find the object. +If the identifier given is a distinguished name, the partition to search is +computed from that distinguished name. If two or more objects are found, the +cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this +parameter to a computer object instance. + +```yaml +Type: ADComputer +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. The **Filter** +parameter syntax supports the same functionality as the LDAP syntax. For more +information, see the **Filter** parameter description or type `Get-Help` +[about_ActiveDirectory_Filter](/previous-versions/windows/server/hh531527(v=ws.10)). + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value +is specified. The rules for determining the default value are given below. Note +that rules listed first are evaluated first and once a default value can be +determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for +**Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a +default value for **Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties + +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. For +properties that are not default or extended properties, you must specify the +LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the `Get-*` cmdlet associated +with the object and pass the output to the `Get-Member` cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize + +Specifies the number of objects to include in one page for an Active Directory +Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize + +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase + +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value +of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an +Active Directory Domain Services target, the default value of this parameter is +the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an +AD LDS target, the default value is the default naming context of the target AD +LDS instance if one has been specified by setting the +**msDS-defaultNamingContext** property of the Active Directory directory service +agent object (**nTDSDSA**) for the AD LDS instance. If no default naming context +has been specified for the target AD LDS instance, then this parameter has no +default value. + +When the value of the **SearchBase** parameter is set to an empty string and you are connected to a +global catalog port, all partitions are searched. If the value of the **SearchBase** parameter is +set to an empty string and you are not connected to a global catalog port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope + +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the Active Directory Domain Services instance to connect to, by +providing one of the following values for a corresponding domain name or +directory server. The service may be any of the following: Active Directory +Lightweight Domain Services, Active Directory Domain Services or Active +Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following +methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain + Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, +-ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, +-OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. +For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer + +A computer object is received by the **Identity** parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADComputer + +Returns one or more computer objects. + +This Get-ADComputer cmdlet returns a default set of **ADComputer** property values. +To retrieve additional **ADComputer** properties, use the **Properties** parameter of this cmdlet. + +To view the properties for an **ADComputer** object, see the following examples. +To run these examples, replace `` with a computer identifier such as +the SAM account name of your local computer. + +To get a list of the default set of properties of an ADComputer object, use the following command: + +`Get-ADComputer`\`| Get-Member` + +To get a list of all the properties of an ADComputer object, use the following command: + +`Get-ADComputer`\`-Properties ALL | Get-Member` + +## NOTES + +- This cmdlet doesn't work with AD LDS with its default schema. By default the AD LDS schema + doesn't have a computer class, but if the schema is extended to include it, this cmdlet will work + with LDS. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[New-ADComputer](./New-ADComputer.md) + +[Remove-ADComputer](./Remove-ADComputer.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[Set-ADComputer](./Set-ADComputer.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADComputerServiceAccount.md b/docset/winserver2025-ps/activedirectory/Get-ADComputerServiceAccount.md new file mode 100644 index 0000000000..04037e69f3 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADComputerServiceAccount.md @@ -0,0 +1,223 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adcomputerserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADComputerServiceAccount +--- + +# Get-ADComputerServiceAccount + +## SYNOPSIS +Gets the service accounts hosted by a computer. + +## SYNTAX + +``` +Get-ADComputerServiceAccount [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADComputerServiceAccount** cmdlet gets all of the service accounts that are hosted by the specified computer. + +The *Computer* parameter specifies the Active Directory computer that hosts the service accounts. +You can identify a computer by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. +You can also set the *Computer* parameter to a computer object variable, such as `$`, or pass a computer object through the pipeline to the *Computer* parameter. +For example, you can use the **Get-ADComputer** cmdlet to retrieve a computer object and then pass the object through the pipeline to the **Get-ADComputerServiceAccount** cmdlet. + +## EXAMPLES + +### Example 1: Get all service accounts hosted on a specified computer account +``` +PS C:\> Get-ADComputerServiceAccount -Identity ComputerAcct1 +Enabled : True +Name : SvcAcct1 +UserPrincipalName : +SamAccountName : SvcAcct1$ +ObjectClass : msDS-ManagedServiceAccount +SID : S-1-5-21-159507390-2980359153-3438059098-1104 +ObjectGUID : 8d759d66-ef68-4360-aff6-ec3bb3425ac1 +HostComputers : {CN=ComputerAcct1,CN=Computers,DC=contoso,DC=com} +DistinguishedName : CN=SvcAcct1,CN=Managed Service Accounts,DC=contoso,DC=com +``` + +This command gets the service accounts hosted on a computer account ComputerAcct1. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory computer object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- Security Accounts Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If the identifier given is a distinguished name, the partition to search is computed from that distinguished name. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. + +```yaml +Type: ADComputer +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADComputer +A computer object is received by the Computer parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADServiceAccount +Returns one or more objects that represent the service accounts hosted by the specified computer. + +## NOTES +* This cmdlet does not work with AD LDS. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDCCloningExcludedApplicationList.md b/docset/winserver2025-ps/activedirectory/Get-ADDCCloningExcludedApplicationList.md new file mode 100644 index 0000000000..06bae87721 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDCCloningExcludedApplicationList.md @@ -0,0 +1,122 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addccloningexcludedapplicationlist?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDCCloningExcludedApplicationList +--- + +# Get-ADDCCloningExcludedApplicationList + +## SYNOPSIS +Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list. + +## SYNTAX + +### Default (Default) +``` +Get-ADDCCloningExcludedApplicationList [] +``` + +### Xml +``` +Get-ADDCCloningExcludedApplicationList [-Force] [-GenerateXml] [-Path ] [] +``` + +## DESCRIPTION +The **Get-ADDCCloningExcludedApplicationList** cmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. +The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. +If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. +Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail. + +Once you have granted a source virtualized domain controller permissions to be cloned, the **Get-ADDCCloningExcludedApplicationList** cmdlet should be run a first time with no additional parameters on the source virtualized domain controller to identify all programs or services that are to be evaluated for cloning. +Next, vet the returned list with your software vendors and remove any applications from the list that cannot be safely cloned. +Finally, you can run the **Get-ADDCCloningExcludedApplicationList** cmdlet again using the *GenerateXml* parameter set to create the CustomDCCloneAllowList.xml file. + +The **Get-ADDCCloningExcludedApplicationList** cmdlet needs to be run before the **New-ADDCCloneConfigFile** cmdlet is used because if the **New-ADDCCloneConfigFile** cmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. + +## EXAMPLES + +### Example 1: Display the excluded application list to the console +``` +PS C:\> Get-ADDCCloningExcludedApplicationList +``` + +This command displays the excluded application list to the console. +If there is already a CustomDCCloneAllowList.xml file, this cmdlet displays the delta of that list compared to the operating system, which may be nothing if the lists match. + +### Example 2: Generate the excluded application list and save it as a file +``` +PS C:\> Get-ADDCCloningExcludedApplicationList -GenerateXml -Path C:\Windows\NTDS -Force +``` + +This command generates the excluded application list as a file named CustomDCCloneAllowList.xml at the specified folder path, C:\Windows\NTDS, and forces overwrite if a file by that name is found to already exist at that path location. + +## PARAMETERS + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: Xml +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GenerateXml +Indicates whether to create the CustomDCCloneAllowList.xml file and writes it in the location specified using the *Path* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: Xml +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the folder path to use when creating the CustomDCCloneAllowList.xml file using the *GenerateXml* parameter. + +```yaml +Type: String +Parameter Sets: Xml +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### ADEntity + +## NOTES + +## RELATED LINKS + +[New-ADDCCloneConfigFile](./New-ADDCCloneConfigFile.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDefaultDomainPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADDefaultDomainPasswordPolicy.md new file mode 100644 index 0000000000..23b38e7b42 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDefaultDomainPasswordPolicy.md @@ -0,0 +1,233 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addefaultdomainpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDefaultDomainPasswordPolicy +--- + +# Get-ADDefaultDomainPasswordPolicy + +## SYNOPSIS +Gets the default password policy for an Active Directory domain. + +## SYNTAX + +### Current (Default) +``` +Get-ADDefaultDomainPasswordPolicy [-AuthType ] [-Credential ] + [[-Current] ] [-Server ] [] +``` + +### Identity +``` +Get-ADDefaultDomainPasswordPolicy [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADDefaultDomainPasswordPolicy** cmdlet gets the default password policy for a domain. + +The *Identity* parameter specifies the Active Directory domain. +You can identify a domain by its distinguished name, GUID, Security Identifier (SID), DNS domain name, or NETBIOS name. +You can also set the parameter to a domain object variable, such as `$` or pass a domain object through the pipeline to the *Identity* parameter. + +## EXAMPLES + +### Example 1: Get the default domain password policy from the logged on user domain +``` +PS C:\> Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser +``` + +This command gets the default domain password policy from current logged on user domain. + +### Example 2: Get the default domain password policy from the current local computer +``` +PS C:\> Get-ADDefaultDomainPasswordPolicy -Current LocalComputer +``` + +This command gets the default domain password policy from current local computer. + +### Example 3: Get the default domain password policy from a specified domain +``` +PS C:\> Get-ADDefaultDomainPasswordPolicy -Identity fabrikam.com +``` + +This command gets the default domain password policy from the domain specified by the **Site** parameter. + +### Example 4: Get the default domain password policy objects from all the domains in the forest +``` +PS C:\> (Get-ADForest -Current LoggedOnUser).Domains | %{ Get-ADDefaultDomainPasswordPolicy -Identity $_ } +``` + +This command gets the default domain password policy objects from all the domains in the forest. + +### Example 5: Get the default domain password policy from the logged on user domain. +``` +PS C:\> Get-ADDefaultDomainPasswordPolicy +``` + +This command gets the default domain password policy from current logged on user domain. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the Credential parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Current +Specifies whether to return the domain of the local computer or the current logged on user. +The acceptable values for this parameter are: + +- LocalComputer or 0 +- LoggedOnUser or 1 + +```yaml +Type: ADCurrentDomainType +Parameter Sets: Current +Aliases: +Accepted values: LocalComputer, LoggedOnUser + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +All values are for the domainDNS object that represents the domain. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A DNS domain name +- A NetBIOS domain name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. + +```yaml +Type: ADDefaultDomainPasswordPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomain +A domain object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADDefaultDomainPasswordPolicy +Returns the default domain password policy object for the specified domain. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Set-ADDefaultDomainPasswordPolicy](./Set-ADDefaultDomainPasswordPolicy.md) + +[Get-ADDomain](./Get-ADDomain.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDomain.md b/docset/winserver2025-ps/activedirectory/Get-ADDomain.md new file mode 100644 index 0000000000..2b9853a3bc --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDomain.md @@ -0,0 +1,274 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addomain?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDomain +--- + +# Get-ADDomain + +## SYNOPSIS +Gets an Active Directory domain. + +## SYNTAX + +### Current (Default) +``` +Get-ADDomain [-AuthType ] [-Credential ] [-Current ] + [-Server ] [] +``` + +### Identity +``` +Get-ADDomain [-AuthType ] [-Credential ] [-Identity] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADDomain** cmdlet gets the Active Directory domain specified by the parameters. +You can specify the domain by setting the *Identity* or *Current* parameters. + +The *Identity* parameter specifies the Active Directory domain to get. +You can identify the domain object to get by its distinguished name, GUID, Security Identifier (SID), DNS domain name, or NetBIOS name. +You can also set the parameter to a domain object variable, such as `$` or pass a domain object through the pipeline to the *Identity* parameter. + +To get the domain of the local computer or current logged on user set the *Current* parameter to LocalComputer or LoggedOnUser. +When you set the *Current* parameter, you do not need to set the *Identity* parameter. + +When the *Current* parameter is set to LocalComputer or LoggedOnUser, the cmdlet uses the *Server* and *Credential* parameters according to the following rules. + +- If both the *Server* and *Credential* parameters are not specified: +- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. The credentials of the current logged on user are used to get the domain. +- If the *Server* parameter is specified and the *Credential* parameter is not specified: +- The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials of the current logged on user are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. +- If the *Server* parameter is not specified and the *Credential* parameter is specified: +- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. Then the credentials specified by the *Credential* parameter are used to get the domain. +- If the *Server* and *Credential* parameters are specified: +- The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials specified by the *Credential* parameter are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. + +## EXAMPLES + +### Example 1: Get domain information from Active Directory +``` +PS C:\> Get-ADDomain -Identity user.com +``` + +This command gets the domain information for the domain user.com. + +### Example 2: Get domain information of the current local computer domain +``` +PS C:\> Get-ADDomain -Current LocalComputer +``` + +This command gets the domain information of the current local computer domain. + +### Example 3: Get domain information for the domain of the currently logged in user +``` +PS C:\> Get-ADDomain -Current LoggedOnUser +``` + +This command gets the domain information for the domain of the currently logged on user. + +### Example 4: Get domain information for the domain of the currently logged in user +``` +PS C:\> Get-ADDomain +AllowedDNSSuffixes : {} +ChildDomains : {} +ComputersContainer : CN=Computers,DC=User04,DC=com +DeletedObjectsContainer : CN=Deleted Objects,DC=User04,DC=com +DistinguishedName : DC=User04,DC=com +DNSRoot : User04.com +DomainControllersContainer : OU=Domain Controllers,DC=User04,DC=com +DomainMode : Windows2003Domain +DomainSID : S-1-5-21-41432690-3719764436-1984117282 +ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=User04,DC=com +Forest : User04.com +InfrastructureMaster : User04-DC1.User04.com +LastLogonReplicationInterval : +LinkedGroupPolicyObjects : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=User04,DC=com} +LostAndFoundContainer : CN=LostAndFound,DC=User04,DC=com +ManagedBy : +Name : User04 +NetBIOSName : USER04 +ObjectClass : domainDNS +ObjectGUID : b63b4f44-58b9-49cf-8911-b36e8575d5eb +ParentDomain : +PDCEmulator : User04-DC1.User04.com +QuotasContainer : CN=NTDS Quotas,DC=User04,DC=com +ReadOnlyReplicaDirectoryServers : {CSD2722780.User04.com} +ReplicaDirectoryServers : {User04-DC1.User04.com} +RIDMaster : User04-DC1.User04.com +SubordinateReferences : {DC=ForestDnsZones,DC=User04,DC=com, DC=DomainDnsZones,DC=User04,DC=com, CN=Co +nfiguration,DC=User04,DC=com} +SystemsContainer : CN=System,DC=User04,DC=com +UsersContainer : CN=Users,DC=User04,DC=com +``` + +This command gets the domain information for the domain of the currently logged on user. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Current +Specifies whether to return the domain of the local computer or the current logged on user. +The acceptable values for this parameter are: + +- LocalComputer or 0 +- LoggedOnUser or 1 + +```yaml +Type: ADCurrentDomainType +Parameter Sets: Current +Aliases: +Accepted values: LocalComputer, LoggedOnUser + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +All values are for the **domainDNS** object that represents the domain. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A DNS domain name +- A NetBIOS domain name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. + +```yaml +Type: ADDomain +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomain +A domain object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADDomain +This cmdlet returns one or more domain objects. + +The cmdlet returns all of the properties of the domain. +To view all of the properties for an **ADDomain** object, use the following command and replace \ with a domain controller identifier such as a DNS host name. + +`Get-ADDomain`\`| Get-Member` + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Set-ADDomain](./Set-ADDomain.md) + +[Set-ADDomainMode](./Set-ADDomainMode.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDomainController.md b/docset/winserver2025-ps/activedirectory/Get-ADDomainController.md new file mode 100644 index 0000000000..b1a65dd343 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDomainController.md @@ -0,0 +1,481 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addomaincontroller?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDomainController +--- + +# Get-ADDomainController + +## SYNOPSIS +Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name. + +## SYNTAX + +### Identity (Default) +``` +Get-ADDomainController [-AuthType ] [-Credential ] [[-Identity] ] + [-Server ] [] +``` + +### DiscoverByService +``` +Get-ADDomainController [-AuthType ] [-AvoidSelf] [-Discover] [-DomainName ] + [-ForceDiscover] [-MinimumDirectoryServiceVersion ] [-NextClosestSite] + [-Service ] [-SiteName ] [-Writable] [] +``` + +### Filter +``` +Get-ADDomainController [-AuthType ] [-Credential ] -Filter + [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADDomainController** cmdlet gets the domain controllers specified by the parameters. +You can get domain controllers by setting the *Identity*, *Filter* or *Discover* parameters. + +The *Identity* parameter specifies the domain controller to get. +You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. +You can also identify a domain controller by the name of the server object that represents the domain controller, the distinguished name of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the distinguished name of the computer object that represents the domain controller. +You can also set the *Identity* parameter to a domain controller object variable, such as `$`, or pass a domain controller object through the pipeline to the *Identity* parameter. + +To search for and retrieve more than one domain controller, use the *Filter* parameter. +The *Filter* parameter uses the Windows PowerShell Expression Language to write query strings for Active Directory. +Windows PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +You cannot use a Lightweight Directory Access Protocol (LDAP) query string with this cmdlet. + +To get a domain controller by using the discovery mechanism of DCLocator, use the *Discover* parameter. +You can provide search criteria by setting parameters such as *Service*, *SiteName*, *DomainName*, *NextClosestSite*, *AvoidSelf*, and *ForceDiscover*. + +## EXAMPLES + +### Example 1: Get a domain controller in a specified site +``` +PS C:\> Get-ADDomainController -Discover -Site "Default-First-Site-Name" +``` + +This command gets one available domain controller in the site specified by the *Site* parameter. +The command uses Discovery. + +### Example 2: Get an available domain controller using force discovery in a specified site +``` +PS C:\> Get-ADDomainController -Discover -Site "Default-First-Site-Name" -ForceDiscover +``` + +This command force discovers or finds one available domain controller in the site specified by the *Site* parameter. + +### Example 3: Get a global catalog in the current forest using discovery +``` +PS C:\> Get-ADDomainController -Discover -Service "GlobalCatalog" +``` + +This command gets a global catalog in the current forest using Discovery. + +### Example 4: Get an available domain controller in the current domain using discovery +``` +PS C:\> Get-ADDomainController -Discover +``` + +This command gets one available domain controller in the current domain using Discovery. + +### Example 5: Get an available domain controller in a given domain using discovery +``` +PS C:\> Get-ADDomainController -Discover -Domain "user01.com" +``` + +This command gets one available domain controller in a given domain using Discovery. + +### Example 6: Get the primary domain controller that is advertising as a time server using discovery +``` +PS C:\> Get-ADDomainController -Discover -Domain "corp.contoso.com" -Service "PrimaryDC","TimeService" +``` + +This command gets the primary domain controller using Discovery and make sure that is advertising as a time server. + +### Example 7: Get a domain controller using its NetBIOS name +``` +PS C:\> Get-ADDomainController -Identity "PDC-01" +``` + +This command gets a domain controller using its NetBIOS name. + +### Example 8: Get a domain controller using its DNS host name in a specified site using administrator credentials +``` +PS C:\> Get-ADDomainController -Identity "TK5-CORP-DC-10.user01.com" -Server "user01.com" -Credential "corp\administrator" +``` + +This command gets a domain controller using its DNS host name, in the domain specified by the *Site* parameter, specified in *Server* parameter, and specifying administrator credentials. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AvoidSelf +Specifies to not return the current computer as a domain controller. +If the current computer is not a domain controller, this parameter is ignored. +You can specify this parameter when you want to get the name of another domain controller in the domain. + +```yaml +Type: SwitchParameter +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: Identity, Filter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Discover +Specifies to return a discoverable domain controller that meets the conditions specified by the cmdlet parameters. + +To get a domain controller by using the discovery mechanism of DCLocator, use the *Discover* parameter. +Along with this parameter, you can provide search criteria by setting parameters such as *Service*, *SiteName*, *DomainName*, *NextClosestSite*, *AvoidSelf*, and *ForceDiscover*. + +```yaml +Type: SwitchParameter +Parameter Sets: DiscoverByService +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName +Specifies the domain to search. +The cmdlet locates a discoverable domain controller in this domain. +Specify the domain by using the NetBIOS name or Fully Qualified Domain Name (FQDN) of the domain. + +```yaml +Type: String +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the Windows PowerShell Expression Language syntax. +The Windows PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the Windows PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceDiscover +Indicates that the cmdlet to clears any cached domain controller information and perform a new discovery. +If this parameter is not specified the cmdlet may return cached domain controller information. + +```yaml +Type: SwitchParameter +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain controller object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +Unless specified otherwise, these values are for the server object that represents the domain controller. +The acceptable values for this parameter are: + +- A GUID (objectGUID) +- An IPV4Address +- A Global IPV6Address +- A DNS Host Name (dNSHostName) +- The name of the server object +- The distinguished name of the NTDS Settings object +- The distinguished name of the server object that represents the domain controller +- The GUID of NTDS settings object under the configuration partition +- The GUID of server object under the configuration partition +- The distinguished name of the computer object that represents the domain controller + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDomainController +Parameter Sets: Identity +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -MinimumDirectoryServiceVersion +Species the earliest operating system that the domain controller can have so that it is returned by the cmdlet when getting a domain controller using *Discover* parameter. +The acceptable values for this parameter are: + +- Windows2000 or 1 +- Windows2008 or 2 + +```yaml +Type: ADMinimumDirectoryServiceVersion +Parameter Sets: DiscoverByService +Aliases: +Accepted values: Windows2000, Windows2008, Windows2012, Windows2012R2 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NextClosestSite +Specifies to return a domain controller in the next closest site when a domain controller is not found in the site that contains the client. +The next closest site is the site with the lowest site link cost with respect to the current site. +Costs between sites are based on factors such as bandwidth, as well as physical proximity. + +```yaml +Type: SwitchParameter +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: Identity, Filter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Service +Species the types of domain controllers to get. +You can specify more than one type by using a comma-separated list. +The acceptable values for this parameter are: + +- PrimaryDC or 1 +- GlobalCatalog or 2 +- KDC or 3 +- TimeService or 4 +- ReliableTimeService or 5 +- ADWS or 6 + +```yaml +Type: ADDiscoverableService[] +Parameter Sets: DiscoverByService +Aliases: +Accepted values: PrimaryDC, GlobalCatalog, KDC, TimeService, ReliableTimeService, ADWS + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName +Specifies the name of a site to search in to find the domain controller. +If this parameter is not set, the cmdlet searches for domain controllers in the same site as the client. +The name of the site is defined by the **Name** property of the site object. + +```yaml +Type: String +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Writable +Specifies whether this is a writable domain controller. + +```yaml +Type: SwitchParameter +Parameter Sets: DiscoverByService +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomainController +A domain controller object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADDomainController +This cmdlet returns one or more domain controller objects. + +When you use the *Discover* parameter to get a domain controller, the cmdlet returns a default set of property values for each domain controller. + +When you use the *Identity* or *Filter* parameters to get a domain controller, this cmdlet returns all of the properties of the domain controller. + +To view all of the properties for an **ADDomainController** object, use the following command and replace \ with a domain controller identifier such as a DNS host name. + +`Get-ADDomainController`\`| Get-Member` + +## NOTES +* The **Name** and **HostName** properties of the **ADDomainController** objects returned by the cmdlet are set according to the following rules: + + - If the *Discover* parameter is used, HostName is the Fully Qualified Domain Name of the Domain Controller, and the Name is the NetBIOS name of the Domain Controller. +With the *Discover* parameter, the cmdlet will perform a second DCLocator call, to populate the **Name** property. +This property will not be set, to the NetBIOS name of the Domain Controller, if the WINS service is unavailable. + + - If the *Identity* or the *Filter* parameter is used, **HostName** is the **DNSHostName** attribute of the Domain Controller object, and the **Name** is the **Name** (RDN) attribute of the Domain Controller object. +With the *Identity* or the *Filter* parameter, the **HostName** property will not be set, if the **DNSHostName** attribute of the Domain Controller object is null. + +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Add-ADDomainControllerPasswordReplicationPolicy](./Add-ADDomainControllerPasswordReplicationPolicy.md) + +[Get-ADDomainControllerPasswordReplicationPolicy](./Get-ADDomainControllerPasswordReplicationPolicy.md) + +[Remove-ADDomainControllerPasswordReplicationPolicy](./Remove-ADDomainControllerPasswordReplicationPolicy.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicy.md new file mode 100644 index 0000000000..2b5498b172 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicy.md @@ -0,0 +1,252 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addomaincontrollerpasswordreplicationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDomainControllerPasswordReplicationPolicy +--- + +# Get-ADDomainControllerPasswordReplicationPolicy + +## SYNOPSIS +Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy. + +## SYNTAX + +### AllowedPRP (Default) +``` +Get-ADDomainControllerPasswordReplicationPolicy [-Allowed] [-AuthType ] + [-Credential ] [-Identity] [-Server ] [] +``` + +### DeniedPRP +``` +Get-ADDomainControllerPasswordReplicationPolicy [-AuthType ] [-Credential ] [-Denied] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADDomainControllerPasswordReplicationPolicy** cmdlet gets the users, computers, service accounts and groups that are members of the applied list or denied list for a read-only domain controller's (RODC) password replication policy. +To get the members of the applied list, specify the *AppliedList* parameter. +To get the members of the denied list, specify the *DeniedList* parameter. + +The *Identity* parameter specifies the RODC that uses the allowed and denied lists to apply the password replication policy. +You can identify a domain controller by its GUID, IPV4Address, IPV6Address, or DNS host name. +You can also identify a domain controller by the name of the server object that represents the domain controller, the distinguished name of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the distinguished name of the computer object that represents the domain controller. + +You can also set the *Identity* parameter to a domain controller object variable, such as `$`, or pass a domain controller object through the pipeline operator to the *Identity* parameter. +For example, you can use the **Get-ADDomainController** cmdlet to retrieve a domain controller object and then pass the object through the pipeline operator to the **Get-ADDomainControllerPasswordReplicationPolicy** cmdlet. + +If you specify a writeable domain controller for this cmdlet, the cmdlet returns a non-terminating error. + +## EXAMPLES + +### Example 1: gets from an RODC domain controller password replication policy the allowed accounts showing the name and object class of each +``` +PS C:\> Get-ADDomainControllerPasswordReplicationPolicy -Identity "USER01-RODC1" -Allowed | ft Name,ObjectClass +``` + +This command gets from an RODC domain controller password replication policy the allowed accounts showing the name and object class of each. + +### Example 2: Get the password replication policy allowed list from all RODCs in the domain +``` +C:\PS>Get-ADDomainController -Filter "IsReadOnly -eq `$true" | Get-ADDomainControllerPasswordReplicationPolicy -Allowed + +DistinguishedName : CN=Allowed RODC Password Replication Group,CN=Users,DC=Fabrikam,DC=com +Name : Allowed RODC Password Replication Group +ObjectClass : group +ObjectGUID : 239b0470-7f49-472d-8fcb-4911e90b2c5e +SamAccountName : Allowed RODC Password Replication Group +SID : S-1-5-21-41432690-3719764436-1984117282-571 +``` + +This command gets the password replication policy allowed lists from all RODCs in the domain. + +## PARAMETERS + +### -Allowed +Specifies a search for accounts that have been authenticated by a read-only domain controller. + +```yaml +Type: SwitchParameter +Parameter Sets: AllowedPRP +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +Specifies the credentials for the security context under which the task is performed. +If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. +If running under the context of an Active Directory module for Windows PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Denied +Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this read-only domain controller (RODC). +You can specify more than one value by using a comma-separated list. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +```yaml +Type: SwitchParameter +Parameter Sets: DeniedPRP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain controller object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A GUID (objectGUID) +- An IPV4Address +- A Global IPV6Address +- A DNS Host Name (dNSHostName) +- A name of the server object +- A Distinguished Name of the NTDS Settings object +- A distinguished name of the server object that represents the domain controller +- A GUID of NTDS settings object under the configuration partition +- A GUID of server object under the configuration partition +- A distinguished name of the computer object that represents the domain controller. + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDomainController +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomainController +A domain controller object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADPrincipal +Returns one or more objects that represent the users, computers, service accounts, and groups that are members of the applied list or denied list of the domain controller password replication policy. +The list returned depends on the parameters specified. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services. +* This cmdlet does not work when targeting a snapshot using the Server parameter. + +## RELATED LINKS + +[Add-ADDomainControllerPasswordReplicationPolicy](./Add-ADDomainControllerPasswordReplicationPolicy.md) + +[Remove-ADDomainControllerPasswordReplicationPolicy](./Remove-ADDomainControllerPasswordReplicationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicyUsage.md b/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicyUsage.md new file mode 100644 index 0000000000..7241a6c13d --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADDomainControllerPasswordReplicationPolicyUsage.md @@ -0,0 +1,268 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-addomaincontrollerpasswordreplicationpolicyusage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADDomainControllerPasswordReplicationPolicyUsage +--- + +# Get-ADDomainControllerPasswordReplicationPolicyUsage + +## SYNOPSIS +Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. + +## SYNTAX + +### RevealedAccounts (Default) +``` +Get-ADDomainControllerPasswordReplicationPolicyUsage [-AuthType ] [-Credential ] + [-Identity] [-RevealedAccounts] [-Server ] [] +``` + +### AuthenticatedAccounts +``` +Get-ADDomainControllerPasswordReplicationPolicyUsage [-AuthenticatedAccounts] [-AuthType ] + [-Credential ] [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADDomainControllerPasswordReplicationPolicyUsage** cmdlet gets the user or computer accounts that are authenticated by a read-only domain controller (RODC) or that have passwords that are stored on that RODC. +The list of accounts that are stored on a RODC is known as the revealed list. + +To get accounts that are authenticated by the RODC, use the **AuthenticatedAccounts** parameter. +To get the accounts that have passwords stored on the RODC, use the **RevealedAccounts** parameter. + +The **Identity** parameter specifies the RODC. +You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. +You can also identify a domain controller by the name of the server object that represents the domain controller, the distinguished name distinguished name of the NTDS settings object of the server object, the GUID of the NTDS settings object of the server object under the configuration partition, or the distinguished name of the computer object that represents the domain controller. +You can also set the **Identity** parameter to a domain controller object variable, such as **$\**, or pass a domain controller object through the pipeline to the **Identity** parameter. +For example, you can use the Get-ADDomainController cmdlet to retrieve a domain controller object and then pass the object through the pipeline to the **Get-ADDomainControllerPasswordReplicationPolicyUsage** cmdlet. +If you specify a writeable domain controller for this cmdlet, the cmdlet returns a non-terminating error. + +## EXAMPLES + +### Example 1: Get authenticated accounts for a specific RODC +``` +PS C:\> Get-ADDomainControllerPasswordReplicationPolicyUsage -Identity "USER01-RODC1" -AuthenticatedAccounts | ft Name,ObjectClass -A +``` + +This command gets the authenticated accounts for the RODC specified by the **Identity** parameter. +The command displays the name and object class of each. + +### Example 2: Get revealed accounts for a specified RODC +``` +PS C:\> Get-ADDomainControllerPasswordReplicationPolicyUsage -Identity "USER01-RODC1" -RevealedAccounts | ft Name,ObjectClass -A +``` + +This command gets the revealed accounts for the RODC specified by the **Identity** parameter. +The command displays the name and object class of each account returned. + +### Example 3: Get a list of accounts cached across all RODCs +``` +PS C:\> Get-ADDomainController -Filter "IsReadOnly -eq `$true" | Get-ADDomainControllerPasswordReplicationPolicyUsage +DistinguishedName : CN=krbtgt_35512,CN=Users,DC=User01,DC=com +Enabled : False +Name : krbtgt_35512 +ObjectClass : user +ObjectGUID : 8c7268f9-add3-409c-968b-de029e517211 +SamAccountName : krbtgt_35512 +SID : S-1-5-21-41432690-3719764436-1984117282-1106 +UserPrincipalName : + +DistinguishedName : CN=CSD2722780,OU=Domain Controllers,DC=User01,DC=com +Enabled : True +Name : CSD2722780 +ObjectClass : computer +ObjectGUID : 63a5e005-e01f-4fc9-ae71-9d9367f808bc +SamAccountName : CSD2722780$ +SID : S-1-5-21-41432690-3719764436-1984117282-1105 +UserPrincipalName : +``` + +This command gets the list of accounts cached across all RODCs in the domain. + +## PARAMETERS + +### -AuthenticatedAccounts +Specifies a search for accounts that have been authenticated by a read-only domain controller. + +```yaml +Type: SwitchParameter +Parameter Sets: AuthenticatedAccounts +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +Specifies the credentials for the security context under which the task is performed. +If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. +If running under the context of an Active Directory module for Windows PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain controller object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A GUID (objectGUID). +- An IPV4Address. +- A Global IPV6Address. +- A DNS Host Name (dNSHostName). +- A name of the server object. +- A distinguished name of the NTDS Settings object. +- A distinguished name of the server object that represents the domain controller. +- A GUID of NTDS settings object under the configuration partition. +- A GUID of server object under the configuration partition. +- A distinguished name of the computer object that represents the domain controller. + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get the object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDomainController +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -RevealedAccounts +Specifies a search for accounts which have passwords that are stored on the read-only domain controller. + +```yaml +Type: SwitchParameter +Parameter Sets: RevealedAccounts +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name. +- NetBIOS name. + +Directory server values: + +- Fully qualified directory server name. +- NetBIOS name. +- Fully qualified directory server name and port. + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline. +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive when the cmdlet runs in that drive. +- By using the domain of the computer running Windows PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomainController +A domain controller object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount +This cmdlet returns one or more account objects that represent the users, computers, and service accounts that are authenticated by the specified RODC or that have passwords that are stored on the RODC. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Get-ADDomainController](./Get-ADDomainController.md) + +[Add-ADDomainControllerPasswordReplicationPolicy](./Add-ADDomainControllerPasswordReplicationPolicy.md) + +[Get-ADDomainControllerPasswordReplicationPolicy](./Get-ADDomainControllerPasswordReplicationPolicy.md) + +[Remove-ADDomainControllerPasswordReplicationPolicy](./Remove-ADDomainControllerPasswordReplicationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicy.md new file mode 100644 index 0000000000..8a37c9bc61 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicy.md @@ -0,0 +1,485 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adfinegrainedpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADFineGrainedPasswordPolicy +--- + +# Get-ADFineGrainedPasswordPolicy + +## SYNOPSIS +Gets one or more Active Directory fine-grained password policies. + +## SYNTAX + +### Filter (Default) +``` +Get-ADFineGrainedPasswordPolicy [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +### Identity +``` +Get-ADFineGrainedPasswordPolicy [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADFineGrainedPasswordPolicy [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADFineGrainedPasswordPolicy** cmdlet gets a fine-grained password policy or performs a search to retrieve multiple fine-grained password policies. + +The *Identity* parameter specifies the Active Directory fine-grained password policy to get. +You can identify a fine-grained password policy by its distinguished name, GUID or name. +You can also set the parameter to a fine-grained password policy object variable, such as `$` or pass a fine-grained password policy object through the pipeline operator to the *Identity* parameter. + +To search for and retrieve more than one fine-grained password policies, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses Windows PowerShell Expression Language to write query strings for Active Directory. +Windows PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet retrieves a default set of fine-grained password policy object properties. +To retrieve additional properties use the *Properties* parameter. +For more information about the how to determine the properties for **FineGrainedPasswordPolicy** objects, see the *Properties* parameter description. + +## EXAMPLES + +### Example 1: Get a fine-grained policy using a name +``` +PS C:\> Get-ADFineGrainedPasswordPolicy -Identity AdminsPSO +Name : AdminsPSO +ComplexityEnabled : True +LockoutThreshold : 0 +ReversibleEncryptionEnabled : True +LockoutDuration : 00:30:00 +LockoutObservationWindow : 00:30:00 +MinPasswordLength : 10 +Precedence : 200 +ObjectGUID : ba1061f0-c947-4018-a399-6ad8897d26e3 +ObjectClass : msDS-PasswordSettings +PasswordHistoryCount : 24 +MinPasswordAge : 1.00:00:00 +MaxPasswordAge : 15.00:00:00 +AppliesTo : {} +DistinguishedName : CN=AdminsPSO,CN=Password Settings Container,CN=System,DC=USER01,DC=COM +``` + +This command gets the fine-grained password policy named AdminsPSO. + +### Example 2: Get all properties for a fine-grained password policy using a distinguished name +``` +PS C:\> Get-ADFineGrainedPasswordPolicy -Identity 'CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=USER01,DC=COM' -Properties * +msDS-LockoutDuration : -18000000000 +msDS-PasswordSettingsPrecedence : 300 +ObjectCategory : CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=USER01,DC=COM +DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=USER01,DC=COM +ExpireOn : +msDS-MinimumPasswordAge : -864000000000 +dSCorePropagationData : {12/31/1600 4:00:00 PM} +msDS-LockoutThreshold : 0 +Description : The Delegated Administrators Password Policy +LockoutThreshold : 0 +instanceType : 4 +msDS-PasswordComplexityEnabled : True +MaxPasswordAge : 20.00:00:00 +whenCreated : 8/15/2008 12:47:43 AM +Name : DlgtdAdminsPSO +ObjectClass : msDS-PasswordSettings +ReversibleEncryptionEnabled : True +msDS-PasswordReversibleEncryptionEnabled : True +Dynamic : False +LockoutDuration : 00:30:00 +msDS-PSOAppliesTo : {CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=USER01,DC=COM, CN=Bob Kelly,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=USER01,DC=COM} +DisplayName : Delegated Administrators PSO +uSNCreated : 16395 +Modified : 8/20/2008 12:21:15 AM +MinPasswordAge : 1.00:00:00 +ProtectedFromAccidentalDeletion : False +Created : 8/15/2008 12:47:43 AM +sDRightsEffective : 15 +ComplexityEnabled : True +PasswordHistoryCount : 24 +msDS-MaximumPasswordAge : -17280000000000 +MinPasswordLength : 10 +Precedence : 300 +ObjectGUID : 75cf8c7a-9c93-4e81-b611-851803372cb2 +msDS-MinimumPasswordLength : 10 +Deleted : +Orphaned : False +CN : DlgtdAdminsPSO +LastKnownParent : +CanonicalName : USER01.COM/System/Password Settings Container/DlgtdAdminsPSO +modifyTimeStamp : 8/20/2008 12:21:15 AM +msDS-LockoutObservationWindow : -18000000000 +LockoutObservationWindow : 00:30:00 +whenChanged : 8/20/2008 12:21:15 AM +createTimeStamp : 8/15/2008 12:47:43 AM +msDS-PasswordHistoryLength : 24 +nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity +AppliesTo : {CN=JeffPrice,OU=Finance,OU=UserAccounts,DC=USER01,DC=COM, CN=GlenJohn,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=USER01,DC=COM} +uSNChanged : 72719 +``` + +This command gets all the properties for the fine-grained password policy with DistinguishedName CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=USER01,DC=COM. + +### Example 3: Get all fine-grained password policy objects using a filter +``` +PS C:\> Get-ADFineGrainedPasswordPolicy -Filter "name -like '*admin*'" +AppliesTo : {CN=GlenJohn,CN=Users,DC=USER01,DC=com, CN=JeffPrice,CN=Users,DC=USER01,DC=com, CN=Administrator,CN=Users,DC=USER01,DC=com} +ComplexityEnabled : True +DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=USER01,DC=com +LockoutDuration : 00:30:00 +LockoutObservationWindow : 00:30:00 +LockoutThreshold : 0 +MaxPasswordAge : 42.00:00:00 +MinPasswordAge : 1.00:00:00 +MinPasswordLength : 7 +Name : DlgtdAdminsPSO +ObjectClass : msDS-PasswordSettings +ObjectGUID : b7de4e6e-c291-4ce6-bb47-6bf8f807df53 +PasswordHistoryCount : 24 +Precedence : 100 +ReversibleEncryptionEnabled : True +``` + +This command gets all the fine-grained password policy objects that have a name that begins with admin. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory fine-grained password policy object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Lightweight Directory Services (AD LDS) target, the default value is the default naming context of the target LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +If no default naming context is specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a global catalog port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +This cmdlet returns one or more fine-grained password policy objects. + +This cmdlet returns a default set of **ADFineGrainedPasswordPolicy** property values. +To retrieve additional **ADFineGrainedPasswordPolicy** properties, use the *Properties* parameter. + +To view the properties for an **ADFineGrainedPasswordPolicy** object, see the following examples. +To run these examples, replace \ with a fine-grained password policy identifier such as the name of your local fine-grained password policy. + +To get a list of the default set of properties of an **ADFineGrainedPasswordPolicy** object, use the following command: + +`Get-ADFineGrainedPasswordPolicy`\`| Get-Member` + +To get a list of all the properties of an **ADFineGrainedPasswordPolicy** object, use the following command: + +`Get-ADFineGrainedPasswordPolicy`\`-Properties * | Get-Member` + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Add-ADFineGrainedPasswordPolicySubject](./Add-ADFineGrainedPasswordPolicySubject.md) + +[New-ADFineGrainedPasswordPolicy](./New-ADFineGrainedPasswordPolicy.md) + +[Remove-ADFineGrainedPasswordPolicy](./Remove-ADFineGrainedPasswordPolicy.md) + +[Remove-ADFineGrainedPasswordPolicySubject](./Remove-ADFineGrainedPasswordPolicySubject.md) + +[Set-ADFineGrainedPasswordPolicy](./Set-ADFineGrainedPasswordPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicySubject.md b/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicySubject.md new file mode 100644 index 0000000000..07714e651f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADFineGrainedPasswordPolicySubject.md @@ -0,0 +1,177 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adfinegrainedpasswordpolicysubject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADFineGrainedPasswordPolicySubject +--- + +# Get-ADFineGrainedPasswordPolicySubject + +## SYNOPSIS +Gets the users and groups to which a fine-grained password policy is applied. + +## SYNTAX + +``` +Get-ADFineGrainedPasswordPolicySubject [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADFineGrainedPasswordPolicySubject** cmdlet gets users and groups that are subject to a fine-grained password policy. + +The *Identity* parameter specifies the fine-grained password policy. +You can identify a fine-grained password policy by its distinguished name, GUID, or name. +You can also set the *Identity* parameter to a fine-grained password policy object variable, such as `$`, or pass a fine-grained password policy object through the pipeline operator to the *Identity* parameter. +For example, you can use the **Get-ADFineGrainedPasswordPolicy** cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the **Get-ADFineGrainedPasswordPolicySubject** cmdlet. + +## EXAMPLES + +### Example 1: Get the subject of a fine-grained password policy +``` +PS C:\> Get-ADFineGrainedPasswordPolicySubject -Identity DomainUsersPSO | FT Name,ObjectClass,DistinguishedName -AutoSize +Name ObjectClass DistinguishedName +---- ----------- ----------------- +Domain Users group CN=Domain Users,CN=Users,DC=FABRIKAM,DC=COM +``` + +This command gets the fine-grained password policy subject of the password policy named DomainUsersPSO. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory fine-grained password policy object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A name (name) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADPrincipal +Returns principal objects that represent the users and groups to which the fine-grained password policy is applied. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Add-ADFineGrainedPasswordPolicySubject](./Add-ADFineGrainedPasswordPolicySubject.md) + +[Remove-ADFineGrainedPasswordPolicySubject](./Remove-ADFineGrainedPasswordPolicySubject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADForest.md b/docset/winserver2025-ps/activedirectory/Get-ADForest.md new file mode 100644 index 0000000000..a93275e462 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADForest.md @@ -0,0 +1,273 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adforest?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADForest +--- + +# Get-ADForest + +## SYNOPSIS +Gets an Active Directory forest. + +## SYNTAX + +### Current (Default) +``` +Get-ADForest [-AuthType ] [-Credential ] [-Current ] + [-Server ] [] +``` + +### Identity +``` +Get-ADForest [-AuthType ] [-Credential ] [-Identity] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADForest** cmdlet gets the specified Active Directory forest. +You can specify the forest by setting the *Identity* or *Current* parameters. + +The *Identity* parameter specifies the Active Directory forest to get. +You can identify a forest by its fully qualified domain name (FQDN), DNS host name, or NetBIOS name. +You can also set the parameter to a forest object variable, such as `$`, or you can pass a forest object through the pipeline to the *Identity* parameter. + +To get the forest of the local computer or current logged on user, set the *Current* parameter to LocalComputer or LoggedOnUser. +When you set the *Current*parameter, you do not need to set the *Identity* parameter. + +When the *Current* parameter is set to LocalComputer or LoggedOnUser, the cmdlet uses the *Server* and *Credential* parameter values to determine the domain and the credentials to use to identify the domain of the forest according to the following rules: + +- If both the *Server* and *Credential* parameters are not specified: + +The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. +The credentials of the current logged on user are used to get the domain. + +- If the *Server* parameter is specified and the *Credential* parameter is not specified: + +The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. +Then the credentials of the current logged on user are used to get the domain. +An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. + +- If the *Server* parameter is not specified and the *Credential* parameter is specified: + +The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. +Then the credentials specified by the *Credential* parameter are used to get the domain. + +- If the *Server* and *Credential* parameters are specified: + +The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. +Then the credentials specified by the *Credential* parameter are used to get the domain. +An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. + +## EXAMPLES + +### Example 1: Get information for a domain forest +``` +PS C:\> Get-ADForest -Identity Fabrikam.com +``` + +This command gets information for the Fabrikam.com forest. + +### Example 2: Get information for a local computer forest +``` +PS C:\> Get-ADForest -Current LocalComputer +``` + +This command gets the information for the current local computer's forest. + +### Example 3: Get information for the current user's forest +``` +PS C:\> Get-ADForest -Current LoggedOnUser +``` + +This command gets the forest information of the currently logged on user. + +### Example 4: Get information for the current user's forest +``` +PS C:\> Get-ADForest +ApplicationPartitions : {DC=ForestDnsZones,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com} +CrossForestReferences : {CN=northwind,CN=Partitions,CN=Configuration,DC=Fabrikam,DC=com} +DomainNamingMaster : Fabrikam-DC1.Fabrikam.com +Domains : {Fabrikam.com} +ForestMode : Windows2003Forest +GlobalCatalogs : {Fabrikam-DC1.Fabrikam.com, CSD2722780.Fabrikam.com} +Name : Fabrikam.com +PartitionsContainer : CN=Partitions,CN=Configuration,DC=Fabrikam,DC=com +RootDomain : Fabrikam.com +SchemaMaster : Fabrikam-DC1.Fabrikam.com +Sites : {Default-First-Site-Name, UnitedKingdomHQ, BO3, RODC-Site-Name} +SPNSuffixes : {} +UPNSuffixes : {} +``` + +This command gets the forest information of the currently logged on user. + +### Example 5: Get all of the domain controllers for all domains in a forest +``` +PS C:\> $AllDCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } +``` + +This command gets all the domain controllers for all domains in a forest. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name such as User1 or Domain01\User01, or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Current +Specifies whether to return the domain of the local computer or the current logged on user. +The acceptable values for this parameter are: + +- LocalComputer or 0 +- LoggedOnUser or 1 + +```yaml +Type: ADCurrentForestType +Parameter Sets: Current +Aliases: +Accepted values: LocalComputer, LoggedOnUser + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory forest object by providing one of the following attribute values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A fully qualified domain name +- A GUID (objectGUID) +- A DNS host name +- A NetBIOS name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. + +```yaml +Type: ADForest +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADForest +A forest object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADForest +Returns one or more forest objects. + +This cmdlet returns all of the properties of the forest. +To view all of the properties for an **ADForest** object, use the following command and replace \ with a forest identifier such as a DNS host name. + +`Get-ADForest`\`| Get-Member` + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work when targeting a snapshot using the *Server* parameter. + +## RELATED LINKS + +[Set-ADForest](./Set-ADForest.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADGroup.md b/docset/winserver2025-ps/activedirectory/Get-ADGroup.md new file mode 100644 index 0000000000..233465f7b1 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADGroup.md @@ -0,0 +1,500 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADGroup +--- + +# Get-ADGroup + +## SYNOPSIS +Gets one or more Active Directory groups. + +## SYNTAX + +### Filter (Default) +``` +Get-ADGroup [-AuthType ] [-Credential ] -Filter [-Properties ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-ShowMemberTimeToLive] [] +``` + +### Identity +``` +Get-ADGroup [-AuthType ] [-Credential ] [-Identity] [-Partition ] + [-Properties ] [-Server ] [-ShowMemberTimeToLive] [] +``` + +### LdapFilter +``` +Get-ADGroup [-AuthType ] [-Credential ] -LDAPFilter [-Properties ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-ShowMemberTimeToLive] [] +``` + +## DESCRIPTION +The **Get-ADGroup** cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. + +The *Identity* parameter specifies the Active Directory group to get. +You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. +You can also specify group object variable, such as `$`. + +To search for and retrieve more than one group, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet gets a default set of group object properties. +To get additional properties use the *Properties* parameter. +For more information about the how to determine the properties for group objects, see the *Properties* parameter description. + +## EXAMPLES + +### Example 1: Get a group by SAM account name +``` +PS C:\> Get-ADGroup -Identity Administrators +DistinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : DomainLocal +Name : Administrators +ObjectClass : group +ObjectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 +SamAccountName : Administrators +SID : S-1-5-32-544 +``` + +This command gets the group with the SAM account name Administrators. + +### Example 2: Get a group by SID +``` +PS C:\> Get-ADGroup -Identity S-1-5-32-544 -Properties member +DistinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : DomainLocal +member : {CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com, CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com, CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com, C +N=Administrator,CN=Users,DC=Fabrikam,DC=com} +Name : Administrators +ObjectClass : group +ObjectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 +SamAccountName : Administrators +SID : S-1-5-32-544 +``` + +This command gets the group with SID S-1-5-32-544 and the property member. + +### Example 3: Get a group and filter the results +``` +PS C:\> Get-ADGroup -Filter 'GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"' +``` + +This command gets all groups that have a GroupCategory of Security but do not have a GroupScope of DomainLocal. + +### Example 4: Get a group from a specified search base and filter the results +``` +PS C:\> Get-ADGroup -Server localhost:60000 -Filter "GroupScope -eq 'DomainLocal'" -SearchBase "DC=AppNC" + + +DistinguishedName : CN=AlphaGroup,OU=AccountDeptOU,DC=AppNC +GroupCategory : Security +GroupScope : DomainLocal +Name : AlphaGroup +ObjectClass : group +ObjectGUID : 6498c9fb-7c62-48fe-9972-1461f7f3dec2 +SID : S-1-510474493-936115905-2475435479-1276657127-1006239422-938965137 + +DistinguishedName : CN=BranchOffice1,OU=AccountDeptOU,DC=AppNC +GroupCategory : Security +GroupScope : DomainLocal +Name : BranchOffice1 +ObjectClass : group +ObjectGUID : 0b7504c5-482b-4a73-88f5-8a76960e4568 +SID : S-1-510474493-936115905-2534227223-1194883713-3669005192-3746664089 + +DistinguishedName : CN=AccountLeads,OU=AccountDeptOU,DC=AppNC +GroupCategory : Distribution +GroupScope : DomainLocal +Name : AccountLeads +ObjectClass : group +ObjectGUID : b20c032b-2de9-401a-b48c-341854a37254 +SID : S-1-510474493-936115905-2813670187-1179675302-2001457839-270172950 +``` + +This command gets all the DomainLocal groups from the AppNC partition of the AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than \*, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A security accounts manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADGroup +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an AD DS query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an AD DS query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a GC port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a GC port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShowMemberTimeToLive +Indicates that this cmdlet displays Time to Live (TTL) values for group members. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADGroup +Returns one or more group objects. + +The **Get-ADGroup** cmdlet returns a default set of **ADGroup** property values. +To retrieve additional **ADGroup** properties, use the *Properties* parameter. + +To view the properties for an **ADGroup** object, see the following examples. +To run these examples, replace \ with a group identifier such as Administrators. + +To get a list of the default set of properties of an **ADGroup** object, use the following command: + +`Get-ADGroup`\`| Get-Member` + +To get a list of all the properties of an **ADGroup** object, use the following command: + +`Get-ADGroup`\`-Properties * | Get-Member` + +## NOTES + +## RELATED LINKS + +[New-ADGroup](./New-ADGroup.md) + +[Remove-ADGroup](./Remove-ADGroup.md) + +[Set-ADGroup](./Set-ADGroup.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADGroupMember.md b/docset/winserver2025-ps/activedirectory/Get-ADGroupMember.md new file mode 100644 index 0000000000..5696876719 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADGroupMember.md @@ -0,0 +1,343 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adgroupmember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADGroupMember +--- + +# Get-ADGroupMember + +## SYNOPSIS +Gets the members of an Active Directory group. + +## SYNTAX + +``` +Get-ADGroupMember [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Recursive] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADGroupMember** cmdlet gets the members of an Active Directory group. +Members can be users, groups, and computers. + +The *Identity* parameter specifies the Active Directory group to access. +You can identify a group by its distinguished name, GUID, security identifier, or Security Account Manager (SAM) account name. +You can also specify the group by passing a group object through the pipeline. +For example, you can use the **Get-ADGroup** cmdlet to get a group object and then pass the object through the pipeline to the Get-ADGroupMember cmdlet. + +If the *Recursive* parameter is specified, the cmdlet gets all members in the hierarchy of the group that do not contain child objects. +For example, if the group SaraDavisReports contains the user KarenToh and the group JohnSmithReports, and JohnSmithReports contains the user JoshPollock, then the cmdlet returns KarenToh and JoshPollock. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Get all members of a group +``` +PS C:\> Get-ADGroupMember +cmdlet Get-ADGroupMember at command pipeline position 1 +Supply values for the following parameters: (Type !? for Help.) +Identity: Administrators + +distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com +name : Domain Admins +objectClass : group +objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 +SamAccountName : Domain Admins +SID : S-1-5-21-41432690-3719764436-1984117282-512 + +distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com +name : Enterprise Admins +objectClass : group +objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf +SamAccountName : Enterprise Admins +SID : S-1-5-21-41432690-3719764436-1984117282-519 + +distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com +name : LabAdmin +objectClass : user +objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53 +SamAccountName : LabAdmin +SID : S-1-5-21-41432690-3719764436-1984117282-1000 + +distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com +name : Administrator +objectClass : user +objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 +SamAccountName : Administrator +SID : S-1-5-21-41432690-3719764436-1984117282-500 +``` + +This command gets all the members of the Administrators group. + +### Example 2: Get all group members of all domain local groups +``` +PS C:\> Get-ADGroup -Server localhost:60000 -Filter "GroupScope -eq 'DomainLocal'" -SearchBase "DC=AppNC" | Get-ADGroupMember -Partition "DC=AppNC" +distinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC +name : SanjayPatel +objectClass : user +objectGUID : d671de28-6e40-42a7-b32c-63d336de296d +SamAccountName : +SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944 +``` + +This command gets the group members of all domain local groups in the AD LDS instance. + +### Example 3: Get all Administrators group members +``` +PS C:\> Get-ADGroupMember -Identity Administrators +distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com +name : Domain Admins +objectClass : group +objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 +SamAccountName : Domain Admins +SID : S-1-5-21-41432690-3719764436-1984117282-512 + +distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com +name : Enterprise Admins +objectClass : group +objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf +SamAccountName : Enterprise Admins +SID : S-1-5-21-41432690-3719764436-1984117282-519 + +distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com +name : LabAdmin +objectClass : user +objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53 +SamAccountName : LabAdmin +SID : S-1-5-21-41432690-3719764436-1984117282-1000 + +distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com +name : Administrator +objectClass : user +objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 +SamAccountName : Administrator +SID : S-1-5-21-41432690-3719764436-1984117282-500 +``` + +This command gets all the group members of the Administrators group. + +### Example 4: Get members of a group including the members of child groups +``` +PS C:\> Get-ADGroupMember -Identity "Enterprise Admins" -Recursive +distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com +name : Administrator +objectClass : user +objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 +SamAccountName : Administrator +SID : S-1-5-21-41432690-3719764436-1984117282-500 + +distinguishedName : CN=Sagiv Hadaya,CN=Users,DC=Fabrikam,DC=com +name : Sagiv Hadaya +objectClass : user +objectGUID : 64706230-f179-4fe4-b8c9-f0d334e66ab1 +SamAccountName : SHadaya +SID : S-1-5-21-41432690-3719764436-1984117282-1158 +``` + +This command gets all the members of the Enterprise Admins group including the members of any child groups. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Account Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADGroup +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Recursive +Specifies that the cmdlet get all members in the hierarchy of a group that do not contain child objects. + +If the specified group does not have any members, then nothing is returned. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADPrincipal +Returns one or more principal objects that represent users, computers or groups that are members of the specified group. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work when a group has members located in a different forest, and the forest does not have Active Directory Web Service running. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADObject.md b/docset/winserver2025-ps/activedirectory/Get-ADObject.md new file mode 100644 index 0000000000..5b98e9786a --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADObject.md @@ -0,0 +1,545 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADObject +--- + +# Get-ADObject + +## SYNOPSIS +Gets one or more Active Directory objects. + +## SYNTAX + +### Filter (Default) +``` +Get-ADObject [-AuthType ] [-Credential ] -Filter [-IncludeDeletedObjects] + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +### Identity +``` +Get-ADObject [-AuthType ] [-Credential ] [-Identity] + [-IncludeDeletedObjects] [-Partition ] [-Properties ] [-Server ] + [] +``` + +### LdapFilter +``` +Get-ADObject [-AuthType ] [-Credential ] [-IncludeDeletedObjects] + -LDAPFilter [-Properties ] [-ResultPageSize ] [-ResultSetSize ] + [-SearchBase ] [-SearchScope ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADObject** cmdlet gets an Active Directory object or performs a search to get multiple objects. + +The *Identity* parameter specifies the Active Directory object to get. +You can identify the object to get by its distinguished name or GUID. +You can also set the parameter to an Active Directory object variable, such as `$` or pass an object through the pipeline to the *Identity* parameter. + +To search for and get more than one object, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet gets a default set of Active Directory object properties. +To get additional properties use the *Properties* parameter. +For more information about the how to determine the properties for computer objects, see the *Properties* parameter description. + +## EXAMPLES + +### Example 1: Get the sites for a domain using LDAP filter syntax +``` +PS C:\> Get-ADObject -LDAPFilter "(objectClass=site)" -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties CanonicalName | FT Name,CanonicalName -A +Name CanonicalName +---- ------------- +HQ FABRIKAM.COM/Configuration/Sites/HQ +BO1 FABRIKAM.COM/Configuration/Sites/BO1 +BO2 FABRIKAM.COM/Configuration/Sites/BO2 +BO3 FABRIKAM.COM/Configuration/Sites/BO3 +``` + +This command displays a list of sites for Fabrikam using the LDAP filter syntax. + +### Example 2: Get the sites from the configuration naming context +``` +PS C:\> Get-ADObject -Filter 'ObjectClass -eq "site"' -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties siteObjectBL | foreach {$_.siteObjectBL} +CN=192.167.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.166.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.168.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.165.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.164.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.163.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.162.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.161.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.160.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.159.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.158.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +CN=192.157.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM +``` + +This command gets the **Site** objects from the configuration naming context and displays a list of **siteObjectBL** properties. + +### Example 3: Get all objects with a specified attribute +``` +PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) +PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -IncludeDeletedObjects +``` + +This command gets all the objects, including the deleted ones, whose **whenChanged** attribute is greater than the specified date. +Note that both deleted and non-deleted (and non-recycled) objects matching the filter are returned. + +### Example 4: Get deleted objects with a specified attribute +``` +PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) +PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate -and isDeleted -eq $True -and -not (isRecycled -eq $True) -and name -ne "Deleted Objects"' -IncludeDeletedObjects + + +ObjectGUID : 98118958-91c7-437d-8ada-ba0b66db823b +Deleted : True +DistinguishedName : CN=Andrew Ma\0ADEL:98118958-91c7-437d-8ada-ba0b66db823b,CN=Deleted Objects,DC=FABRIKAM,DC=COM +Name : Andrew Ma +DEL:98118958-91c7-437d-8ada-ba0b66db823b +ObjectClass : user +``` + +This example gets all the deleted objects, whose **whenChanged** attribute is greater than the specified date. +The clause `name -ne "Deleted Objects"` ensures that the Deleted Objects Container is not returned. +This example only returns objects that can be restored. + +### Example 5: Get specified objects that were deleted after a specified date +``` +PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) +PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate -and isDeleted -eq $True -and -not (isRecycled -eq $True) -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects + + +ObjectGUID : 12d53e7f-aaf7-4790-b41a-da19044504db +Deleted : True +DistinguishedName : CN=Craig Dewar\0ADEL:12d53e7f-aaf7-4790-b41a-da19044504db,CN=Deleted Objects,DC=Fabrikam,DC=com +Name : Craig Dewar +DEL:12d53e7f-aaf7-4790-b41a-da19044504db +ObjectClass : user +``` + +This example gets all the deleted objects whose **whenChanged** attribute is greater than the specified date and at the time of deletion were the children of the specified organizational unit. + +### Example 6: Get information for a specified object of an LDS instance +``` +PS C:\> Get-ADObject -Identity "DC=AppNC" -Server "FABRIKAM-SRV1:60000" +ObjectGUID DistinguishedName Name ObjectClass +---------- ----------------- ---- ----------- +62b2e185-9322-4980-9c93-cf... DC=AppNC AppNC domainDNS +``` + +This command gets the information of the **domainDNS** object of an LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IncludeDeletedObjects +Indicates that this cmdlet retrieves deleted objects and the deactivated forward and backward links. +When this parameter is specified, the cmdlet uses the following LDAP controls: + +- Show Deleted Objects (1.2.840.113556.1.4.417) +- Show Deactivated Links (1.2.840.113556.1.4.2065) + +Note: If this parameter is not specified, the cmdlet does not return or operate on deleted objects. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an AD DS query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an AD DS query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a global catalog (GC) port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a GC port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object is received by the *Identity* parameter. +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADObject +Returns one or more Active Directory objects. + +The **Get-ADObject** cmdlet returns a default set of ADObject property values. +To retrieve additional **ADObject** properties, use the *Properties* parameter of the cmdlet. + +To view the properties for an **ADObject** object, see the following examples. +To run these examples, replace \ with an Active Directory object identifier. + +To get a list of the default set of properties of an ADObject object, use the following command: + +`Get-ADObject`\`| Get-Member` + +To get a list of all the properties of an **ADObject** object, use the following command: + +`Get-ADObject`\`-Properties ALL | Get-Member` + +## NOTES + +## RELATED LINKS + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + +[Sync-ADObject](./Sync-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADOptionalFeature.md b/docset/winserver2025-ps/activedirectory/Get-ADOptionalFeature.md new file mode 100644 index 0000000000..14a11e9b7c --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADOptionalFeature.md @@ -0,0 +1,403 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adoptionalfeature?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADOptionalFeature +--- + +# Get-ADOptionalFeature + +## SYNOPSIS +Gets one or more Active Directory optional features. + +## SYNTAX + +### Filter (Default) +``` +Get-ADOptionalFeature [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +### Identity +``` +Get-ADOptionalFeature [-AuthType ] [-Credential ] [-Identity] + [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADOptionalFeature [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADOptionalFeature** cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. + +The *Identity* parameter specifies the Active Directory optional feature that you want to get. +You can identify an optional feature by its distinguished name, feature GUID, or object GUID. +You can also set the parameter to an optional feature object variable, such as `$` or you can pass an optional feature object through the pipeline to the *Identity* parameter. + +To search for and retrieve more than one optional feature, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet gets a default set of optional feature object properties. +To get additional properties use the *Properties* parameter. +For more information about the how to determine the properties for computer objects, see the *Properties* parameter description. + +## EXAMPLES + +### Example 1: Get all available features in a forest +``` +PS C:\> Get-ADOptionalFeature -Filter * +``` + +This command gets all of the available optional features in the current forest. + +### Example 2: Get a specified optional feature +``` +PS C:\> Get-ADOptionalFeature -Identity 'Recycle Bin Feature' +``` + +This command gets the optional feature with the name Recycle Bin Feature. + +### Example 3: Get a feature by its GUID +``` +PS C:\> Get-ADOptionalFeature -Identity 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a +``` + +This command gets the optional feature with the feature GUID 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a. + +### Example 4: Get a specified feature in an AD LDS instance +``` +PS C:\> Get-ADOptionalFeature -Identity 'Recycle Bin Feature' -Server server1:50000 +``` + +This command gets the optional feature Recycle Bin Feature in an AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than asterisk (*), such as question mark (?), are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory optional feature object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A fully qualified domain name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance. + +```yaml +Type: ADOptionalFeature +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services (AD DS) query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an AD DS query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a global catalog (GC) port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a GC port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- FQDN +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOptionalFeature +An optional feature object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADOptionalFeature +Returns one or more optional feature objects. + +This cmdlet returns a default set of **ADOptionalFeature** property values. +To retrieve additional **ADOptionalFeature** properties, use the *Properties* parameter. + +To view the properties for an **ADOptionalFeature** object, see the following examples. +To run these examples, replace \ with an optional feature identifier, such as distinguished name of the optional feature. + +To get a list of the default set of properties of an **ADOptionalFeature** object, use the following command: + +`Get-ADOptionalFeature`\`| Get-Member` + +To get a list of all the properties of an **ADOptionalFeature** object, use the following command: + +`Get-ADOptionalFeature`\`-Properties ALL | Get-Member` + +## NOTES + +## RELATED LINKS + +[Disable-ADOptionalFeature](./Disable-ADOptionalFeature.md) + +[Enable-ADOptionalFeature](./Enable-ADOptionalFeature.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADOrganizationalUnit.md b/docset/winserver2025-ps/activedirectory/Get-ADOrganizationalUnit.md new file mode 100644 index 0000000000..e926ed5508 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADOrganizationalUnit.md @@ -0,0 +1,469 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adorganizationalunit?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADOrganizationalUnit +--- + +# Get-ADOrganizationalUnit + +## SYNOPSIS +Gets one or more Active Directory organizational units. + +## SYNTAX + +### Filter (Default) +``` +Get-ADOrganizationalUnit [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +### Identity +``` +Get-ADOrganizationalUnit [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Properties ] [-Server ] + [] +``` + +### LdapFilter +``` +Get-ADOrganizationalUnit [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADOrganizationalUnit** cmdlet gets an organizational unit (OU) object or performs a search to get multiple OUs. + +The *Identity* parameter specifies the Active Directory OU to get. +You can identify an OU by its distinguished name or GUID. +You can also set the parameter to an OU object variable, such as `$` or pass an OU object through the pipeline to the *Identity* parameter. + +To search for and retrieve more than one OU, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet gets a default set of OU object properties. +To get additional properties, use the *Properties* parameter. +For more information about the how to determine the properties for computer objects, see the *Properties* parameter description. + +## EXAMPLES + +### Example 1: Get all of the OUs in a domain +```powershell +PS C:\> Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A +``` +```output +Name DistinguishedName +---- ----------------- +Domain Controllers OU=Domain Controllers,DC=FABRIKAM,DC=COM +UserAccounts OU=UserAccounts,DC=FABRIKAM,DC=COM +Sales OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +Marketing OU=Marketing,OU=UserAccounts,DC=FABRIKAM,DC=COM +Production OU=Production,OU=UserAccounts,DC=FABRIKAM,DC=COM +HumanResources OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM +NorthAmerica OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +SouthAmerica OU=SouthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +Europe OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +AsiaPacific OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +Finance OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM +Corporate OU=Corporate,OU=UserAccounts,DC=FABRIKAM,DC=COM +ApplicationServers OU=ApplicationServers,DC=FABRIKAM,DC=COM +Groups OU=Groups,OU=Managed,DC=FABRIKAM,DC=COM +PasswordPolicyGroups OU=PasswordPolicyGroups,OU=Groups,OU=Managed,DC=FABRIKAM,DC=COM +Managed OU=Managed,DC=FABRIKAM,DC=COM +ServiceAccounts OU=ServiceAccounts,OU=Managed,DC=FABRIKAM,DC=COM +``` + +This command gets all of the OUs in a domain. + +### Example 2: Get an OU by its distinguished name +```powershell +PS C:\> Get-ADOrganizationalUnit -Identity 'OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' | Format-Table Name,Country,PostalCode,City,StreetAddress,State -A +``` +```output +Name Country PostalCode City StreetAddress State +---- ------- ---------- ---- ------------- ----- +AsiaPacific AU 4171 Balmoral 45 Martens Place QLD +``` + +This command gets the OU with the distinguished name OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 3: Get child OUs +```powershell +PS C:\> Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' -SearchScope OneLevel | Format-Table Name,Country,PostalCode,City,StreetAddress,State +``` +```output +Name Country PostalCode City StreetAddress State +---- ------- ---------- ---- ------------- ----- +AsiaPacific AU 4171 Balmoral 45 Martens Place QLD +Europe UK NG34 0NI QUARRINGTON 22 Station Rd +NorthAmerica US 02142 Cambridge 1634 Randolph Street MA +``` + +This command gets OUs underneath the Sales OU using an LDAP filter. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory organizational unit object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Account Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADOrganizationalUnit +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an AD DS query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an AD DS query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a global catalog (GC) port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a GC port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit +An OU object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADOrganizationalUnit +Returns one or more OU objects. + +This cmdlet returns a default set of **ADOrganizational** property values. +To retrieve additional **ADOrganizational** properties, use the *Properties* parameter. + +To view the properties for an **ADOrganizational** object, see the following examples. +To run these examples, replace \ with an OU identifier such as the distinguished name of an OU. + +To get a list of the default set of properties of an **ADOrganizational** object, use the following command: + +`Get-ADOrganizationalUnit`\`| Get-Member` + +To get a list of all the properties of an **ADOrganizational** object, use the following command: + +`Get-ADOrganizationalUnit`\`-Properties * | Get-Member` + +## NOTES + +## RELATED LINKS + +[New-ADOrganizationalUnit](./New-ADOrganizationalUnit.md) + +[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md) + +[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADPrincipalGroupMembership.md b/docset/winserver2025-ps/activedirectory/Get-ADPrincipalGroupMembership.md new file mode 100644 index 0000000000..2d1a148691 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADPrincipalGroupMembership.md @@ -0,0 +1,389 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adprincipalgroupmembership?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADPrincipalGroupMembership +--- + +# Get-ADPrincipalGroupMembership + +## SYNOPSIS +Gets the Active Directory groups that have a specified user, computer, group, or service account. + +## SYNTAX + +``` +Get-ADPrincipalGroupMembership [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-ResourceContextPartition ] [-ResourceContextServer ] + [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADPrincipalGroupMembership** cmdlet gets the Active Directory groups that have a specified user, computer, group, or service account as a member. +This cmdlet requires a global catalog to perform the group search. +If the forest that contains the user, computer, or group does not have a global catalog, the cmdlet returns a non-terminating error. +If you want to search for local groups in another domain, use the *ResourceContextServer* parameter to specify the alternate server in the other domain. + +The *Identity* parameter specifies the user, computer, or group object that you want to determine group membership for. +You can identify a user, computer, or group object by its distinguished name, GUID, security identifier, or SAM account name. +You can also specify a user, group, or computer object variable, such as `$`, or pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADGroup** cmdlet to retrieve a group object and then pass the object through the pipeline to the Get-ADPrincipalGroupMembership cmdlet. +Similarly, you can use **Get-ADUser** or **Get-ADComputer** to get user and computer objects to pass through the pipeline. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Get group memberships for a user in an AD LDS instance +``` +PS C:\> Get-ADPrincipalGroupMembership -Server localhost:60000 -Identity "CN=DavidChew,DC=AppNC" -Partition "DC=AppNC" +``` + +This command gets all of the group memberships for the user CN=DavidChew,DC=AppNC in an AD LDS instance. + +### Example 2: Get group memberships for the Administrator +``` +PS C:\> Get-ADPrincipalGroupMembership -Identity Administrator + + +distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Domain Users +objectClass : group +objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 +SamAccountName : Domain Users +SID : S-1-5-21-41432690-3719764436-1984117282-513 + +distinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : DomainLocal +name : Administrators +objectClass : group +objectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 +SamAccountName : Administrators +SID : S-1-5-32-544 + +distinguishedName : CN=Schema Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Universal +name : Schema Admins +objectClass : group +objectGUID : 8d62890f-385e-4cfa-9b2a-c72576097583 +SamAccountName : Schema Admins +SID : S-1-5-21-41432690-3719764436-1984117282-518 + +distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Universal +name : Enterprise Admins +objectClass : group +objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf +SamAccountName : Enterprise Admins +SID : S-1-5-21-41432690-3719764436-1984117282-519 + +distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Domain Admins +objectClass : group +objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 +SamAccountName : Domain Admins +SID : S-1-5-21-41432690-3719764436-1984117282-512 + +distinguishedName : CN=Group Policy Creator Owners,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Group Policy Creator Owners +objectClass : group +objectGUID : a58f7bf2-fd20-4bbd-96f0-ee10fa1613c7 +SamAccountName : Group Policy Creator Owners +SID : S-1-5-21-41432690-3719764436-1984117282-520 +``` + +This command gets all the group memberships for the Administrator. + +### Example 3: Get group memberships for an account in a resource domain +``` +PS C:\> Get-ADPrincipalGroupMembership -Identity Administrator -ResourceContextServer ChildDomain.Fabrikam.Com -ResourceContextPartition "DC=Fabrikam,DC=com" + + +distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Domain Users +objectClass : group +objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 +SamAccountName : Domain Users +SID : S-1-5-21-41432690-3719764436-1984117282-513 + +distinguishedName : CN=Group Policy Creator Owners,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Group Policy Creator Owners +objectClass : group +objectGUID : a58f7bf2-fd20-4bbd-96f0-ee10fa1613c7 +SamAccountName : Group Policy Creator Owners +SID : S-1-5-21-41432690-3719764436-1984117282-520 + +distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Universal +name : Enterprise Admins +objectClass : group +objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf +SamAccountName : Enterprise Admins +SID : S-1-5-21-41432690-3719764436-1984117282-519 + +distinguishedName : CN=Schema Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Universal +name : Schema Admins +objectClass : group +objectGUID : 8d62890f-385e-4cfa-9b2a-c72576097583 +SamAccountName : Schema Admins +SID : S-1-5-21-41432690-3719764436-1984117282-518 + +distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : Global +name : Domain Admins +objectClass : group +objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 +SamAccountName : Domain Admins +SID : S-1-5-21-41432690-3719764436-1984117282-512 + +distinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com +GroupCategory : Security +GroupScope : DomainLocal +name : Administrators +objectClass : group +objectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 +SamAccountName : Administrators +SID : S-1-5-32-544 +``` + +This command gets all of the group memberships for the Administrator account in the local domain in the resource domain ChildDomain.Fabrikam.Com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory principal object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for **Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for **Partition** is set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: DefaultNC; Provider: The default is to use the Partition that you are currently in. Otherwise, use DefaultNC (that is, if you are in the RootDSE) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceContextPartition +Specifies the distinguished name of the partition of an AD or AD LDS instance to search. +Use this parameter with the *ResourceContextServer* parameter to specify a partition hosted by the specified server. +If the *ResourceContextPartition* parameter is not specified, the default partition of the *ResourceContextServer* is searched. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceContextServer +Specifies that the cmdlet return a list of groups that the user is a member of and that reside in the specified domain. +Use this parameter to search for groups in a domain that is not the domain where the user's account resides. +To search a partition other than the default partition in this domain, also specify the *ResourceContextPartition* parameter. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADPrincipal +A principal object that represents a user, computer or group is received by the *Identity* parameter. +Derived types, such as the following are also received by this parameter: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADGroup** + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADGroup +Returns group objects that have the specified user, computer, group or service account as a member. + +The **Get-ADPrincipalGroupMembership** cmdlet returns a default set of **ADGroup** property values. +To retrieve additional **ADGroup** properties pass the **ADGroups** objects produced by this cmdlet through the pipline to **Get-ADGroup**. +Specify the additional properties required from the group objects by passing the -Properties parameter to **Get-ADGroup**. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADUser](./Get-ADUser.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationAttributeMetadata.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationAttributeMetadata.md new file mode 100644 index 0000000000..c12f841ebf --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationAttributeMetadata.md @@ -0,0 +1,260 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationattributemetadata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationAttributeMetadata +--- + +# Get-ADReplicationAttributeMetadata + +## SYNOPSIS +Gets the replication metadata for one or more Active Directory replication partners. + +## SYNTAX + +``` +Get-ADReplicationAttributeMetadata [-AuthType ] [-Credential ] [-Filter ] + [-IncludeDeletedObjects] [-Object] [[-Properties] ] [-Server] + [-ShowAllLinkedValues] [] +``` + +## DESCRIPTION +The **Get-ADReplicationAttributeMetadata** cmdlet gets the replication metadata for one or more attributes on a given object. +The metadata is contained in the following two directory objects: + +- Single-value attribute: **msDS-ReplAttributeMetaData** +- Multi-value attribute: **msDS-ReplValueMetaData** + +The cmdlet parses the byte array(s) and returns the data in a readable format. + +## EXAMPLES + +### Example 1: Get replication metadata for the attributes of a group +``` +PS C:\> Get-ADReplicationAttributeMetadata -Object "CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com" -Server corp-DC01 -ShowAllLinkedValues +``` + +This command gets the replication metadata for the attributes of a group with distinguished name CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com from the CORP-DC01 domain controller. +By including the *ShowAllLinkedValues* parameter if a multi-valued attribute is present, all of its linked values are also retrieved. + +### Example 2: Get replication metadata for the attributes of an object +``` +PS C:\> Get-ADReplicationAttributeMetadata -Object "1A7BFEC6-C92C-4804-94B0-D407E51F1B64" -Server corp-DC01 -IncludeDeletedObjects +``` + +This command gets the replication metadata for the attributes of an object with the GUID 1A7BFEC6-C92C-4804-94B0-D407E51F1B64, including the deleted objects and the deactivated forward and backward links. + +### Example 3: Get filtered replication metadata for all groups +``` +PS C:\> Get-ADObject -Filter 'objectclass -eq "group"' | Get-ADReplicationAttributeMetadata -Server corp-DC01 | Where-Object {$_.lastoriginatingchangetime -like "*11/10/2011*"} | Format-Table object +``` + +This command gets all groups that have any of their attributes modified on 11/10/2011. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you are prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a filter in the provider's format or language. +The value of this parameter qualifies the *Path* parameter. +The syntax of the filter, including the use of wildcards, depends on the provider. +Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeDeletedObjects +Specifies to retrieve deleted objects and the deactivated forward and backward links. +When this parameter is specified, the cmdlet uses the following Lightweight Directory Access Protocol (LDAP) controls: + +- Show Deleted Objects (1.2.840.113556.1.4.417) +- Show Deactivated Links (1.2.840.113556.1.4.2065) + +Note: If this parameter is not specified, the cmdlet does not return or operate on deleted objects. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Object +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies a list of one or more attribute names as a comma separated list to return the metadata for replication partners. +This parameter also accepts * (wildcard) to indicate to return all attributes set on the object. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property, Attribute, Attributes + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShowAllLinkedValues +Indicates that the cmdlet returns all linked values if the attribute returned is multi-valued. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADObject +A class structure that represents the Active Directory objects. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationAttributeMetadata +A class structure that represents Active Directory replication attribute metadata objects. + +## NOTES +* The default behavior for this cmdlet is to prompt for object identity. Other tools that have been provided to manage this feature in previous releases of Windows Server include the Repadmin.exe command-line tool. + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationConnection.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationConnection.md new file mode 100644 index 0000000000..85a02eed69 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationConnection.md @@ -0,0 +1,244 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationconnection?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationConnection +--- + +# Get-ADReplicationConnection + +## SYNOPSIS +Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter. + +## SYNTAX + +### Filter (Default) +``` +Get-ADReplicationConnection [-AuthType ] [-Credential ] [-Filter ] + [-Properties ] [-Server ] [] +``` + +### Identity +``` +Get-ADReplicationConnection [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationConnection** cmdlet returns a specific Active Directory replication connection or a set of Active Directory replication connection objects based on a specified filter. +Connections are used to enable domain controllers to replicate with each other. +A connection defines a one-way, inbound route from one domain controller (the source), to another domain controller (the destination). +The Knowledge Consistency Checker (KCC) reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. + +## EXAMPLES + +### Example 1: Get all replication connections +``` +PS C:\> Get-ADReplicationConnection -Filter * +``` + +This command gets all of the replication connections. + +### Example 2: Get all replication connections from a specified domain controller +``` +PS C:\> Get-ADReplicationConnection -Filter "ReplicateFromDirectoryServer -eq 'corp-DC01'" +``` + +This command gets all replication connections that replicate from corp-DC01. + +### Example 3: Get a specified replication connection +``` +PS C:\> Get-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" +``` + +This command gets the replication connection with the GUID 5f98e288-19e0-47a0-9677-57f05ed54f6b. + +### Example 4: Get the properties of a replication connection +``` +PS C:\> Get-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" -Properties * +``` + +This command gets all the properties of the replication connection with the GUID 5f98e288-19e0-47a0-9677-57f05ed54f6b. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, see about_ActiveDirectory_ObjectModel. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationConnection +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationConnection +A connection object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationConnection + +## NOTES + +## RELATED LINKS + +[Set-ADReplicationConnection](./Set-ADReplicationConnection.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationFailure.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationFailure.md new file mode 100644 index 0000000000..6da3ede15f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationFailure.md @@ -0,0 +1,245 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationfailure?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationFailure +--- + +# Get-ADReplicationFailure + +## SYNOPSIS +Returns a collection of data describing an Active Directory replication failure. + +## SYNTAX + +### Target (Default) +``` +Get-ADReplicationFailure [-AuthType ] [-Credential ] [-EnumeratingServer ] + [-Filter ] [-Target] [] +``` + +### Scope +``` +Get-ADReplicationFailure [-AuthType ] [-Credential ] [-EnumeratingServer ] + [-Filter ] [-Scope] [[-Target] ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationFailure** cmdlet returns all failures currently associated with a given domain controller or Active Directory Lightweight Directory Services (AD LDS) instance. +The return object is of type **ADReplicationFailure**. +This cmdlet returns the list of failures in the **ADReplicationSummary** object for a specific server. + +## EXAMPLES + +### Example 1: Get replication failure data for a domain controller +``` +PS C:\> Get-ADReplicationFailure -Target corp-DC01 +``` + +This command gets a collection of data that describes an Active Directory replication failure for corp-DC01. + +### Example 2: Get replication failure data for a server +``` +PS C:\> Get-ADReplicationFailure -Target corp-DC01 -Scope Server +``` + +This command gets a collection of data that describes an Active Directory replication failure from corp-DC01. + +### Example 3: Get replication failure data for multiple domain controllers +``` +PS C:\> Get-ADReplicationFailure -Target corp-DC01,corp-DC02 +``` + +This command gets a collection of data describing an Active Directory replication failure from corp-DC01 and corp-DC02. + +### Example 4: Get replication failure data for a site +``` +PS C:\> Get-ADReplicationFailure -Target NorthAmerica -Scope Site +``` + +This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the site NorthAmerica. + +### Example 5: Get replication failure data for all domain controllers in a domain +``` +PS C:\> Get-ADReplicationFailure -Target "corp.contoso.com" -Scope Domain +``` + +This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the domain corp.contoso.com. + +### Example 6: Get replication failure data for all domain controllers in a forest +``` +PS C:\> Get-ADReplicationFailure -Target "corp.contoso.com" -Scope Forest +``` + +This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the forest corp.contoso.com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnumeratingServer +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a filter in the provider's format or language. +The value of this parameter qualifies the *Path* parameter. +The syntax of the filter, including the use of wildcards, depends on the provider. +Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Scope +Specifies the type of object used as input by the *Target* parameter. +The acceptable values for this parameter are: + +- Server +- Site +- Domain +- Forest + +```yaml +Type: ADScopeType +Parameter Sets: Scope +Aliases: ReplicationSite +Accepted values: Server, Domain, Forest, Site + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Target +Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. +It returns results for all the domain controllers that are specified or that are part of the specified container. + +```yaml +Type: Object[] +Parameter Sets: Target +Aliases: Name, HostName, Site, Domain, Forest + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +```yaml +Type: Object[] +Parameter Sets: Scope +Aliases: Name, HostName, Site, Domain, Forest + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDirectoryServer +A class structure that contains one or more Active Directory server objects. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationFailure +A class structure that represents Active Directory replication failure objects. + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationPartnerMetadata.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationPartnerMetadata.md new file mode 100644 index 0000000000..588896cfd3 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationPartnerMetadata.md @@ -0,0 +1,297 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationpartnermetadata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationPartnerMetadata +--- + +# Get-ADReplicationPartnerMetadata + +## SYNOPSIS +Returns the replication metadata for a set of one or more replication partners. + +## SYNTAX + +### Target (Default) +``` +Get-ADReplicationPartnerMetadata [-AuthType ] [-Credential ] + [-EnumerationServer ] [-Filter ] [[-Partition] ] [[-PartnerType] ] + [-Target] [] +``` + +### Scope +``` +Get-ADReplicationPartnerMetadata [-AuthType ] [-Credential ] + [-EnumerationServer ] [-Filter ] [[-Partition] ] [[-PartnerType] ] + [-Scope] [[-Target] ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationPartnerMetadata** cmdlet returns an Active Directory replication partner metadata object for each of its replication partners which contains all of the relevant replication data for the partners involved. +This includes attributes such as **LastReplicationSuccess** or **LastReplicationAttempt** and other data specific to each pairing of replication partners. +If the results are too verbose for your needs, you can use the *Partition* parameter to specify a partition to narrow down the results. +Optionally, you can use the *Filter* parameter to narrow down results as well. +If no partition or filter are specified for the results, the default naming context is used and metadata for all replication partners is returned. + +## EXAMPLES + +### Example 1: Get replication partner metadata for a domain controller +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target corp-DC01 +``` + +This command gets the replication metadata between corp-DC01 and its inbound partners for the default partition only. + +### Example 2: Get replication partner metadata for a domain controller and its inbound partners +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target corp-DC01 -PartnerType Inbound +``` + +This command gets the replication metadata between corp-DC01 and its inbound partners for the default partition only (same as above). + +### Example 3: Get replication partner metadata for a schema partition +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target corp-DC01,corp-DC02 -PartnerType Both -Partition Schema +``` + +This command gets the replication metadata between corp-DC01, corp-DC02 and their respective partners only (both inbound and outbound) for the schema partition. + +### Example 4: Get replication partner metadata for all domain controllers in a site +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target NorthAmerica -Scope Site -Partition * +``` + +This command gets the replication metadata for all the inbound partners of all the domain controllers within the NorthAmerica site for all hosted partitions. + +### Example 5: Get replication partner metadata for inbound partners for a default partition +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target "corp.contoso.com" -Scope Domain +``` + +This command gets the replication metadata for all the domain controllers that are inbound partners for the default partition in the domain corp.contoso.com. + +### Example 6: Get replication partner metadata for inbound partners in a forest +``` +PS C:\> Get-ADReplicationPartnerMetadata -Target "corp.contoso.com" -Scope Forest -Partition Configuration +``` + +This command gets the replication metadata for all the domain controllers that are inbound partners for the configuration partition in the forest corp.contoso.com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnumerationServer +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a filter in the provider's format or language. +The value of this parameter qualifies the *Path* parameter. +The syntax of the filter, including the use of wildcards, depends on the provider. +Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: NC, NamingContext + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PartnerType +Specifies an enumeration of the replication types returned by this cmdlet. +The acceptable values for this parameter are: + +- Inbound +- Outbound +- Both + +```yaml +Type: ADPartnerType +Parameter Sets: (All) +Aliases: +Accepted values: Inbound, Outbound, Both + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Scope +Specifies the scope type for the Target parameter when used as input. +The acceptable values for this parameter are: + +- Server +- Site +- Domain +- Forest + +Server + +Site + +Domain + +Forest + +```yaml +Type: ADScopeType +Parameter Sets: Scope +Aliases: +Accepted values: Server, Domain, Forest, Site + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Target +Specifies the target for returning replication partner metadata as either one or more domain controllers, sites, domains, or forests. +If multiple values for the target are to be specified, they need to be separated by commas. +This parameter will return results for all the domain controllers specified or for part of the specified container. + +```yaml +Type: Object[] +Parameter Sets: Target +Aliases: Name, HostName, Site, Domain, Forest + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +```yaml +Type: Object[] +Parameter Sets: Scope +Aliases: Name, HostName, Site, Domain, Forest + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDirectoryServer +A class structure that represents Active Directory server objects. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationPartnerMetadata +A class structure that represents Active Directory replication partner metadata objects. + +## NOTES +* The default behavior for this cmdlet is to prompt for server identity. Other tools that have been made available in prior releases of Windows Server to manage replication partnerships include Active Directory Sites and Services and the Repadmin.exe tool. If this cmdlet is aliased, it should use ReplSummary as the alias name value. + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationQueueOperation.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationQueueOperation.md new file mode 100644 index 0000000000..737f32583a --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationQueueOperation.md @@ -0,0 +1,198 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationqueueoperation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationQueueOperation +--- + +# Get-ADReplicationQueueOperation + +## SYNOPSIS +Returns the contents of the replication queue for a specified server. + +## SYNTAX + +``` +Get-ADReplicationQueueOperation [-AuthType ] [-Credential ] [-Server] + [-Filter ] [[-Partition] ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationQueueOperation** cmdlet returns all of the pending operations in the replication queue. +While replication operations are pending, this cmdlet can be useful for determining the status of queued operations. + +You can call the **Get-ADReplicationQueueOperation** cmdlet from script to observe when operations are moved out of the queue as they are replicated. +It also allows for filtering on any of the properties on the **ADReplicationOperation** object. + +The replication queue operates in the following manner: suppose a domain controller has five inbound replication connections. +As the domain controller formulates change requests, either by a schedule being reached or from a notification, it adds a work item for each request to the end of the queue of pending synchronization requests. +Each pending synchronization request represents one \ pair, such as synchronize the schema directory partition from DC1 or delete the ApplicationX directory partition. + +When a work item has been received into the queue, notification and polling intervals do not apply. +Instead, the domain controller processes the item (begins synchronizing from its source) as soon as the work item reaches the front of the replication queue. +This process continues until either the destination is fully synchronized with the source domain controller, an error occurs, or the synchronization is pre-empted by a higher-priority operation. + +## EXAMPLES + +### Example 1: Get the pending operations in a replication queue +``` +PS C:\> Get-ADReplicationQueueOperation -Server "corp-DC01.corp.contoso.com" +``` + +This command gets the pending operations in the replication queue for the domain controller corp-DC01 as specified by its fully qualified domain name (FQDN). + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a filter in the provider's format or language. +The value of this parameter qualifies the *Path* parameter. +The syntax of the filter, including the use of wildcards, depends on the provider. +Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the Partition parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: NC, NamingContext + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDirectoryServer +A class structure that represents one or more Active Directory servers. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationOperation +A class structure that represents one or more Active Directory replication operations. + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationSite.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSite.md new file mode 100644 index 0000000000..58d1fd48f2 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSite.md @@ -0,0 +1,265 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationsite?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationSite +--- + +# Get-ADReplicationSite + +## SYNOPSIS +Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter. + +## SYNTAX + +### Identity (Default) +``` +Get-ADReplicationSite [-AuthType ] [-Credential ] [[-Identity] ] + [-Properties ] [-Server ] [] +``` + +### Filter +``` +Get-ADReplicationSite [-AuthType ] [-Credential ] -Filter + [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationSite** cmdlet returns a specific Active Directory replication site or a set of replication site objects based on a specified filter. +Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. +Sites can also be used to optimize replication between domain controllers. + +## EXAMPLES + +### Example 1: Get all replication sites +``` +PS C:\> Get-ADReplicationSite -Filter * +``` + +This command gets all Active Directory Replication sites. + +### Example 2: Get replication sites by flag +``` +PS C:\> Get-ADReplicationSite -Properties * -Filter "WindowsServer2003KCCSiteLinkBridgingEnabled -eq `$TRUE" +``` + +This command gets all sites that have the WindowsServer2003KCCBehaviorEnabled flag turned on. +The *Properties* parameter must be set because the **WindowsServer2003KCCSiteLinkBridgingEnabled** property is not retrieved by default. + +### Example 3: Get replication sites by name +``` +PS C:\> Get-ADReplicationSite -Identity NorthAmerica +``` + +This command gets the site with name NorthAmerica. + +### Example 4: Get replication sites by name and property +``` +PS C:\> Get-ADReplicationSite -Identity NorthAmerica -Properties AutomaticInterSiteTopologyGenerationEnabled +``` + +This command gets the **AutomaticInterSiteTopologyGenerationEnabled** property of the site with name NorthAmerica. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSite +Parameter Sets: Identity +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite +A site object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationSite + +## NOTES + +## RELATED LINKS + +[New-ADReplicationSite](./New-ADReplicationSite.md) + +[Remove-ADReplicationSite](./Remove-ADReplicationSite.md) + +[Set-ADReplicationSite](./Set-ADReplicationSite.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLink.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLink.md new file mode 100644 index 0000000000..614f458522 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLink.md @@ -0,0 +1,272 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationsitelink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationSiteLink +--- + +# Get-ADReplicationSiteLink + +## SYNOPSIS +Returns a specific Active Directory site link or a set of site links based on a specified filter. + +## SYNTAX + +### Filter (Default) +``` +Get-ADReplicationSiteLink [-AuthType ] [-Credential ] -Filter + [-Properties ] [-Server ] [] +``` + +### Identity +``` +Get-ADReplicationSiteLink [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationSiteLink** cmdlet can be used to return a specific Active Directory site link or a set of site links based on a specified filter. +A site link connects two or more sites. +Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. +You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. + +## EXAMPLES + +### Example 1: Get all replication site links +``` +PS C:\> Get-ADReplicationSiteLink -Filter * +``` + +This command gets all the site links. + +### Example 2: Get all specified replication site links +``` +PS C:\> Get-ADReplicationSiteLink -Filter "SitesIncluded -eq 'NorthAmerica'" | Format-Table Name,SitesIncluded -A +``` + +This command gets all site links that include NorthAmerica. + +### Example 3: Get filtered replication site links +``` +PS C:\> Get-ADReplicationSiteLink -Filter "Cost -gt 100 -and ReplicationFrequencyInMinutes -lt 15" +``` + +This command gets all site links that have a cost greater than 100 and a replication frequency less than 15 minutes. + +### Example 4: Get a replication site link by name +``` +PS C:\> Get-ADReplicationSiteLink -Identity "Europe-Asia" +``` + +This command gets the site link with name Europe-Asia. + +### Example 5: Get a specified property of a replication site link +``` +PS C:\> Get-ADReplicationSiteLink -Identity "Europe-Asia" -Properties ReplicationSchedule +``` + +This command gets the **ReplicationSchedule** property of the site link with the name Europe-Asia. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLink +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink +A site link object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationSiteLink + +## NOTES + +## RELATED LINKS + +[New-ADReplicationSiteLink](./New-ADReplicationSiteLink.md) + +[Remove-ADReplicationSiteLink](./Remove-ADReplicationSiteLink.md) + +[Set-ADReplicationSiteLink](./Set-ADReplicationSiteLink.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLinkBridge.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLinkBridge.md new file mode 100644 index 0000000000..0b15e791fb --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSiteLinkBridge.md @@ -0,0 +1,252 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationsitelinkbridge?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationSiteLinkBridge +--- + +# Get-ADReplicationSiteLinkBridge + +## SYNOPSIS +Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter. + +## SYNTAX + +### Filter (Default) +``` +Get-ADReplicationSiteLinkBridge [-AuthType ] [-Credential ] -Filter + [-Properties ] [-Server ] [] +``` + +### Identity +``` +Get-ADReplicationSiteLinkBridge [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationSiteLinkBridge** cmdlet gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter. +A site link bridge connects two or more site links and enables transitivity between site links. +Each site link in a bridge must have a site in common with another site link in the bridge. + +## EXAMPLES + +### Example 1: Get all site link bridges +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Filter * +``` + +This command gets all of the site link bridges. + +### Example 2: Get a filtered list of site link bridges +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Filter "SiteLinksIncluded -eq 'NorthAmerica-Europe'" | FT Name,SiteLinksIncluded -A +``` + +This command gets all site link bridges that include the site link NorthAmerica-Europe. + +### Example 3: Get a specified site link bridge +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" +``` + +This command gets the site link bridge with the name NorthAmerica-Europe. + +### Example 4: Get the properties of a site link bridge +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" -Properties * +``` + +This command gets all of the properties of the site link bridge with the name NorthAmerica-Europe. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLinkBridge +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge +A site link bridge object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge + +## NOTES +* By default, the following site link bridge properties are returned: + +- Name +- Description +- SiteLinksIncluded +- DN + +## RELATED LINKS + +[New-ADReplicationSiteLinkBridge](./New-ADReplicationSiteLinkBridge.md) + +[Remove-ADReplicationSiteLinkBridge](./Remove-ADReplicationSiteLinkBridge.md) + +[Set-ADReplicationSiteLinkBridge](./Set-ADReplicationSiteLinkBridge.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationSubnet.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSubnet.md new file mode 100644 index 0000000000..2480afab1e --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationSubnet.md @@ -0,0 +1,265 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationsubnet?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationSubnet +--- + +# Get-ADReplicationSubnet + +## SYNOPSIS +Gets one or more Active Directory subnets. + +## SYNTAX + +### Filter (Default) +``` +Get-ADReplicationSubnet [-AuthType ] [-Credential ] -Filter + [-Properties ] [-Server ] [] +``` + +### Identity +``` +Get-ADReplicationSubnet [-AuthType ] [-Credential ] [-Identity] + [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationSubnet** cmdlet gets a specific Active Directory subnet or a set of subnets based on a specified filter. +Subnet objects (class subnet) define network subnets in Active Directory. +A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. +Subnets group computers in a way that identifies their physical proximity on the network. +Subnet objects in Active Directory are used to map computers to sites. + +## EXAMPLES + +### Example 1: Get all subnets +``` +PS C:\> Get-ADReplicationSubnet -Filter * +``` + +This command gets all of the subnets. + +### Example 2: Get subnets in a specified location +``` +PS C:\> Get-ADReplicationSubnet -Filter "Location -like '*Japan'" +``` + +This command gets all the subnets in Japan. + +### Example 3: Get subnets with a specified name +``` +PS C:\> Get-ADReplicationSubnet -Identity "10.0.0.0/25" +``` + +This command gets the subnet with name 10.0.0.0/25. + +### Example 4: Get the properties of a specified subnet +``` +PS C:\> Get-ADReplicationSubnet -Identity "10.0.0.0/25" -Properties * +``` + +This command gets all of the properties of the subnet identified as 10.0.0.0/25. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, see about_ActiveDirectory_ObjectModel. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSubnet +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet +A subnet object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationSubnet + +## NOTES + +## RELATED LINKS + +[New-ADReplicationSubnet](./New-ADReplicationSubnet.md) + +[Remove-ADReplicationSubnet](./Remove-ADReplicationSubnet.md) + +[Set-ADReplicationSubnet](./Set-ADReplicationSubnet.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADReplicationUpToDatenessVectorTable.md b/docset/winserver2025-ps/activedirectory/Get-ADReplicationUpToDatenessVectorTable.md new file mode 100644 index 0000000000..7bc471b846 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADReplicationUpToDatenessVectorTable.md @@ -0,0 +1,282 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adreplicationuptodatenessvectortable?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADReplicationUpToDatenessVectorTable +--- + +# Get-ADReplicationUpToDatenessVectorTable + +## SYNOPSIS +Displays the highest Update Sequence Number (USN) for the specified domain controller. + +## SYNTAX + +### Target (Default) +``` +Get-ADReplicationUpToDatenessVectorTable [-AuthType ] [-Credential ] + [-EnumerationServer ] [-Filter ] [[-Partition] ] [-Target] + [] +``` + +### Scope +``` +Get-ADReplicationUpToDatenessVectorTable [-AuthType ] [-Credential ] + [-EnumerationServer ] [-Filter ] [[-Partition] ] [-Scope] + [[-Target] ] [] +``` + +## DESCRIPTION +The **Get-ADReplicationUpToDatenessVectorTable** cmdlet displays the highest Update Sequence Number (USN) for the specified domain controller(s). +This information shows how up-to-date a replica is with its replication partners. +During replication, each object that is replicated has USN and if the object is modified, the USN is incremented. +The value of the USN for a given object is local to each domain controller where it has replicated are number is different on each domain controller. + +## EXAMPLES + +### Example 1: Get the highest USN for the default partition +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01 +``` + +This command gets the highest USN information for the default partition from corp-DC01. + +### Example 2: Get the highest USN for the default partition +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01 -Scope Server +``` + +This command gets the highest USN information for the default partition from corp-DC01. + +### Example 3: Get the highest USN for a schema partition +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01,corp-DC02 -Partition Schema +``` + +This command gets the highest USN information for the schema partition from corp-DC01 and corp-DC02. + +### Example 4: Get the highest USN for all partitions for all domain controllers in a site +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target NorthAmerica -Scope Site -Partition * +``` + +This command gets the highest USN for all partitions from all the domain controllers in site NorthAmerica. + +### Example 5: Get the highest USN for the default partition from all domain controllers in a domain +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target "corp.contoso.com" -Scope Domain -Partition Default +``` + +This command gets the highest USN for the default partition from all the domain controllers in domain corp.contoso.com. + +### Example 6: Get the highest USN for the configuration partition from all domain controllers in a forest +``` +PS C:\> Get-ADReplicationUpToDatenessVectorTable -Target "corp.contoso.com" -Scope Forest -Partition Configuration +``` + +This command gets the highest USN for the configuration partition from all the domain controllers in forest corp.contoso.com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnumerationServer +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Specify the instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a filter in the provider's format or language. +The value of this parameter qualifies the *Path* parameter. +The syntax of the filter, including the use of wildcards, depends on the provider. +Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: NC, NamingContext + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Scope +Specifies the type of object used as input by the *Target* parameter. +The acceptable values for this parameter are: + +- Server +- Site +- Domain +- Forest + +```yaml +Type: ADScopeType +Parameter Sets: Scope +Aliases: ReplicationSite +Accepted values: Server, Domain, Forest, Site + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Target +Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. +It will return results for all the domain controllers that are specified or that are part of the specified container. + +```yaml +Type: Object[] +Parameter Sets: Target +Aliases: Name, HostName, Site, Domain, Forest + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +```yaml +Type: Object[] +Parameter Sets: Scope +Aliases: Name, HostName, Site, Domain, Forest + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDirectoryServer +A class structure that contains one or more Active Directory server objects. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADReplicationUpToDatenessVector +A class structure that contains one or more Active Directory replication up-to-dateness (UTD) vector tables. + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADResourceProperty.md b/docset/winserver2025-ps/activedirectory/Get-ADResourceProperty.md new file mode 100644 index 0000000000..7698e4545b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADResourceProperty.md @@ -0,0 +1,307 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adresourceproperty?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADResourceProperty +--- + +# Get-ADResourceProperty + +## SYNOPSIS +Gets one or more resource properties. + +## SYNTAX + +### Filter (Default) +``` +Get-ADResourceProperty [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-Server ] + [] +``` + +### Identity +``` +Get-ADResourceProperty [-AuthType ] [-Credential ] [-Identity] + [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADResourceProperty [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADResourceProperty** cmdlet gets one or more resource properties. + +## EXAMPLES + +### Example 1: Get filtered resource properties +``` +PS C:\> Get-ADResourceProperty -Filter "SharesValuesWith -eq 'Country'" +``` + +This command gets all the resource properties that refer to the claim type named Country for their suggested values. + +### Example 2: Get the specified resource property +``` +PS C:\> Get-ADResourceProperty -Identity Authors +``` + +This command gets the resource property with display name Authors. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourceProperty +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADResourceProperty + +## NOTES + +## RELATED LINKS + +[New-ADResourceProperty](./New-ADResourceProperty.md) + +[Remove-ADResourceProperty](./Remove-ADResourceProperty.md) + +[Set-ADResourceProperty](./Set-ADResourceProperty.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyList.md b/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyList.md new file mode 100644 index 0000000000..43c009db07 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyList.md @@ -0,0 +1,315 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adresourcepropertylist?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADResourcePropertyList +--- + +# Get-ADResourcePropertyList + +## SYNOPSIS +Gets resource property lists from Active Directory. + +## SYNTAX + +### Filter (Default) +``` +Get-ADResourcePropertyList [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-Server ] + [] +``` + +### Identity +``` +Get-ADResourcePropertyList [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADResourcePropertyList [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADResourcePropertyList** cmdlet gets resource property lists from Active Directory. + +## EXAMPLES + +### Example 1: Get all resource property lists +``` +PS C:\> Get-ADResourcePropertyList -Filter * +``` + +This command gets a list of all resource property lists. + +### Example 2: Get all resource property lists with a specified property +``` +PS C:\> Get-ADResourcePropertyList -Filter "Members -eq 'Country'" +``` + +This command gets all resource property lists that include the resource property Country. + +### Example 3: Get a specified resource property list +``` +PS C:\> Get-ADResourcePropertyList -Identity "Global Resource Property List" +``` + +This command gets the global resource property list. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the Filter parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: +he following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the Filter parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADResourcePropertyList + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[New-ADResourcePropertyList](./New-ADResourcePropertyList.md) + +[Remove-ADResourcePropertyList](./Remove-ADResourcePropertyList.md) + +[Set-ADResourcePropertyList](./Set-ADResourcePropertyList.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyValueType.md b/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyValueType.md new file mode 100644 index 0000000000..2c79b35813 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADResourcePropertyValueType.md @@ -0,0 +1,277 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adresourcepropertyvaluetype?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADResourcePropertyValueType +--- + +# Get-ADResourcePropertyValueType + +## SYNOPSIS +Gets a resource property value type from Active Directory. + +## SYNTAX + +### Filter (Default) +``` +Get-ADResourcePropertyValueType [-AuthType ] [-Credential ] -Filter + [-Properties ] [-Server ] [] +``` + +### Identity +``` +Get-ADResourcePropertyValueType [-AuthType ] [-Credential ] + [-Identity] [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADResourcePropertyValueType [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADResourcePropertyValueType** cmdlet retrieves a resource property value type from Active Directory. +The resource property value type supports the following Active Directory primitives (**ValueType**, **IsSingleValued**, **RestrictValues**) and a Boolean indicating whether **SuggestedValues** are allowed. + +## EXAMPLES + +### Example 1: Get all resource property value types +``` +PS C:\> Get-ADResourcePropertyValueType -Filter * | Format-Table Name +``` + +This command gets the names of all resource property value types. + +### Example 2: Get resource property value types for specified resource properties +``` +PS C:\> Get-ADResourcePropertyValueType -Filter "ResourceProperties -eq 'Country' -or ResourceProperties -eq 'Authors'" +``` + +This command gets all resource property value types that the resource properties Country and Authors use. + +### Example 3: Get the specified resource property value type +``` +PS C:\> Get-ADResourcePropertyValueType -Identity "MS-DS-Text" +``` + +This command gets a resource property value type named MS-DS-Text. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: PowerShell wildcards other than *, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourcePropertyValueType +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. +For more information, type `Get-Help Get-Member`. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyValueType + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADResourcePropertyValueType +- Default +- 1 ValueType +- 2 IsSingleValued +- 3 RestrictValues +- 4 AreSuggestedValuesPresent + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADRootDSE.md b/docset/winserver2025-ps/activedirectory/Get-ADRootDSE.md new file mode 100644 index 0000000000..a23b9c31a3 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADRootDSE.md @@ -0,0 +1,237 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adrootdse?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADRootDSE +--- + +# Get-ADRootDSE + +## SYNOPSIS +Gets the root of a directory server information tree. + +## SYNTAX + +``` +Get-ADRootDSE [-AuthType ] [-Credential ] [-Properties ] [-Server ] + [] +``` + +## DESCRIPTION +The **Get-ADRootDSE** cmdlet gets the object that represents the root of the directory information tree of a directory server. +This tree provides information about the configuration and capabilities of the directory server, such as the distinguished name for the configuration container, the current time on the directory server, and the functional levels of the directory server and the domain. + +## EXAMPLES + +### Example 1: Get the root of a directory server information tree +``` +PS C:\> Get-ADRootDSE +configurationNamingContext : CN=Configuration,DC=Fabrikam,DC=com +currentTime : 3/18/2009 11:12:55 AM +defaultNamingContext : DC=Fabrikam,DC=com +dnsHostName : FABRIKAM-DC1.Fabrikam.com +domainControllerFunctionality : Windows2008R2 +domainFunctionality : Windows2003Domain +dsServiceName : CN=NTDS Settings,CN=FABRIKAM-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com +forestFunctionality : Windows2003Forest +highestCommittedUSN : 23015 +isGlobalCatalogReady : {TRUE} +isSynchronized : {TRUE} +ldapServiceName : Fabrikam.com:FABRIKAM-DC1$@FABRIKAM.COM +namingContexts : {DC=Fabrikam,DC=com, CN=Configuration,DC=Fabrikam,DC=com, CN=Schema,CN=Configuration,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com...} +rootDomainNamingContext : DC=Fabrikam,DC=com +schemaNamingContext : CN=Schema,CN=Configuration,DC=Fabrikam,DC=com +serverName : CN=FABRIKAM-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com +subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,DC=Fabrikam,DC=com +supportedCapabilities : {1.2.840.113556.1.4.800 (LDAP_CAP_ACTIVE_DIRECTORY_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} +supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} +supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} +supportedLDAPVersion : {3, 2} +supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} +``` + +This command gets the root of the directory server information tree of the directory server from the default domain controller. + +### Example 2: Get the root of the directory server information tree with the specified property +``` +PS C:\> Get-ADRootDSE -Server Fabrikam-RODC1 -Properties supportedExtension +configurationNamingContext : CN=Configuration,DC=Fabrikam,DC=com +currentTime : 3/18/2009 11:12:55 AM +defaultNamingContext : DC=Fabrikam,DC=com +dnsHostName : FABRIKAM-RODC1.Fabrikam.com +domainControllerFunctionality : Windows2008R2 +domainFunctionality : Windows2003Domain +dsServiceName : CN=NTDS Settings,CN=FABRIKAM-RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com +forestFunctionality : Windows2003Forest +highestCommittedUSN : 23015 +isGlobalCatalogReady : {TRUE} +isSynchronized : {TRUE} +ldapServiceName : Fabrikam.com:FABRIKAM-RODC1$@FABRIKAM.COM +namingContexts : {DC=Fabrikam,DC=com, CN=Configuration,DC=Fabrikam,DC=com, CN=Schema,CN=Configuration,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com...} +rootDomainNamingContext : DC=Fabrikam,DC=com +schemaNamingContext : CN=Schema,CN=Configuration,DC=Fabrikam,DC=com +serverName : CN=FABRIKAM-RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com +subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,DC=Fabrikam,DC=com +supportedCapabilities : {1.2.840.113556.1.4.800 (LDAP_CAP_ACTIVE_DIRECTORY_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} +supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} +supportedExtension : {1.3.6.1.4.1.1466.20037, 1.3.6.1.4.1.1466.101.119.1, 1.2.840.113556.1.4.1781, 1.3.6.1.4.1.4203.1.11.3} +supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} +supportedLDAPVersion : {3, 2} +supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} +``` + +This command gets the root of the directory server information tree including the **supportedExtension** property for Fabrikam-RODC1 server. + +### Example 3: Get the root of a directory server information tree by using credentials +``` +PS C:\> Get-ADRootDSE -Server "FABRIKAM-ADLDS1.Fabrikam.com:60000" -Credential "FABRIKAM\User1" +configurationNamingContext : CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} +currentTime : 3/18/2009 11:40:19 AM +dnsHostName : FABRIKAM-ADLDS1.Fabrikam.com +domainControllerFunctionality : Windows2008R2 +dsServiceName : CN=NTDS Settings,CN=FABRIKAM-ADLDS1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C +N=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} +forestFunctionality : Windows2003Forest +highestCommittedUSN : 13967 +isSynchronized : {TRUE} +namingContexts : {CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA}, CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA}, DC=AppNC} +schemaNamingContext : CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} +serverName : CN=FABRIKAM-ADLDS1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} +subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} +supportedCapabilities : {1.2.840.113556.1.4.1851 (LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} +supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} +supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} +supportedLDAPVersion : {3, 2} +supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} +``` + +This command gets the root of the directory server information tree of FABRIKAM-ADLDS1 using the FABRIKAM\user1 credentials. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. +For more information, type `Get-Help Get-Member`. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADRootDSE +An **ADRootDSE** object that represents the data tree for the specified directory server is output by this cmdlet. + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Get-ADServiceAccount.md new file mode 100644 index 0000000000..f2768f96df --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADServiceAccount.md @@ -0,0 +1,457 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADServiceAccount +--- + +# Get-ADServiceAccount + +## SYNOPSIS +Gets one or more Active Directory managed service accounts or group managed service accounts. + +## SYNTAX + +### Filter (Default) +``` +Get-ADServiceAccount [-AuthType ] [-Credential ] -Filter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +### Identity +``` +Get-ADServiceAccount [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADServiceAccount [-AuthType ] [-Credential ] -LDAPFilter + [-Properties ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADServiceAccount** cmdlet gets a managed service account or performs a search to get managed service accounts. + +The **Identity** parameter specifies the Active Directory managed service account to get. +You can identify a managed service account by its distinguished name, GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the parameter to a managed service account object variable, such as `$` or pass a managed service account object through the pipeline to the **Identity** parameter. + +To search for and retrieve more than one managed service account, use the **Filter** or **LDAPFilter** parameters. +The **Filter** parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type conversion support for value types received by the **Filter** parameter. +For more information about the **Filter** parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the **LDAPFilter** parameter. + +This cmdlet gets a default set of managed service account object properties. +To get additional properties use the **Properties** parameter. +For more information about the how to determine the properties for service account objects, see the **Properties** parameter description. + +## EXAMPLES + +### Example 1: Get a managed service account by its Security Account Manager name +```powershell +PS C:\> Get-ADServiceAccount -Identity service1 +``` +```output +Enabled : True +Name : service1 +UserPrincipalName : +SamAccountName : service1$ +ObjectClass : msDS-ManagedServiceAccount +SID : S-1-5-21-159507390-2980359153-3438059098-29770 +ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a +HostComputers : +DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com +``` + +This command gets a managed service account with SAM account name service1. + +### Example 2: Get a managed service account by its SID +```powershell +PS C:\> Get-ADServiceAccount -Identity S-1-5-21-159507390-2980359153-3438059098-29770 +``` +```output +Enabled : True +Name : service1 +UserPrincipalName : +SamAccountName : service1$ +ObjectClass : msDS-ManagedServiceAccount +SID : S-1-5-21-159507390-2980359153-3438059098-29770 +ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a +HostComputers : +DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com +``` + +This command gets the managed service account with SID `S-1-5-21-159507390-2980359153-3438059098-29770`. + +### Example 3: Get a filtered list of managed service accounts +```powershell +PS C:\> Get-ADServiceAccount -Filter "HostComputers -eq 'CN=SQL-Server-1, DC=contoso,DC=com'" +``` +```output +Enabled : True +Name : service1 +UserPrincipalName : +SamAccountName : service1$ +ObjectClass : msDS-ManagedServiceAccount +SID : S-1-5-21-159507390-2980359153-3438059098-29770 +ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a +HostComputers : {CN=SQL-Server-1, DC=contoso,DC=com} +DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com +``` + +This command gets the managed service accounts allowed to be used on the computer `CN=SQL-Server-1,DC=contoso,DC=com`. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the **Filter** parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the **Filter** parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The **Filter** parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the **Filter** parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the **Identity** parameter. + +In many cases, a default value will be used for the **Partition** parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In AD DS environments, a default value for **Partition** will be set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** will be set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for Partition will be set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. +For more information, type `Get-Help Get-Member`. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to `$Null` (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is `$Null`. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the **SearchBase** parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. +If the value of the **SearchBase** parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the **Server** parameter is determined by one of the following methods in the order that they are listed: + +- By using **Server** value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the **Identity** parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADServiceAccount +Returns one or more managed service account (MSA) objects. + +This cmdlet returns a default set of ADService account property values. +To retrieve additional ADService account properties, use the **Properties** parameter. + +## NOTES +* This cmdlet does not work with AD LDS. + +## RELATED LINKS + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADTrust.md b/docset/winserver2025-ps/activedirectory/Get-ADTrust.md new file mode 100644 index 0000000000..3a74213b19 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADTrust.md @@ -0,0 +1,302 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-adtrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADTrust +--- + +# Get-ADTrust + +## SYNOPSIS +Gets all trusted domain objects in the directory. + +## SYNTAX + +### Filter (Default) +``` +Get-ADTrust [-AuthType ] [-Credential ] -Filter [-Properties ] + [-Server ] [] +``` + +### Identity +``` +Get-ADTrust [-AuthType ] [-Credential ] [-Identity] + [-Properties ] [-Server ] [] +``` + +### InputObject +``` +Get-ADTrust [-AuthType ] [-Credential ] -InputObject + [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADTrust [-AuthType ] [-Credential ] -LDAPFilter [-Properties ] + [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADTrust** cmdlet returns all of the trusted domain objects in the directory. + +## EXAMPLES + +### Example 1: Get all trusted domain objects in a forest +``` +PS C:\> Get-ADTrust -Filter * +``` + +This command gets all of the trusted domain objects in the forest. + +### Example 2: Get filtered trusted domain objects +``` +PS C:\> Get-ADTrust -Filter "Target -eq 'corp.contoso.com'" +``` + +This command gets all the trusted domain objects with corp.contoso.com as the trust partner. + +### Example 3: Get the specified trusted domain object +``` +PS C:\> Get-ADTrust -Identity "corp.contoso.com" +``` + +This command gets the trusted domain object with name corp.contoso.com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a PSCredential object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished Name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADTrust +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Specifies an Active Directory input object. +This parameter can accept one of the following object types: + +- ADForest +- ADDomain +- ADObject + +The cmdlet will retrieve the corresponding **ADTrust** based on the input object specified. + +```yaml +Type: Object +Parameter Sets: InputObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADTrust +A trusted domain object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADTrust + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/activedirectory/Get-ADUser.md b/docset/winserver2025-ps/activedirectory/Get-ADUser.md new file mode 100644 index 0000000000..3772366ff4 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADUser.md @@ -0,0 +1,473 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-aduser?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADUser +--- + +# Get-ADUser + +## SYNOPSIS +Gets one or more Active Directory users. + +## SYNTAX + +### Filter (Default) +``` +Get-ADUser [-AuthType ] [-Credential ] -Filter [-Properties ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [] +``` + +### Identity +``` +Get-ADUser [-AuthType ] [-Credential ] [-Identity] [-Partition ] + [-Properties ] [-Server ] [] +``` + +### LdapFilter +``` +Get-ADUser [-AuthType ] [-Credential ] -LDAPFilter [-Properties ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADUser** cmdlet gets a specified user object or performs a search to get multiple user objects. + +The *Identity* parameter specifies the Active Directory user to get. +You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the parameter to a user object variable such as `$` or pass a user object through the pipeline to the *Identity* parameter. + +To search for and retrieve more than one user, use the *Filter* or *LDAPFilter* parameters. +The *Filter* parameter uses the PowerShell Expression Language to write query strings for Active Directory. +PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +For more information about the *Filter* parameter syntax, type `Get-Help about_ActiveDirectory_Filter`. +If you have existing Lightweight Directory Access Protocol (LDAP) query strings, you can use the *LDAPFilter* parameter. + +This cmdlet retrieves a default set of user object properties. +To retrieve additional properties use the _Properties_ parameter. +For more information about how to determine the properties for user objects, see the _Properties_ parameter description. + +## EXAMPLES + +### Example 1: Get all of the users in a container +```powershell +PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" +``` + +This command gets all users in the container OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 2: Get a filtered list of users +```powershell +PS C:\> Get-ADUser -Filter 'Name -like "*SvcAccount"' | Format-Table Name,SamAccountName -A +``` + +```Output +Name SamAccountName +---- -------------- +SQL01 SvcAccount SQL01 +SQL02 SvcAccount SQL02 +IIS01 SvcAccount IIS01 +``` + +This command gets all users that have a name that ends with SvcAccount. + +### Example 3: Get all of the properties for a specified user +```powershell +PS C:\> Get-ADUser -Identity ChewDavid -Properties * +``` + +```Output +Surname : David +Name : Chew David +UserPrincipalName : +GivenName : David +Enabled : False +SamAccountName : ChewDavid +ObjectClass : user +SID : S-1-5-21-2889043008-4136710315-2444824263-3544 +ObjectGUID : e1418d64-096c-4cb0-b903-ebb66562d99d +DistinguishedName : CN=Chew David,OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM +``` + +This command gets all of the properties of the user with the SAM account name ChewDavid. + +### Example 4: Get a specified user +```powershell +PS C:\> Get-ADUser -Filter "Name -eq 'ChewDavid'" -SearchBase "DC=AppNC" -Properties "mail" -Server lds.Fabrikam.com:50000 +``` + +This command gets the user with the name ChewDavid in the Active Directory Lightweight Directory Services (AD LDS) instance. + +### Example 5: Get all enabled user accounts +```powershell +C:\PS> Get-ADUser -LDAPFilter '(!userAccountControl:1.2.840.113556.1.4.803:=2)' +``` + +This command gets all enabled user accounts in Active Directory using an LDAP filter. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Specifies a query string that retrieves Active Directory objects. +This string uses the PowerShell Expression Language syntax. +The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the *Filter* parameter. +The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. +For more information about the *Filter* parameter, type `Get-Help about_ActiveDirectory_Filter`. + +Syntax: + +The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. + +\ ::= "{" \ "}" + +\ ::= \ | \ \ \ | \ \ + +\ ::= \ \ \ | "(" \ ")" + +\ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" + +\ ::= "-and" | "-or" + +\ ::= "-not" + +\ ::= \ | \ + +\::= \ by using the specified \\> + +For a list of supported types for \, type `Get-Help about_ActiveDirectory_ObjectModel`. + +Note: For String parameter type, PowerShell will cast the filter query to a string while processing the command. When using a string variable as a value in the filter component, make sure that it complies with the [PowerShell Quoting Rules](/powershell/module/microsoft.powershell.core/about/about_quoting_rules). For example, if the filter expression is double-quoted, the variable should be enclosed using single quotation marks: +**Get-ADUser -Filter "Name -like '$UserName'"**. On the contrary, if curly braces are used to enclose the filter, the variable should not be quoted at all: **Get-ADUser -Filter {Name -like $UserName}**. + +Note: PowerShell wildcards other than \*, such as ?, are not supported by the *Filter* syntax. + +Note: To query using LDAP query strings, use the *LDAPFilter* parameter. + +```yaml +Type: String +Parameter Sets: Filter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADUser +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LDAPFilter +Specifies an LDAP query string that is used to filter Active Directory objects. +You can use this parameter to run your existing LDAP queries. +The *Filter* parameter syntax supports the same functionality as the LDAP syntax. +For more information, see the *Filter* parameter description or type `Get-Help about_ActiveDirectory_Filter`. + +```yaml +Type: String +Parameter Sets: LdapFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first, and when a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Properties +Specifies the properties of the output object to retrieve from the server. +Use this parameter to retrieve properties that are not included in the default set. + +Specify properties for this parameter as a comma-separated list of names. +To display all of the attributes that are set on the object, specify * (asterisk). + +To specify an individual extended property, use the name of the property. +For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. + +To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the **Get-Member** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Property + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. + +The default is $Null. + +```yaml +Type: Int32 +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search under. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a GC port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a GC port, an error is thrown. + +```yaml +Type: String +Parameter Sets: Filter, LdapFilter +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A SearchScope with a Base value searches only for the given user. If an OU is specified in the SearchBase parameter, no user will be returned by, for example, a specified Filter statement. +A OneLevel query searches the immediate children of that path or object. This option only works when an OU is given as the SearchBase. If a user is given, no results are returned. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: Filter, LdapFilter +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADUser +A user object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADUser +Returns one or more user objects. + +This cmdlet returns a default set of **ADUser** property values. +To retrieve additional **ADUser** properties, use the *Properties* parameter. + +To get a list of the default set of properties of an **ADUser** object, use the following command: + +`Get-ADUser`\`| Get-Member` + +To get a list of the most commonly used properties of an ADUser object, use the following command: + +`Get-ADUser`\`-Properties Extended | Get-Member` + +To get a list of all the properties of an **ADUser** object, use the following command: + +`Get-ADUser`\`-Properties * | Get-Member` + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[New-ADUser](./New-ADUser.md) + +[Remove-ADUser](./Remove-ADUser.md) + +[Set-ADUser](./Set-ADUser.md) diff --git a/docset/winserver2025-ps/activedirectory/Get-ADUserResultantPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Get-ADUserResultantPasswordPolicy.md new file mode 100644 index 0000000000..4591f18043 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Get-ADUserResultantPasswordPolicy.md @@ -0,0 +1,238 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/get-aduserresultantpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-ADUserResultantPasswordPolicy +--- + +# Get-ADUserResultantPasswordPolicy + +## SYNOPSIS +Gets the resultant password policy for a user. + +## SYNTAX + +``` +Get-ADUserResultantPasswordPolicy [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Get-ADUserResultantPasswordPolicy** cmdlet gets the resultant password policy object (RSoP) for a user. +The RSoP is defined by the Active Directory attribute named **msDS-ResultantPSO**. + +A user can have multiple password policy objects (PSOs) associated with it, but only one PSO is the RSoP. +A PSO is associated with a user when the PSO applies directly to the user or when the PSO applies to an Active Directory group that contains the user. +When more than one PSO policy is associated with a user or group, the RSoP value defines the PSO to apply. + +The resultant password policy or RSoP for a user is determined by using the following procedure: + +- If only one PSO is associated with a user, this PSO is the RSoP. +- If more than one PSO is associated with a user, the PSO that applies directly to the user is the RSoP. +- If more than one PSO applies directly to the user, the PSO with the lowest **msDS-PasswordSettingsPrecedence** attribute value is the RSoP and this event is logged as a warning in the Active Directory event log. +The lowest attribute value represents the highest PSO precedence. +For example, if the **msDS-PasswordSettingsPrecedence** values of two PSOs are 100 and 200, the PSO with the attribute value of 100 is the RSoP. +- If there are no PSOs that apply directly to the user, the PSOs of the global security groups that have the user as a member are compared. +The PSO with the lowest **msDS-PasswordSettingsPrecedence** value is the RSoP. + +The *Identity* parameter specifies the Active Directory user. +You can identify a user by its distinguished name, GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the parameter to a user object variable, such as `$` or pass a user object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADUser** cmdlet to retrieve a user object and then pass the object through the pipeline to the Get-ADUserResultantPasswordPolicy cmdlet. + +## EXAMPLES + +### Example 1: Get the resultant password policy for a user +``` +PS C:\> Get-ADUserResultantPasswordPolicy -Identity BobKe +Name : DomainUsersPSO +ComplexityEnabled : True +LockoutThreshold : 10 +ReversibleEncryptionEnabled : False +LockoutDuration : 12:00:00 +LockoutObservationWindow : 00:15:00 +MinPasswordLength : 8 +Precedence : 500 +ObjectGUID : f8d2653c-9b3b-499e-b272-4c7f4268df4c +ObjectClass : msDS-PasswordSettings +PasswordHistoryCount : 24 +MinPasswordAge : 1.00:00:00 +MaxPasswordAge : 60.00:00:00 +AppliesTo : {CN=Domain Users,CN=Users,DC=FABRIKAM,DC=COM} +DistinguishedName : CN=DomainUsersPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM +``` + +This command gets the resultant password policy for the user with SAM account name BobKe. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- Security identifier (objectSid) +- SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADUser +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In AD DS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* will be set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for Partition will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADUser +A user object is received by the *Identity* parameter. + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +Returns a fine grained password policy object that represents the resultant password policy for the user. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADUser](./Get-ADUser.md) + diff --git a/docset/winserver2025-ps/activedirectory/Grant-ADAuthenticationPolicySiloAccess.md b/docset/winserver2025-ps/activedirectory/Grant-ADAuthenticationPolicySiloAccess.md new file mode 100644 index 0000000000..159c78613b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Grant-ADAuthenticationPolicySiloAccess.md @@ -0,0 +1,240 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/grant-adauthenticationpolicysiloaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Grant-ADAuthenticationPolicySiloAccess +--- + +# Grant-ADAuthenticationPolicySiloAccess + +## SYNOPSIS +Grants permission to join an authentication policy silo. + +## SYNTAX + +``` +Grant-ADAuthenticationPolicySiloAccess [-WhatIf] [-Confirm] [-Account] [-AuthType ] + [-Credential ] [-Identity] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Grant-ADAuthenticationPolicySiloAccess** cmdlet grants permission to an account to join an authentication policy silo in Active Directory® Domain Services. + +## EXAMPLES + +### Example 1: Grant access to an authentication policy silo to a user account +``` +PS C:\> Grant-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 -Account User01 +``` + +This command grants access to the authentication policy silo named AuthenticationPolicySilo01 to the user account named User01. + +### Example 2: grant access to an authentication policy silo for filter matches +``` +PS C:\> Get-ADComputer -Filter 'Name -like "NewComputer*"' | Grant-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 +``` + +This example first uses the **Get-ADComputer** cmdlet to get a list of computers that match the filter specified by the Filter parameter. +The output is then passed to the **Grant-ADAuthenticationPolicySiloAccess** cmdlet to grant access to the authentication policy silo named AuthenticationPolicySilo02. + +## PARAMETERS + +### -Account +Specifies the account to which to grant access to the authentication policy silo. +Specify the account in one of the following formats: + +- A distinguished name +- A GUID +- A security identifier +- A SAM account name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +You can also use this parameter to specify a variable that contains user, computer, and service account objects. + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an **ADAuthenticationPolicySilo** object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- A GUID +- A name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: +- A Fully qualified domain name +- A NetBIOS name + +Directory server values: +- A Fully qualified directory server name +- A NetBIOS name +- A Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount, Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Revoke-ADAuthenticationPolicySiloAccess](./Revoke-ADAuthenticationPolicySiloAccess.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Install-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Install-ADServiceAccount.md new file mode 100644 index 0000000000..4babba0ef8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Install-ADServiceAccount.md @@ -0,0 +1,245 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/install-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-ADServiceAccount +--- + +# Install-ADServiceAccount + +## SYNOPSIS +Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer. + +## SYNTAX + +``` +Install-ADServiceAccount [-WhatIf] [-Confirm] [-AccountPassword ] [-AuthType ] + [-Force] [-Identity] [-PromptForPassword] [] +``` + +## DESCRIPTION +The **Install-ADServiceAccount** cmdlet installs an existing Active Directory managed service account on the computer on which the cmdlet is run. +This cmdlet verifies that the computer is eligible to host the managed service account. +The cmdlet also makes the required changes locally so that the managed service account password can be managed without requiring any user action. + +The *Identity* parameter specifies the Active Directory managed service account to install. +You can identify a managed service account by its distinguished name, GUID, security identifier (SID), or security accounts manager (SAM) account name. +You can also set the parameter to a managed service account object variable, such as `$` or pass a managed service account object through the pipeline to the *Identity* parameter. +For example, you can use Get-ADServiceAccount to get a managed service account object and then pass the object through the pipeline to the Install-ADServiceAccount. + +The *AccountPassword* parameter allows you to pass a secure string that contains the password of a standalone managed service account and is ignored for group managed service accounts. +Alternatively, you can use *PromptForPassword* parameter to prompt for the standalone managed service account password. +You must enter the password of a standalone managed service account if you want to install an account that you have provisioned. +This is required when you are installing a standalone managed service account on a server located on a segmented network (site) with read-only domain controllers (for example, a perimeter network or DMZ). +In this case you should create the standalone managed service account, link it with the appropriate computer account, and assign a well-known password that must be passed when installing the standalone managed service account on the server on the read-only domain controller site. +If you pass both *AccountPassword* and *PromptForPassword* parameters, the *AccountPassword* parameter takes precedence. + +## EXAMPLES + +### Example 1: Install a managed service account on the local computer +``` +PS C:\> Install-ADServiceAccount -Identity 'SQL-HR-svc-01' +``` + +This command installs a managed service account with name SQL-HR-svc-01 on the local computer. +If a group managed service account is used, the service account must have the **PrincipalsAllowedToRetrieveManagedPassword** property set. + +### Example 2: Get a managed service account and install it on the local computer +``` +PS C:\> $Account = Get-ADServiceAccount -Filter "Name -eq 'SQL-HR-svc-01'" +PS C:\> Install-ADServiceAccount $Account +``` + +This command gets a managed service account with name SQL-HR-svc-01 from the default directory and installs it on the local computer. +If a group managed service account is used, the service account must have the **PrincipalsAllowedToRetrieveManagedPassword** property set. + +### Example 3: Install a standalone managed service account for a read-only domain controller site +``` +PS C:\> Install-ADServiceAccount -Identity 'SQL-HR-svc-01' -PromptForPassword +Please enter the current password for 'CN=SQL-HR-svc-01,CN=Managed Service Accounts,DC=contoso,DC=com' +Password: ******* +``` + +This command installs a standalone managed service account identified as SQL-HR-svc-01 in a read-only domain controller site. +If a group managed service account is used, the service account must have the **PrincipalsAllowedToRetrieveManagedPassword** property set. + +### Example 4: Install a standalone managed service account with the specified password +``` +PS C:\> Install-ADServiceAccount -Identity 'SQL-HR-svc-01' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) +``` + +This command installs a standalone managed service account with the name SQL-HR-svc-01 in a read-only domain controller site, and passes the account password as a secure string. +If a group managed service account is used, the service account must have the **PrincipalsAllowedToRetrieveManagedPassword** property set. + +## PARAMETERS + +### -AccountPassword +Specifies the account password as a secure string. +This parameter enables you to specify the password of a standalone managed service account that you have provisioned and is ignored for group managed service accounts. +This is required when you are installing a standalone managed service account on a server located on a segmented network (site) with read-only domain controllers (for example, a perimeter network or DMZ). +In this case you should create the standalone managed service account, link it with the appropriate computer account, and assign a well-known password that must be passed when installing the standalone managed service account on the server on the read-only domain controller site with no access to writable domain controllers. +If you pass both *AccountPassword* and *PromptForPassword* parameters, the *AccountPassword* parameter takes precedence. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +Possible values for this parameter include: The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces installation of the service account. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A security accounts manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PromptForPassword +Indicates that you can enter the password of a standalone managed service account that you have pre-provisioned and ignored for group managed service accounts. +This is required when you are installing a standalone managed service account on a server located on a segmented network (site) with no access to writable domain controllers, but only read-only domain controllers (RODCs) (e.g. +perimeter network or DMZ). +In this case you should create the standalone managed service account, link it with the appropriate computer account, and assign a well-known password that must be passed when installing the standalone managed service account on the server on the RODC-only site. +If you pass both *AccountPassword* and *PromptForPassword* parameters the *AccountPassword* parameter takes precedence. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet must be run from an elevated PowerShell session. +* To successfully install a managed service account, the service account should have the *PrincipalsAllowedToRetrieveManagedPassword* parameter option set first by using either the New-ADServiceAccount or Set-ADServiceAccount cmdlet first. Otherwise, installation will fail. + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Reset-ADServiceAccountPassword](./Reset-ADServiceAccountPassword.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) diff --git a/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServer.md b/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServer.md new file mode 100644 index 0000000000..3b93d14292 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServer.md @@ -0,0 +1,252 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/move-addirectoryserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Move-ADDirectoryServer +--- + +# Move-ADDirectoryServer + +## SYNOPSIS +Moves a directory server in Active Directory to a new site. + +## SYNTAX + +``` +Move-ADDirectoryServer [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [-Site] [] +``` + +## DESCRIPTION +The **Move-ADDirectoryServer** cmdlet moves a directory server in Active Directory to a new site within the same domain. + +The *Identity* parameter specifies the directory server to move. +You can specify a directory server object by one of the following values: + +- Name of the server object (name) +- A distinguished name of the NTDS Settings object +- A distinguished name of the server object that represents the directory server +- GUID (objectGUID) of server object under the configuration partition +- GUID (objectGUID) of NTDS settings object under the configuration partition + +You can also set the *Identity* parameter to a directory server object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADDomainController** cmdlet to get a directory server object and then pass that object through the pipeline to the **Move-ADDirectoryServer** cmdlet. + +The *Site* parameter specifies the new site for the directory server. +You can identify a site by its distinguished name or GUID. + +## EXAMPLES + +### Example 1: Move a domain controller to an existing site +``` +PS C:\> Move-ADDirectoryServer -Identity "USER01-DC2" -Site "Branch-Office-Site" +``` + +This command moves the domain controller USER01-DC2 to the site Branch-Office-Site. + +### Example 2: Move read-only domain controllers to an existing site +``` +PS C:\> Get-ADDomainController -Filter "IsReadOnly -eq `$True" | Move-ADDirectoryServer -Site "RODC-Site-Name" +``` + +This command moves all Read-Only domain controllers to the site RODC-Site-Name. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory server object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. + +- Name of the server object (name) + +For Active Directory Lightweight Directory Services (AD LDS) instances the syntax is of a name is `$` + +Note: When you type this value in Windows PowerShell, you must use the backtick (\`) as an escape character for the dollar sign ($), for example, *asia-w7-vm4`$instance1*. + +For other Active Directory instances, use the value of the name property. + +- A distinguished Name of the NTDS Settings object +- A distinguished name of the server object that represents the directory server +- GUID (objectGUID) of server object under the configuration partition +- GUID (objectGUID) of NTDS settings object under the configuration partition + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDirectoryServer +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Site +Specifies the new site for the directory server. +You can identify the site by one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A name (name) + +```yaml +Type: ADReplicationSite +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDirectoryServer +A directory server object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + + +## RELATED LINKS + +[Move-ADDirectoryServerOperationMasterRole](./Move-ADDirectoryServerOperationMasterRole.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServerOperationMasterRole.md b/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServerOperationMasterRole.md new file mode 100644 index 0000000000..7cdf5a1da1 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Move-ADDirectoryServerOperationMasterRole.md @@ -0,0 +1,335 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/move-addirectoryserveroperationmasterrole?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Move-ADDirectoryServerOperationMasterRole +--- + +# Move-ADDirectoryServerOperationMasterRole + +## SYNOPSIS +Moves operation master roles to an Active Directory directory server. + +## SYNTAX + +``` +Move-ADDirectoryServerOperationMasterRole [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Force] [-Identity] + [-OperationMasterRole] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Move-ADDirectoryServerOperationMasterRole** cmdlet moves one or more operation master roles to a directory server. +You can move operation master roles to a directory server in a different domain if the credentials are the same in both domains. + +The *Identity* parameter specifies the directory server that receives the roles. +You can specify a directory server object by one of the following values: + +- Name of the server object (name) +- The distinguished name of the NTDS Settings object +- The distinguished name of the server object that represents the directory server +- GUID (objectGUID) of server object under the configuration partition +- GUID (objectGUID) of NTDS settings object under the configuration partition + +For Active Directory Lightweight Directory Services (AD LDS) instances the syntax for the server object name is `$`. +The following is an example of this syntax: + +`asia-w7-vm4$instance1` + +When you type this value in Windows PowerShell, you must use the backtick (\`) as an escape character for the dollar sign ($). +Therefore, for this example, you would type the following: + +*asia-w7-vm4\`$instance1* + +You can also set the parameter to a directory server object variable, such as `$`. + +The **Move-ADDirectoryServerOperationMasterRole** cmdlet provides two options for moving operation master roles: + +**Role transfer**, which involves transferring roles to be moved by running the cmdlet using the *Identity* parameter to specify the current role holder and the *OperationMasterRole* parameter to specify the roles for transfer. +This is the recommended option. + +Operation roles include PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, or DomainNamingMaster. +To specify more than one role, use a comma-separated list. + +**Role seizure**, which involves seizing roles you previously attempted to transfer by running the cmdlet a second time using the same parameters as the transfer operation, and adding the *Force* parameter. +The *Force* parameter must be used as a switch to indicate that seizure, instead of transfer, of operation master roles is being performed. +This operation still attempts graceful transfer first, then seizes if transfer is not possible. + +Unlike using Ntdsutil.exe to move operation master roles, the **Move-ADDirectoryServerOperationMasterRole** cmdlet can be remotely executed from any domain joined computer where the Active Directory module for Windows PowerShell administration module is installed and available for use. +This can make the process of moving roles simpler and easier to centrally administer as each of the two command operations required can be run remotely and do not have to be locally executed at each of the corresponding role holders involved in the movement of the roles, for instance, role transfer only allowed at the old role holder, role seizure only allowed at the new role holder. + +## EXAMPLES + +### Example 1: Move a PDC emulator to a domain controller +``` +PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity "USER01-DC1" -OperationMasterRole PDCEmulator +``` + +This command moves the primary domain controller (PDC) Emulator role to the domain controller USER01-DC1. + +### Example 2: Move the PDC emulator and schema master roles to a domain controller +``` +PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity "USER02-DC2" -OperationMasterRole PDCEmulator,SchemaMaster +``` + +This command moves the PDC Emulator and schema master roles to the domain controller USER02-DC2. + +### Example 3: Move the schema master FSMO owner to the AD LDS instance on a server +``` +PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity User03-DC`$instance1 -OperationMasterRole schemaMaster -Server User03-DC:50000 +``` + +This command moves the schema master flexible single master operations (FSMO) owner to the AD LDS instance instance1 on the server User03-DC. + +### Example 4: Seize specific roles for a specified user +``` +PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity USER04-DC1 -OperationMasterRole RIDMaster,InfrastructureMaster,DomainNamingMaster -Force +``` + +This command seizes the roles RID master, infrastructure master, and domain naming master. + +### Example 5: Transfer roles to a specific domain controller +``` +PS C:\> $Server = Get-ADDomainController -Identity "TK5-CORP-DC-10.fabrikam.com" +PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $Server -OperationMasterRole SchemaMaster,DomainNamingMaster,PDCEmulator,RIDMaster,InfrastructureMaster +``` + +This command transfers the FSMO role to the specified domain controller. +When using the fully qualified domain name (FQDN) to identify the domain controller, the **Get-ADDomainController** cmdlet must be used first as a preliminary step. +There is a known issue where the **Move-ADDirectoryServerOperationMasterRole** cmdlet fails when an FQDN is specified directly as the value of the *Identity* parameter. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Indicates that the cmdlet is used for seize operations on domain controllers with the flexible single master operations (FSMO) role. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory server object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. + +- Name of the server object (name) + +For Active Directory Lightweight Directory Services (AD LDS) instances the syntax is of a name is `$`. + +Note: When you type this value in Windows PowerShell, you must use the backtick (\`) as an escape character for the dollar sign ($). +For instance, *asia-w7-vm4\`$instance1*. + +For other Active Directory instances, use the value of the name property. + +- The distinguished name of the NTDS Settings object +- The distinguished name of the server object that represents the directory server +- GUID (objectGUID) of server object under the configuration partition +- GUID (objectGUID) of NTDS settings object under the configuration partition + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDirectoryServer +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -OperationMasterRole +Specifies one or more operation master roles to move to the specified directory server in Active Directory Domain Services. +The acceptable values for this parameter are: + +- PDCEmulator or 0 +- RIDMaster or 1 +- InfrastructureMaster or 2 +- SchemaMaster or 3 +- DomainNamingMaster or 4 + +To specify multiple operation master roles, use a comma-separated list. + +```yaml +Type: ADOperationMasterRole[] +Parameter Sets: (All) +Aliases: +Accepted values: PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, DomainNamingMaster + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDirectoryServer +A directory server object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDirectoryServer +Returns the modified directory server object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Move-ADDirectoryServer](./Move-ADDirectoryServer.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Move-ADObject.md b/docset/winserver2025-ps/activedirectory/Move-ADObject.md new file mode 100644 index 0000000000..62f66796fd --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Move-ADObject.md @@ -0,0 +1,365 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/move-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Move-ADObject +--- + +# Move-ADObject + +## SYNOPSIS +Moves an Active Directory object or a container of objects to a different container or domain. + +## SYNTAX + +``` +Move-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-PassThru] [-Server ] [-TargetPath] [-TargetServer ] + [] +``` + +## DESCRIPTION +The **Move-ADObject** cmdlet moves an object or a container of objects from one container to another or from one domain to another within the same forest. + +When an object is moved between domains, both the source DC and the target DC need to be the RID Master of their domains. If a different DC is being used, you will receive the following error: + +move-adobject : The requested operation could not be performed because the directory service is not the master for that type of operation + +The *Identity* parameter specifies the Active Directory object or container to move. +You can identify an object or container by its distinguished name or GUID. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADObject** cmdlet to retrieve an object and then pass the object through the pipeline to the Move-ADObject cmdlet. +You can also use the **Get-ADGroup**, **Get-ADUser**, **Get-ADComputer**, **Get-ADServiceAccount**, **Get-ADOrganizationalUnit**, and **Get-ADFineGrainedPasswordPolicy** cmdlets to get an object that you can pass through the pipeline to this cmdlet. + +The *TargetPath* parameter must be specified. +This parameter identifies the new location for the object or container. + +The cmdlet also moves the password when a user or computer object is moved across domains within a forest. + + +## EXAMPLES + +### Example 1: Move an OU to a new location +``` +PS C:\> Move-ADObject -Identity "OU=ManagedGroups,DC=Fabrikam,DC=Com" -TargetPath "OU=Managed,DC=Fabrikam,DC=Com" +``` + +This command moves the organizational unit (OU) ManagedGroups to a new location. +The OU ManagedGroups must not be protected from accidental deletion for the successful move. + +### Example 2: Move an object to a new location +``` +PS C:\> Move-ADObject -Identity "8d0bcc44-c826-4dd8-af5c-2c69960fbd47" -TargetPath "OU=Managed,DC=Fabrikam,DC=Com" +``` + +This command moves the object identified by the specified GUID to the new location. + +### Example 3: Move an object to a location specified by GUID +``` +PS C:\> Move-ADObject -Identity "8d0bcc44-c826-4dd8-af5c-2c69960fbd47" -TargetPath "1c2ea8a8-c2b7-4a87-8190-0e8a166aee16" +``` + +This command moves an object to a new location. +Both the object and the target path are specified using GUIDs. + +### Example 4: Move an object specified by distinguished name +``` +PS C:\> Move-ADObject -Identity "CN=Peter Bankov,OU=Accounting,DC=Fabrikam,DC=com" -TargetPath "OU=Accounting,DC=Europe,DC=Fabrikam,DC=com" -TargetServer "server01.europe.fabrikam.com" +``` + +This command moves an object with the distinguished name CN=Peter Bankov,OU=Accounting,DC=Fabrikam,DC=com to a different domain. + +### Example 5: Move an object in an AD LDS instance +``` +PS C:\> Move-ADObject -Identity "CN=AccountLeads,DC=AppNC" -TargetPath "OU=AccountDeptOU,DC=AppNC" -Server "FABRIKAM-SRV1:60000" +``` + +This command moves an object to a new location in an AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, the Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetPath +Specifies the new location for the object. +This location must be the path to a container or organizational unit. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetServer +Specifies the Active Directory instance to use by providing the following value for a corresponding domain name or directory server. + +Note: A cross-domain move requires a fully qualified server name and the use of the RID Master in both domains. + +Domain name values: + +- Fully qualified domain name (FQDN) + +Directory server values: + +- Fully qualified directory server name +- Fully qualified directory server name and port + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.AObject +An Active Directory object is received by the *Identity* parameter. +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + +[Sync-ADObject](./Sync-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicy.md b/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicy.md new file mode 100644 index 0000000000..1febf540e6 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicy.md @@ -0,0 +1,488 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADAuthenticationPolicy +--- + +# New-ADAuthenticationPolicy + +## SYNOPSIS +Creates an Active Directory Domain Services authentication policy object. + +## SYNTAX + +``` +New-ADAuthenticationPolicy [-WhatIf] [-Confirm] [-AuthType ] + [-ComputerAllowedToAuthenticateTo ] [-ComputerTGTLifetimeMins ] [-Credential ] + [-Description ] [-Enforce] [-Instance ] [-Name] + [-OtherAttributes ] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-RollingNTLMSecret ] [-Server ] [-ServiceAllowedToAuthenticateFrom ] + [-ServiceAllowedToAuthenticateTo ] [-ServiceAllowedNTLMNetworkAuthentication] + [-ServiceTGTLifetimeMins ] [-UserAllowedToAuthenticateFrom ] + [-UserAllowedToAuthenticateTo ] [-UserAllowedNTLMNetworkAuthentication] [-UserTGTLifetimeMins ] + [] +``` + +## DESCRIPTION +The **New-ADAuthenticationPolicy** creates an authentication policy object in Active Directory® Domain Services. + +Commonly used attributes of the object can be specified by the parameters of this cmdlet. +To set attributes for the object that are not represented by the parameters of this cmdlet, specify the *OtherAttributes* parameter. + +You can use the pipeline operator and the Import-Csv cmdlet to pass a list for bulk creation of objects in the directory. +You can also specify a template object by using the *Instance* parameter to create objects from a template. + +## EXAMPLES + +### Example 1: Create an authentication policy with a user TGT lifetime +``` +PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy01" -UserTGTLifetimeMins 60 +``` + +This command creates an authentication policy object named AuthenticationPolicy01 and sets the TGT lifetime for a user account to 60 minutes. +Because the *Enforce* parameter is not specified, the authentication policy created is in audit mode. + +### Example 2: Create an enforced authentication policy +``` +PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy02" -Enforce +``` + +This command creates an authentication policy named AuthenticationPolicy02 and enforces it by specifying the *Enforce* parameter. + +### Example 3: Create an authentication policy +``` +PS C:\> New-ADAuthenticationPolicy -Name "TestAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\someFile.txt).sddl +``` + +This command creates an authentication policy named TestAuthenticationPolicy. +The *UserAllowedToAuthenticationFrom* parameter specifies the devices from which users are allowed to authenticate by an SDDL string in the file named someFile.txt. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerAllowedToAuthenticateTo +Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ComputerTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the object. +This parameter sets the value of the description property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enforce +Indicates that the authentication policy is enforced. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an **ADAuthenticationPolicy** object to use as a template for a new **ADAuthenticationPolicy**object. +To get the **ADAuthenticationPolicy** object to use as a template, use the **Get-ADAuthenticationPolicy** cmdlet. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory Domain Services object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies a list of object attribute values for attributes that are not represented by other parameters. +You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. +To identify an attribute, specify the LDAPDisplayName (**ldapDisplayName**) defined for it in the Active Directory Domain Services schema. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Indicates whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RollingNTLMSecret +Beginning with Windows 10, version 1703, this feature is deprecated and should not be configured in Active Directory. + +```yaml +Type: ADStrongNTLMPolicyType +Parameter Sets: (All) +Aliases: +Accepted values: Disabled, Optional, Required + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAllowedNTLMNetworkAuthentication +Specifies that the policy allows NTLM network authentication if the service account has an access control expression specified by the *ServiceAllowedToAuthenticateFrom* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAllowedToAuthenticateFrom +Specifies an access control expression used to determine from which devices the service can authenticate. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAllowedToAuthenticateTo +Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable TGTs for service accounts. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserAllowedNTLMNetworkAuthentication +Indicates that the policy allows NTLM network authentication if the user account has an access control expression specified by the *UserAllowedToAuthenticateFrom* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserAllowedToAuthenticateFrom +Specifies an access control expression used to determine from which devices the users can authenticate. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserAllowedToAuthenticateTo +Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable TGTs for user accounts. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String: System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], System.Management.Automation.SwitchParameter: System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicy](./Get-ADAuthenticationPolicy.md) + +[Remove-ADAuthenticationPolicy](./Remove-ADAuthenticationPolicy.md) + +[Set-ADAuthenticationPolicy](./Set-ADAuthenticationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicySilo.md b/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicySilo.md new file mode 100644 index 0000000000..bea5ef2cbc --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADAuthenticationPolicySilo.md @@ -0,0 +1,349 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adauthenticationpolicysilo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADAuthenticationPolicySilo +--- + +# New-ADAuthenticationPolicySilo + +## SYNOPSIS +Creates an Active Directory Domain Services authentication policy silo object. + +## SYNTAX + +``` +New-ADAuthenticationPolicySilo [-WhatIf] [-Confirm] [-AuthType ] + [-ComputerAuthenticationPolicy ] [-Credential ] [-Description ] + [-Enforce] [-Instance ] [-Name] [-OtherAttributes ] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-Server ] + [-ServiceAuthenticationPolicy ] [-UserAuthenticationPolicy ] + [] +``` + +## DESCRIPTION +The **New-ADAuthenticationPolicySilo** cmdlet creates an authentication policy silo object in Active Directory® Domain Services. + +## EXAMPLES + +### Example 1: Create an authentication policy silo and enforce it +``` +PS C:\> New-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo01 -Enforce +``` + +This command creates an authentication policy silo object and enforces it. + +### Example 2: Create an authentication policy silo without enforcement +``` +PS C:\> New-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo02 +``` + +This command creates an authentication policy silo object but does not enforce it. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerAuthenticationPolicy +Specifies the authentication policy that applies to computer accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the object. +This parameter sets the value of the description property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enforce +Indicates that the authentication policy silo is enforced. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an **ADAuthenticationPolicySilo** object to use as a template for a new **ADAuthenticationPolicySilo** object. +To get the **ADAuthenticationPolicySilo** object to use as a template, use the Get-ADAuthenticationPolicySilo cmdlet. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory Domain Services object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies a list of object attribute values for attributes that are not represented by other parameters. +You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory Domain Services schema. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Indicates whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAuthenticationPolicy +Specifies the authentication policy that applies to managed service accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserAuthenticationPolicy +Specifies the authentication policy that applies to user accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy, System.String, System.Management.Automation.SwitchParameter: System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicySilo](./Get-ADAuthenticationPolicySilo.md) + +[Remove-ADAuthenticationPolicySilo](./Remove-ADAuthenticationPolicySilo.md) + +[Set-ADAuthenticationPolicySilo](./Set-ADAuthenticationPolicySilo.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADCentralAccessPolicy.md b/docset/winserver2025-ps/activedirectory/New-ADCentralAccessPolicy.md new file mode 100644 index 0000000000..a1121cb2a9 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADCentralAccessPolicy.md @@ -0,0 +1,319 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adcentralaccesspolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADCentralAccessPolicy +--- + +# New-ADCentralAccessPolicy + +## SYNOPSIS +Creates a new central access policy in Active Directory containing a set of central access rules. + +## SYNTAX + +``` +New-ADCentralAccessPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Description ] [-Instance ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Server ] [] +``` + +## DESCRIPTION +The **New-ADCentralAccessPolicy** cmdlet creates a new central access policy in Active Directory. +A central access policy in Active Directory contains a set of central access rules. + +## EXAMPLES + +### Example 1: Create a central access policy with a resource condition +``` +PS C:\> $DepartmentResourceProperty = Get-ADResourceProperty -Identity Department +PS C:\> $ResourceCondition = "(@RESOURCE." + $DepartmentResourceProperty.Name + " Contains {`"Finance`"})" +PS C:\> New-ADCentralAccessRule -Name "Finance Documents Rule" -ResourceCondition $ResourceCondition +``` + +This command creates a central access rule named Finance Documents Rule with a new resource condition. +The resource condition scopes the resources to ones containing the value Finance in their Department resource property. + +### Example 2: Create a central access policy with a resource condition and new permissions +``` +PS C:\> $CountryClaimType = Get-ADClaimType -Identity Country +PS C:\> $DepartmentClaimType = Get-ADClaimType -Identity Department +PS C:\> $CountryResourceProperty = Get-ADResourceProperty -Identity Country +PS C:\> $DepartmentResourceProperty = Get-ADResourceProperty -Identity Department +PS C:\> $FinanceException = Get-ADGroup -Identity FinanceException +PS C:\> $FinanceAdmin = Get-ADGroup -Identity FinanceAdmin +PS C:\> $ResourceCondition = "(@RESOURCE." + $DepartmentResourceProperty.Name + " Contains {`"Finance`"})" +PS C:\> $CurrentAcl = "O:SYG:SYD:AR(A;;FA;;;OW)(A;;FA;;;BA)(A;;0x1200a9;;;" + $FinanceException.SID.Value + ")(A;;0x1301bf;;;" + $FinanceAdmin.SID.Value + ")(A;;FA;;;SY)(XA;;0x1200a9;;;AU;((@USER." + $CountryClaimType.Name + " Any_of @RESOURCE." + $CountryResourceProperty.Name + ") && (@USER." + $DepartmentClaimType.Name + " Any_of @RESOURCE." + $DepartmentResourceProperty.Name + ")))" +PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $ResourceCondition -CurrentAcl $CurrentAcl +``` + +This command creates a central access rule named Finance Documents Rule with a new resource condition and new permissions. + +The new rule specifies that documents should only be read by members of the Finance department. +Members of the Finance department should only be able to access documents in their own country/region. +Only Finance Administrators should have write access. +The rule allows an exception for members of the FinanceException group. +This group will have read access. + +Targeting: + +- Resource.Department Contains Finance + +Access rules: + +- Allow Read User.Country=Resource.Country AND User.department = Resource.Department +- Allow Full control User.MemberOf(FinanceAdmin) +- Allow Read User.Country=Resource.Country AND User.department = Resource.DepartmentAllow Read User.MemberOf(FinanceException) + +### Example 3: Create a central access policy using properties from an existing Active Directory object +``` +PS C:\> Get-ADCentralAccessPolicy -Identity "Finance Policy" | New-ADCentralAccessPolicy -Name "Human Resources Policy" -Description "For the Human Resources Department." +``` + +This command creates a central access policy named Human Resources Policy using the property values from Finance Policy, and set the description to For the Human Resources Department. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. + +You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing Active Directory object as a template for a new object. +To retrieve an instance of an existing Active Directory object, use a cmdlet such as **Get-ADObject**. +Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADObject** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADObject** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADCentralAccessPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +An Active Directory object that is a template for the new object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +Returns the new central access policy object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADCentralAccessPolicy](./Get-ADCentralAccessPolicy.md) + +[Remove-ADCentralAccessPolicy](./Remove-ADCentralAccessPolicy.md) + +[Set-ADCentralAccessPolicy](./Set-ADCentralAccessPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADCentralAccessRule.md b/docset/winserver2025-ps/activedirectory/New-ADCentralAccessRule.md new file mode 100644 index 0000000000..e9c8780595 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADCentralAccessRule.md @@ -0,0 +1,323 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adcentralaccessrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADCentralAccessRule +--- + +# New-ADCentralAccessRule + +## SYNOPSIS +Creates a central access rule in Active Directory. + +## SYNTAX + +``` +New-ADCentralAccessRule [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-CurrentAcl ] [-Description ] [-Instance ] [-Name] [-PassThru] + [-ProposedAcl ] [-ProtectedFromAccidentalDeletion ] [-ResourceCondition ] + [-Server ] [] +``` + +## DESCRIPTION +The **New-ADCentralAccessRule** cmdlet creates a central access rule in Active Directory. + +## EXAMPLES + +### Example 1: Create a new named central access rule +``` +PS C:\> New-ADCentralAccessRule -Name "Finance Documents Rule" +``` + +This command creates a new central access rule named Finance Documents Rule. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CurrentAcl +Specifies the currently effective access control list of the rule. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. + +You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing Active Directory object as a template for a new object. +To retrieve an instance of an existing Active Directory object, use a cmdlet such as **Get-ADObject**. +Then provide this object to the *Instance* parameter of the New-ADObject cmdlet to create a new Active Directory object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADObject** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the New-ADObject cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADCentralAccessRule +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProposedAcl +This parameter specifies the proposed accessed control list of the rule. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceCondition +This parameter specifies the resource condition of the rule. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessRule +An Active Directory object that is a template for the new object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessRule +Returns the new central access rule object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADCentralAccessRule](./Get-ADCentralAccessRule.md) + +[Remove-ADCentralAccessRule](./Remove-ADCentralAccessRule.md) + +[Set-ADCentralAccessRule](./Set-ADCentralAccessRule.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADClaimTransformPolicy.md b/docset/winserver2025-ps/activedirectory/New-ADClaimTransformPolicy.md new file mode 100644 index 0000000000..cf1158eedc --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADClaimTransformPolicy.md @@ -0,0 +1,410 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adclaimtransformpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADClaimTransformPolicy +--- + +# New-ADClaimTransformPolicy + +## SYNOPSIS +Creates a new claim transformation policy object in Active Directory. + +## SYNTAX + +### AllowAll +``` +New-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AllowAll] [-AuthType ] + [-Credential ] [-Description ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Server ] [] +``` + +### AllowAllExcept +``` +New-ADClaimTransformPolicy [-WhatIf] [-Confirm] -AllowAllExcept [-AuthType ] + [-Credential ] [-Description ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Server ] [] +``` + +### DenyAll +``` +New-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-DenyAll] [-Description ] [-Name] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Server ] [] +``` + +### DenyAllExcept +``` +New-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -DenyAllExcept [-Description ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Server ] [] +``` + +### Identity +``` +New-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Description ] [-Instance ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] -Rule [-Server ] [] +``` + +## DESCRIPTION +The **New-ADClaimTransformPolicy** cmdlet creates a new claims transformation policy object in Active Directory. +A claims transformation policy object contains a set of rules authored in the transformation rule language. +After creating a policy object, you can link it with a forest trust to apply the claims transformation to the trust. + +## EXAMPLES + +### Example 1: Create a new claims transformation policy by name that denies all claims +``` +PS C:\> New-ADClaimTransformPolicy -Name "DenyAllPolicy" -DenyAll +``` + +This command creates a new claims transformation policy named DenyAllPolicy that denies all claims, both those that are sent as well as those that are received. + +### Example 2: Create a new claim transformation policy by name with exclusions +``` +PS C:\> New-ADClaimTransformPolicy -Name "AllowAllExceptCompanyAndDepartmentPolicy" -AllowAllExcept Company,Department +``` + +This command creates a new claims transformation policy named AllowAllExceptCompanyAndDepartmentPolicy that allows all claims to be sent or received except for the claims Company and Department. + +### Example 3: Create a new claim transformation policy that changes an existing name to a new name +``` +PS C:\> New-ADClaimTransformPolicy -Name "HumanResourcesToHrPolicy" -Rule 'C1:[Type=="ad://ext/Department:88ceb0fe88a125db", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);' +``` + +This command creates a new claims transformation policy named HumanResourcesToHrPolicy that transforms the value Human Resources to HR in the claim Department. + +### Example 4: Create a new claims transformation policy by name using a rule specified in a file +``` +PS C:\> $Rule = Get-Content C:\rule.txt +PS C:\> New-ADClaimTransformPolicy -Name "MyRule" -Rule $Rule +``` + +This example creates a claims transformation policy named MyRule with the rule specified in C:\rule.txt. + +## PARAMETERS + +### -AllowAll +Indicates that the policy sets a claims transformation rule that would allow all claims to be sent or received. + +```yaml +Type: SwitchParameter +Parameter Sets: AllowAll +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllowAllExcept +Specifies an array of claim types. +When this parameter is specified, the policy sets a claims transformation rule that would allow all claims to be sent or received except for the specified claim types. + +```yaml +Type: ADClaimType[] +Parameter Sets: AllowAllExcept +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +You will be prompted for a password if you type a user name. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyAll +Indicates that the policy sets a claims transformation rule that would deny all claims to be sent or received. + +```yaml +Type: SwitchParameter +Parameter Sets: DenyAll +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DenyAllExcept +Specifies an array of claim types. +When this parameter is specified, the policy sets a claims transformation rule that would deny all claims to be sent or received except for the specified claim types. + +```yaml +Type: ADClaimType[] +Parameter Sets: DenyAllExcept +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object. + +You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing claims transformation policy object as a template for a new object. +To retrieve an instance of an existing claims transformation policy object, use the Get-ADClaimTransformPolicy cmdlet. +Then provide this object to the *Instance* parameter of the **New-ADClaimTransformPolicy** cmdlet to create a new claims transformation policy object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADClaimsTransformationPolicy** object and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the Instance parameter of the **New-ADClaimTransformPolicy** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADClaimTransformPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Rule +Specifies the claims transformation rule. +To specify the rule, you can either (1) type the rule in a text file, and then pass the file to the cmdlet (recommended), or (2) type the rule inline. + +For instance, the following commands demonstrate how to create a new claims transformation policy object with the rule specified in a text file named Rule.txt located in a temporary folder C:\temp. + +`$Rule = Get-Content C:\temp\rule.txt` + +`New-ADClaimTransformPolicy MyRule -Rule $Rule` + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +Specifies a claims transformation policy object that is a template for the new claims transformation policy object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADClaimTransformPolicy](./Get-ADClaimTransformPolicy.md) + +[Remove-ADClaimTransformPolicy](./Remove-ADClaimTransformPolicy.md) + +[Set-ADClaimTransformPolicy](./Set-ADClaimTransformPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADClaimType.md b/docset/winserver2025-ps/activedirectory/New-ADClaimType.md new file mode 100644 index 0000000000..0346a8f184 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADClaimType.md @@ -0,0 +1,567 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adclaimtype?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADClaimType +--- + +# New-ADClaimType + +## SYNOPSIS +Creates a new claim type in Active Directory. + +## SYNTAX + +### SourceAttribute (Default) +``` +New-ADClaimType [-WhatIf] [-Confirm] [-AppliesToClasses ] [-AuthType ] + [-Credential ] [-Description ] [-DisplayName] [-Enabled ] + [-ID ] [-Instance ] [-IsSingleValued ] [-OtherAttributes ] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-RestrictValues ] [-Server ] + -SourceAttribute [-SuggestedValues ] [] +``` + +### SourceOID +``` +New-ADClaimType [-WhatIf] [-Confirm] [-AppliesToClasses ] [-AuthType ] + [-Credential ] [-Description ] [-DisplayName] [-Enabled ] + [-ID ] [-Instance ] [-IsSingleValued ] [-OtherAttributes ] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-RestrictValues ] [-Server ] + -SourceOID [] +``` + +### SourceTransformPolicy +``` +New-ADClaimType [-WhatIf] [-Confirm] [-AppliesToClasses ] [-AuthType ] + [-Credential ] [-Description ] [-DisplayName] [-Enabled ] + [-ID ] [-Instance ] [-IsSingleValued ] [-OtherAttributes ] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-RestrictValues ] [-Server ] + [-SourceTransformPolicy] [-SuggestedValues ] -ValueType + [] +``` + +## DESCRIPTION +The **New-ADClaimType** cmdlet creates a new claim type in Active Directory. + +## EXAMPLES + +### Example 1: Create a new user claim type with a display name +``` +PS C:\> New-ADClaimType -DisplayName "Title" -SourceAttribute "title" +``` + +This command creates a new user claim type with display name Title that is sourced from the Active Directory attribute **Title**. + +### Example 2: Create a new user claim type with a display name +``` +PS C:\> $FullTime = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("FTE", "Full-Time", "Full-time employee") +PS C:\> $Intern = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Intern", "Intern", "Student employee") +PS C:\> $Contractor = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Contractor", "Contractor", "Contract employee") +PS C:\> New-ADClaimType -DisplayName "Employee Type" -SourceAttribute "employeeType" -SuggestedValues $FullTime,$Intern,$Contractor +``` + +This example creates a new user claim type with display name Employee Type that is sourced from the Active Directory attribute **employeeType**. +The suggested values are set to FTE, Intern, and Contractor. +Applications using this claim type would allow their users to specify one of the suggested values as this claim type's value. + +### Example 3: Create a new device claim type with a display name with the source destination +``` +PS C:\> New-ADClaimType -DisplayName "Bitlocker Enabled" -SourceOID "1.3.6.1.4.1.311.67.1.1" -Enabled $False +``` + +This command creates a new device claim type with display name Bitlocker Enabled with the source OID 1.3.6.1.4.1.311.67.1.1. +The claim type set to disabled. + +### Example 4: Create a new user claim type with a display name that is sourced from an Active Directory attribute +``` +PS C:\> New-ADClaimType -DisplayName "Title" -SourceAttribute "title" -ID "ad://ext/title" +``` + +This command creates a new user claim type with display name Title that is sourced from the Active Directory attribute **Title** and ID set to ad://ext/title. + +The ID should only be set manually in a multi-forest environment where the same claim type needs to work across forests. +By default, New-ADClaimType generates the ID automatically. +For claim types to be considered identical across forests, their ID must be the same. + +## PARAMETERS + +### -AppliesToClasses +This parameter is used to specify the security principal classes to which this claim applies. +Possible values for this parameter include the following or any Active Directory type that derives from these base types: + +- User +- Computer +- InetOrgPerson +- msDS-ManagedServiceAccount +- msDS-GroupManagedServiceAccount + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the claim type, which must be unique. +The display name of a claim type can be used as an identity in other Active Directory cmdlets. +For example, if the display name of a claim type is Employee Type, then you can use the Get-ADClaimType cmdlet to retrieve the Employee Type claim type. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enabled +Specifies whether the claim type is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ID +Specifies the claim type ID. +This is an optional parameter. +By default, New-ADClaimType generates the ID automatically. + +The ID should only be set manually in a multi-forest environment where the same claim types need to work across forests. +For claim types to be considered identical across forests, their ID must be the same. + +To specify the ID, the ID string must conform to the following format: + +- The ID must have a maximum of 37 characters. +- The ID must have at least one slash (/). +- The ID must have at least one colon before the first slash. +- The ID must not have the slash as the last character. +- The ID must contain valid file characters only. + +An example is ad://ext/BusinessImpact. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a claim type object to use as a template for a new claim type object. + +You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing claim type object as a template for a new object. +To retrieve an instance of an existing claim type object, use a cmdlet such as **Get-ADClaimType**. +Then provide this object to the *Instance* parameter of the **New-ADClaimType** cmdlet to create a new claim type object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADClaimType** cmdlet to create the new claim type object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADClaimType +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsSingleValued +Specifies whether the claim type is single valued or multi-valued. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAPDisplayName (**ldapDisplayName**) defined for it in the Active Directory schema. + +Syntax: + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RestrictValues +This parameter is used to specify whether the claim type may have values outside of the *SuggestedValues* parameter. +If this is set to true, then the claim should only have values specified in the *SuggestedValues* parameter. + +Note that Active Directory does not enforce this restriction. +It is up to the applications that use these claims to enforce the restriction. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceAttribute +Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. +The input must be the distinguished name, Name, or GUID of the attribute definition in the schema. + +Acceptable values include attributes of the following schema class objects: **User**, **InetOrgPerson**, **Computer**, **ManagedServiceAccount**, **GroupManagedServiceAccount**, and **Auxiliary**, except for the following attributes: + +Attributes marked as defunct in the schema- Blocked attributes such as **dBCSPwd**, **lmPwdHistory**, and **unicodePwd** + Attributes that are not replicated + Attributes that are not available on read-only domain controllers + Attributes with syntaxes not based on the following: + +- String Object (DS-DN) +- String (Unicode) +- Boolean +- Integer +- Large Integer +- String (OID) +- String (SD) + +```yaml +Type: String +Parameter Sets: SourceAttribute +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SourceOID +Specifies a string that can be used to configure a certificate-based claim type source. +For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. +The *SourceOID* parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. +An example of an OID is 1.3.6.1.4.1.311.47.2.5. + +```yaml +Type: String +Parameter Sets: SourceOID +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SourceTransformPolicy +Indicates that the claim type is sourced from the claims transformation policy engine. + +```yaml +Type: SwitchParameter +Parameter Sets: SourceTransformPolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SuggestedValues +Specifies one or more suggested values for the claim type. +An application may choose to present this list of suggested values for the user to choose from. +When the *RestrictValues* parameter is set to a value of $True, the application should limit the user to selecting values from this list only. + +```yaml +Type: ADSuggestedValueEntry[] +Parameter Sets: SourceAttribute, SourceTransformPolicy +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ValueType +Specifies the value type for this claim type. +The following are the valid value types: + +- Int64 +- UInt64 +- String +- FQBN +- SID +- Boolean +- OctetString + +```yaml +Type: ADClaimValueType +Parameter Sets: SourceTransformPolicy +Aliases: +Accepted values: Invalid, Int64, UInt64, String, FQBN, SID, Boolean, OctetString + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADClaimType](./Get-ADClaimType.md) + +[Remove-ADClaimType](./Remove-ADClaimType.md) + +[Set-ADClaimType](./Set-ADClaimType.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADComputer.md b/docset/winserver2025-ps/activedirectory/New-ADComputer.md new file mode 100644 index 0000000000..06cdd519bc --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADComputer.md @@ -0,0 +1,968 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adcomputer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADComputer +--- + +# New-ADComputer + +## SYNOPSIS +Creates a new Active Directory computer object. + +## SYNTAX + +``` +New-ADComputer [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-AccountPassword ] [-AllowReversiblePasswordEncryption ] + [-AuthenticationPolicy ] [-AuthenticationPolicySilo ] + [-AuthType ] [-CannotChangePassword ] [-Certificates ] + [-ChangePasswordAtLogon ] [-CompoundIdentitySupported ] [-Credential ] + [-Description ] [-DisplayName ] [-DNSHostName ] [-Enabled ] + [-HomePage ] [-Instance ] [-KerberosEncryptionType ] + [-Location ] [-ManagedBy ] [-Name] [-OperatingSystem ] + [-OperatingSystemHotfix ] [-OperatingSystemServicePack ] [-OperatingSystemVersion ] + [-OtherAttributes ] [-PassThru] [-PasswordNeverExpires ] [-PasswordNotRequired ] + [-Path ] [-PrincipalsAllowedToDelegateToAccount ] [-SAMAccountName ] + [-Server ] [-ServicePrincipalNames ] [-TrustedForDelegation ] + [-UserPrincipalName ] [] +``` + +## DESCRIPTION +The **New-ADComputer** cmdlet creates a new Active Directory computer object. +This cmdlet does not join a computer to a domain. +You can set commonly used computer property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *OtherAttributes* parameter. + +You can use this cmdlet to provision a computer account before the computer is added to the domain. +These pre-created computer objects can be used with offline domain join, unsecure domain join, and RODC domain join scenarios. + +The *Path* parameter specifies the container or organizational unit (OU) for the new computer. +When you do not specify the *Path* parameter, the cmdlet creates a computer account in the default container for computer objects in the domain. + +The following methods explain different ways to create an object by using this cmdlet. + +Method 1: Use the **New-ADComputer** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +Method 2: Use a template to create the new object. +To do this, create a new computer object or retrieve a copy of an existing computer object and set the *Instance* parameter to this object. +The object provided to the *Instance* parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. + +Method 3: Use the Import-Csv cmdlet with the Add-ADComputerServiceAccount cmdlet to create multiple Active Directory computer objects. +To do this, use the **Import-Csv** cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. +Then pass these objects to the **New-ADComputer** cmdlet by using the pipeline operator to create the computer objects. + +## EXAMPLES + +### Example 1: Create a new computer account in an organization unit +``` +PS C:\> New-ADComputer -Name "USER02-SRV2" -SamAccountName "USER02-SRV2" -Path "OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=USER02,DC=COM" +``` + +This command creates a new computer account in the OU OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=USER02,DC=COM. + +### Example 2: Create a new computer account under an organization unit in a specified region +``` +PS C:\> New-ADComputer -Name "USER01-SRV3" -SamAccountName "USER01-SRV3" -Path "OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=USER01,DC=COM" -Enabled $True -Location "Redmond,WA" +``` + +This command creates a new computer account under a particular OU, which is enabled and located in Redmond, WA. + +### Example 3: Create a new computer account from a template +``` +PS C:\> $TemplateComp = Get-ADComputer -Name "LabServer-00" -Properties "Location","OperatingSystem","OperatingSystemHotfix","OperatingSystemServicePack","OperatingSystemVersion" +PS C:\> New-ADComputer -Instance $TemplateComp -Name "LabServer-01" +``` + +This example creates a new computer account from a template object. + +## PARAMETERS + +### -AccountExpirationDate +Specifies the expiration date for an account. +This parameter sets the **AccountExpirationDate** property of an account object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is accountExpires. + +Use the **DateTime** syntax when you specify this parameter. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountNotDelegated +Specifies whether the security context of the user is delegated to a service. +When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountPassword +Specifies a new password value for an account. +This value is stored as an encrypted string. + +The following conditions apply based on the manner in which the password parameter is used: + +- $Null password is specified: random password is set and the account is enabled unless it is requested to be disabled. +- No password is specified: random password is set and the account is enabled unless it is requested to be disabled. +- User password is specified: password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled. + +Notes: Computer accounts, by default, are created with a 240-character random password. +If you provide a password, an attempt is made to set that password. +However, this can fail due to password policy restrictions. +The computer account is created and you can use Set-ADAccountPassword to set the password on that account. +In order to ensure that accounts remain secure, computer accounts will never be enabled unless a valid password is set (either a randomly-generated or user-provided one) or **PasswordNotRequired** is set to $True. + +The account is created if the password fails for any reason. + +The new **ADComputer** object will always either be disabled or have a user-requested or randomly-generated password. +There is no way to create an enabled computer account object with a password that violates domain password policy, such as an empty password. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllowReversiblePasswordEncryption +Specifies whether reversible password encryption is allowed for the account. +This parameter sets the **AllowReversiblePasswordEncryption** property of the account. +This parameter also sets the **ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationPolicy +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- A distinguished Name +- A GUID +- A name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- A GUID +- A name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CannotChangePassword +Specifies whether the account password can be changed. +This parameter sets the **CannotChangePassword** property of an account. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Certificates +Specifies the DER-encoded X.509v3 certificates of the account. +These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. +This parameter sets the **Certificates** property of the account object. +The LDAP display name (**ldapDisplayName**) for this property is userCertificate. + +```yaml +Type: X509Certificate[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ChangePasswordAtLogon +Specifies whether a password must be changed during the next logon attempt. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +This parameter cannot be set to $True or 1 for an account that also has the **PasswordNeverExpires** property set to $True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported +Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. +This value sets the compound identity supported flag of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute is overwritten by the service or system which manages the setting. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DNSHostName +Specifies the fully qualified domain name (FQDN) of the computer. +This parameter sets the **DNSHostName** property for a computer object. +The LDAP display name for this property is dNSHostName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enabled +Specifies if an account is enabled. +An enabled account requires a password. +This parameter sets the **Enabled** property for an account object. +This parameter also sets the **ADS_UF_ACCOUNTDISABLE** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a computer object to use as a template for a new computer object. + +You can use an instance of an existing computer object as a template or you can construct a new computer object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing computer object as a template for a new object. +To retrieve an instance of an existing computer object use Get-ADComputer. +Then provide this object to the *Instance* parameter of the **New-ADComputer** cmdlet to create a new computer object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADcomputer** object and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADComputer** cmdlet to create the new Active Directory computer object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADComputer +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType +Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. +This value sets the encryption types supported flags of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- None +- DES +- RC4 +- AES128 +- AES256 + +None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account. + +DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2. + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute is overwritten by the service or system which manages the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: (All) +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Location +Specifies the location of the computer, such as an office number. +This parameter sets the **Location** property of a computer. +The LDAP display name (**ldapDisplayName**) of this property is location. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OperatingSystem +Specifies an operating system name. +This parameter sets the **OperatingSystem** property of the computer object. +The LDAP Display Name (**ldapDisplayName**) for this property is operatingSystem. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OperatingSystemHotfix +Specifies an operating system hotfix name. +This parameter sets the **operatingSystemHotfix** property of the computer object. +The LDAP display name for this property is operatingSystemHotfix. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OperatingSystemServicePack +Specifies the name of an operating system service pack. +This parameter sets the **OperatingSystemServicePack** property of the computer object. +The LDAP display name (**ldapDisplayName**) for this property is operatingSystemServicePack. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OperatingSystemVersion +Specifies an operating system version. +This parameter sets the **OperatingSystemVersion** property of the computer object. +The LDAP display name (**ldapDisplayName**) for this property is operatingSystemVersion. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +Syntax: + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires +Specifies whether the password of an account can expire. +This parameter sets the **PasswordNeverExpires** property of an account object. +This parameter also sets the **ADS_UF_DONT_EXPIRE_PASSWD** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Note: This parameter cannot be set to $True or 1 for an account that also has the **ChangePasswordAtLogon** property set to $True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PasswordNotRequired +Specifies whether the account requires a password. +This parameter sets the **PasswordNotRequired** property of an account, such as a user or computer account. +This parameter also sets the **ADS_UF_PASSWD_NOTREQD** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Path +Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. + +In many cases, a default value is used for the *Path* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for Path is set in the following cases: + +- If the cmdlet is run from an Active Directory module for Windows PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this value is used. +For example: in New-ADUser, the *Path* parameter would default to the **Users** container. +- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for Path is set in the following cases: + +- If the cmdlet is run from an Active Directory module for Windows PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this value is used. +For example: in **New-ADUser**, the *Path* parameter would default to the **Users** container. +- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Path* parameter will not take any default value. + +Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a *Path* property. +However, for the provider cmdlets, the *Path* parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount +Specifies the accounts which can act on the behalf of users to services running as this computer account. +This parameter sets the **msDS-AllowedToActOnBehalfOfOtherIdentity** attribute of a computer account object. + +```yaml +Type: ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SAMAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 15 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the **SAMAccountName** string provided does not end with a $, a $ will be appended if needed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames +Specifies the service principal names for the account. +This parameter sets the **ServicePrincipalNames** property of the account. +The LDAP display name (**ldapDisplayName**) for this property is servicePrincipalName. +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`." + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TrustedForDelegation +Specifies whether an account is trusted for Kerberos delegation. +A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. +This parameter sets the **TrustedForDelegation** property of an account object. +This value also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserPrincipalName +Specifies a user principal name (UPN) in the format `@`. +A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. +The UPN is independent of the user object's distinguished name, so a user object can be moved or renamed without affecting the user logon name. +When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +A computer object that is a template for the new computer object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +Returns the new computer object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[Remove-ADComputer](./Remove-ADComputer.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[Set-ADComputer](./Set-ADComputer.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) + +[New-ADUser](./New-ADUser.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADDCCloneConfigFile.md b/docset/winserver2025-ps/activedirectory/New-ADDCCloneConfigFile.md new file mode 100644 index 0000000000..591fae2397 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADDCCloneConfigFile.md @@ -0,0 +1,412 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-addccloneconfigfile?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADDCCloneConfigFile +--- + +# New-ADDCCloneConfigFile + +## SYNOPSIS +Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed. + +## SYNTAX + +### IPv4DynamicSettings (Default) +``` +New-ADDCCloneConfigFile [-CloneComputerName ] [-IPv4DNSResolver ] [-Path ] + [-SiteName ] [] +``` + +### OfflineExecution +``` +New-ADDCCloneConfigFile [-AlternateWINSServer ] [-CloneComputerName ] [-IPv4Address ] + [-IPv4DefaultGateway ] [-IPv4DNSResolver ] [-IPv4SubnetMask ] + [-IPv6DNSResolver ] [-Offline] -Path [-PreferredWINSServer ] [-SiteName ] + [-Static] [] +``` + +### IPv4StaticSettings +``` +New-ADDCCloneConfigFile [-AlternateWINSServer ] [-CloneComputerName ] -IPv4Address + [-IPv4DefaultGateway ] -IPv4DNSResolver -IPv4SubnetMask [-Path ] + [-PreferredWINSServer ] [-SiteName ] [-Static] [] +``` + +### IPv6DynamicSettings +``` +New-ADDCCloneConfigFile [-CloneComputerName ] [-IPv6DNSResolver ] [-Path ] + [-SiteName ] [] +``` + +### IPv6StaticSettings +``` +New-ADDCCloneConfigFile [-CloneComputerName ] -IPv6DNSResolver [-Path ] + [-SiteName ] [-Static] [] +``` + + +## DESCRIPTION +The **New-ADDCCloneConfigFile** cmdlet performs prerequisite checks for cloning a domain controller when run locally on the domain controller being prepared for cloning. +This cmdlet generates a clone configuration file, DCCloneConfig.xml, at an appropriate location, if all prerequisite checks succeed. + +There are two modes of operation for this cmdlet, depending on where it is executed. +When run on the domain controller that is being prepared for cloning, it will run the following pre-requisite checks to make sure this domain controller is adequately prepared for cloning: + +- Is the PDC emulator FSMO role hosted on a domain controller running Windows Server 2012? +- Is this computer authorized for domain controller cloning (i.e. +is the computer a member of the Cloneable Domain Controllers group)? +- Are all program and services listed in the output of the Get-ADDCCloningExcludedApplicationList cmdlet captured in CustomDCCloneAllowList.xml? + +If these pre-requisite checks all pass, the **New-ADDCCloneConfigFile** cmdlet will generate a DCCloneConfig.xml file at a suitable location based on the parameter values supplied. +This cmdlet can also be run from a client, with Remote Server Administration Tools, and used to generate a DCCloneConfig.xml against offline media of the domain controller being cloned; however, none of the pre-requisite checks is performed in this usage mode. +This usage is intended to generate DCCloneConfig.xml files with specific configuration values for each clone on copies of the offline media. + +## EXAMPLES + +### Example 1: Create a clone domain controller with a static IPv4 address +``` +PS C:\> New-ADDCCloneConfigFile -Static -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -CloneComputerName "VirtualDC2" -IPv4DefaultGateway "10.0.0.3" -PreferredWINSServer "10.0.0.1" -SiteName "REDMOND" +``` + +This command creates a clone domain controller named VirtualDC2 with a static IPv4 address. + +### Example 2: Create a clone domain controller with a static IPv6 settings +``` +PS C:\> New-ADDCCloneConfigFile -Static -CloneComputerName "Clone1" -IPv6DNSResolver "FEC0:0:0:FFFF::1" +``` + +This command creates a clone domain controller named Clone1 with a static IPv6 setting. + +### Example 3: Create a clone domain controller with a dynamic IPv4 settings +``` +PS C:\> New-ADDCCloneConfigFile -AlternateWINSServer "10.0.0.3" -CloneComputerName "Clone2"-IPv4DNSResolver "10.0.0.1" -PreferredWINSServer "10.0.0.1" +``` + +This command creates a clone domain controller named Clone2 with dynamic IPv4 settings. + +### Example 4: Create a clone domain controller with a dynamic IPv6 settings +``` +PS C:\> New-ADDCCloneConfigFile -IPv6DNSResolver "FEC0:0:0:FFFF::1" -SiteName "REDMOND" +``` + +This command creates a clone domain controller with dynamic IPv6 settings. + +### Example 5: Create a clone domain controller with a static IPv4 and IPv6 settings +``` +PS C:\> New-ADDCCloneConfigFile -Static -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -Static -IPv6DNSResolver "FEC0:0:0:FFFF::1" -CloneComputerName "Clone2" -PreferredWINSServer "10.0.0.1" +``` + +This command creates a clone domain controller named Clone2 with static IPv4 and static IPv6 settings. + +### Example 6: Create a clone domain controller with a static IPv4 and dynamic IPv6 settings +``` +PS C:\> New-ADDCCloneConfigFile -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -IPv4DefaultGateway "10.0.0.3" -IPv6DNSResolver "FEC0:0:0:FFFF::1" +``` + +This command creates a clone domain controller named Clone2 with static IPv4 and dynamic IPv6 settings. + +### Example 7: Create a clone domain controller with a dynamic IPv4 and static IPv6 settings +``` +PS C:\> New-ADDCCloneConfigFile -Static -IPv6DNSResolver "FEC0:0:0:FFFF::1" -CloneComputerName "Clone1" -PreferredWINSServer "10.0.0.1" -SiteName "REDMOND" +``` + +This command creates a clone domain controller named Clone1 with dynamic IPv4 and static IPv6 settings. + +### Example 8: Create a clone domain controller in offline mode in a specified site +``` +PS C:\> New-DCCloneConfig -Offline -CloneComputerName "CloneDC1" -SiteName CONTOSO -Path F:\Windows\NTDS -Force +``` + +This command creates a clone domain controller named CloneDC1 in offline mode, in a site called CONTOSO with a dynamic IPv4 address. +This command also uses the *Force* parameter to force overwrite of any previous DCCloneConfig.xml file created at the specified path, F:\Windows\NTDS. + +## PARAMETERS + +### -AlternateWINSServer +Specifies the name of the alternate Windows Internet Naming Service (WINS) server for the cloned domain controller to use if the preferred WINS Server is not available. + +```yaml +Type: String +Parameter Sets: OfflineExecution, IPv4StaticSettings +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CloneComputerName +Specifies the computer name for the cloned domain controller. +If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: + +- The first eight characters of the source domain controller computer name. +For instance, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. +- A unique naming suffix of the format **-CL**nnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the primary domain controller (PDC) determines is not currently in use. +For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPv4Address +Specifies the Internet Protocol version 4 (IPv4) address to be assigned to the cloned domain controller. + +```yaml +Type: String +Parameter Sets: OfflineExecution +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: IPv4StaticSettings +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -IPv4DefaultGateway +Specifies the Internet Protocol version 4 (IPv4) address for the default gateway to be used by the cloned domain controller. + +```yaml +Type: String +Parameter Sets: OfflineExecution, IPv4StaticSettings +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPv4DNSResolver +Specifies the Internet Protocol version 4 (IPv4) address for the DNS server to be used by the cloned domain controller to resolve names. +A maximum of four string values can be provided. + +```yaml +Type: String[] +Parameter Sets: IPv4DynamicSettings, OfflineExecution +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String[] +Parameter Sets: IPv4StaticSettings +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPv4SubnetMask +Specifies the Internet Protocol version 4 (IPv4) subnet mask to use for the subnet where the cloned domain controller is to be located. + +```yaml +Type: String +Parameter Sets: OfflineExecution +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: IPv4StaticSettings +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IPv6DNSResolver +Specifies the Internet Protocol version 6 (IPv6) address for the DNS server to be used by the cloned domain controller to resolve names. + +```yaml +Type: String[] +Parameter Sets: OfflineExecution, IPv6DynamicSettings +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String[] +Parameter Sets: IPv6StaticSettings +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Offline +Indicates whether the cmdlet is being run against an offline media or on the domain controller being prepared for cloning. + +```yaml +Type: SwitchParameter +Parameter Sets: OfflineExecution +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the folder path to use when writing the clone configuration file. +If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. +The *Path* parameter is optional when running the cmdlet on the domain controller being prepared for cloning. +In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. +When running the **New-ADCCLoneConfigFile** cmdlet in offline mode (i.e. +when the *Offline* parameter is specified), however, the *Path* parameter is required. + +```yaml +Type: String +Parameter Sets: IPv4DynamicSettings, IPv4StaticSettings, IPv6DynamicSettings, IPv6StaticSettings +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: OfflineExecution +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreferredWINSServer +Specifies the name of the primary Windows Internet Naming Service (WINS) server to use as the preferred WINS Server for the cloned domain controller. + +```yaml +Type: String +Parameter Sets: OfflineExecution, IPv4StaticSettings +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName +Specifies the name of the Active Directory site in which to place the cloned domain controller. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Static +Indicates whether the TCP/IP configuration specified for the cloned domain controller is static or dynamic IP configuration. + +```yaml +Type: SwitchParameter +Parameter Sets: OfflineExecution +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: SwitchParameter +Parameter Sets: IPv4StaticSettings, IPv6StaticSettings +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Get-ADDCCloningExcludedApplicationList](./Get-ADDCCloningExcludedApplicationList.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md new file mode 100644 index 0000000000..279660c38a --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md @@ -0,0 +1,627 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adfinegrainedpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADFineGrainedPasswordPolicy +--- + +# New-ADFineGrainedPasswordPolicy + +## SYNOPSIS +Creates a new Active Directory fine-grained password policy. + +## SYNTAX + +```powershell +New-ADFineGrainedPasswordPolicy [-WhatIf] [-Confirm] [-AuthType ] [-ComplexityEnabled ] + [-Credential ] [-Description ] [-DisplayName ] + [-Instance ] [-LockoutDuration ] [-LockoutObservationWindow ] + [-LockoutThreshold ] [-MaxPasswordAge ] [-MinPasswordAge ] + [-MinPasswordLength ] [-Name] [-OtherAttributes ] [-PassThru] + [-PasswordHistoryCount ] [-Precedence] [-ProtectedFromAccidentalDeletion ] + [-ReversibleEncryptionEnabled ] [-Server ] [] +``` + +## DESCRIPTION +The **New-ADFineGrainedPasswordPolicy** cmdlet creates a new Active Directory fine-grained password policy. +You can set commonly used fine-grained password policy property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be set by using the *OtherAttributes* parameter. + +You must set the *Name* and *Precedence* parameters to create a new fine-grained password policy. + +The following methods explain different ways to create an object by using this cmdlet. + +Method 1: Use the **New-ADFineGrainedPasswordPolicy** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +Method 2: Use a template to create the new object. +To do this, create a new fine-grained password policy object or retrieve a copy of an existing fine-grained password policy object and set the *Instance* parameter to this object. +The object provided to the *Instance* parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. +For examples and more information, see the *Instance* parameter description for this cmdlet. + +Method 3: Use the Import-Csv cmdlet with the **New-ADFineGrainedPasswordPolicy** cmdlet to create multiple Active Directory fine-grained password policy objects. +To do this, use the **Import-Csv** cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. +Then pass these objects through the pipeline operator to the **New-ADFineGrainedPasswordPolicy** cmdlet to create the fine-grained password policy objects. + +## EXAMPLES + +### Example 1: Create a fine-grained password policy +```powershell +PS C:\> New-ADFineGrainedPasswordPolicy -Name "DomainUsersPSO" -Precedence 500 -ComplexityEnabled $true -Description "The Domain Users Password Policy" -DisplayName "Domain Users PSO" -LockoutDuration "0.12:00:00" -LockoutObservationWindow "0.00:15:00" -LockoutThreshold 10 +``` + +This command creates a fine-grained password policy object named DomainUsersPSO and set the **Precedence**, **ComplexityEnabled**, **Description**, **DisplayName**, **LockoutDuration**, **LockoutObservationWindow**, and **LockoutThreshold** properties on the object. + +### Example 2: Create fine-grained password policies using a template object +```powershell +PS C:\> $TemplatePSO = New-Object Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +PS C:\> $TemplatePSO.ComplexityEnabled = $true +PS C:\> $TemplatePSO.LockoutDuration = [TimeSpan]::Parse("0.12:00:00") +PS C:\> $TemplatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") +PS C:\> $TemplatePSO.LockoutThreshold = 10 +PS C:\> $TemplatePSO.MinPasswordAge = [TimeSpan]::Parse("0.00:10:00") +PS C:\> $TemplatePSO.PasswordHistoryCount = 24 +PS C:\> $TemplatePSO.ReversibleEncryptionEnabled = $false +PS C:\> New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name "SvcAccPSO" -Precedence 100 -Description "The Service Accounts Password Policy" -DisplayName "Service Accounts PSO" -MaxPasswordAge "30.00:00:00" -MinPasswordLength 20 +PS C:\> New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name "AdminsPSO" -Precedence 200 -Description "The Domain Administrators Password Policy" -DisplayName "Domain Administrators PSO" -MaxPasswordAge "15.00:00:00" -MinPasswordLength 10 +``` + +This example creates two new fine-grained password policy objects using a template object. + +### Example 3: Create a fine-grained password policy with manual account unlock +```powershell +PS C:\> New-ADFineGrainedPasswordPolicy -Name "ManualUnlockPSO" -Precedence 500 -ComplexityEnabled $true -Description "Manual Unlock Password Policy" -DisplayName "Manual Unlock PSO" -LockoutDuration "00:00:00" -LockoutObservationWindow "00:00:00" -LockoutThreshold 3 +``` + +This command creates a fine-grained password policy object named ManualUnlockPSO that would require manual unlock of accounts by the administrator. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComplexityEnabled +Specifies whether password complexity is enabled for the password policy. +If enabled, the password must contain three of the following four character types: + +- Uppercase characters (A, B, C, D, E, ...) +- Lowercase characters (a, b, c, d, e, ...) +- Numerals (0, 1, 2, 3, ...) +- Special characters (#, $, *, %, ...) + +This parameter sets the **ComplexityEnabled** property of a password policy. +The acceptable values for this parameter are: + +- $False or 0. +Disables password complexity. +- $True or 1. +Enables password complexity. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a fine-grained password policy object to use as a template for a new fine-grained password policy object. + +You can use an instance of an existing fine-grained password policy object as a template or you can construct a new fine-grained password policy object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing fine-grained password policy object as a template for a new object. +To retrieve an instance of an existing fine-grained password policy object, use a cmdlet such as **Get-ADFineGrainedPasswordPolicy**. +Then provide this object to the *Instance* parameter of the **New-ADFineGrainedPasswordPolicy** cmdlet to create a new fine-grained password policy object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADFineGrainedPasswordPolicy** object and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADFineGrainedPasswordPolicy** cmdlet to create the new Active Directory fine-grained password policy object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutDuration +Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. +You cannot log in to an account that is locked until the lockout duration time period has expired. If you set the value to 0 the account needs to be unlocked manually by the administrator. +This parameter sets the **lockoutDuration** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is msDS-LockoutDuration. + +The lockout duration must be greater than or equal to the lockout observation time for a password policy. +Use the *LockOutObservationWindow* parameter to set the lockout observation time. + +Specify the lockout duration time interval in the following format: + +`D.H:M:S.F` + +where: +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F= Fractions of a second (0 to 9999999) + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LockoutObservationWindow +Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. +An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. +This parameter sets the **lockoutObservationWindow** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is **msDS-lockoutObservationWindow**. + +The lockout observation window must be smaller than or equal to the lockout duration for a password policy. +Use the *LockoutDuration* parameter to set the lockout duration time. + +Specify the time interval in the following format: + +`D:H:M:S.F` + +where: +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LockoutThreshold +Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. +This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. +This parameter sets the **LockoutThreshold** property of a password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MaxPasswordAge +Specifies the maximum length of time that you can have the same password. +After this time period, the password expires and you must create a new one. + +This parameter sets the **maxPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is maxPwdAge. + +Specify the time interval in the following format: + +`D.H:M:S.F` + +where: +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MinPasswordAge +Specifies the minimum length of time before you can change a password. + +This parameter sets the **minPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is minPwdAge. + +Specify the time interval in the following format: + +`D.H:M:S.F` + +where: +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0 and 10675199:02:48:05. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MinPasswordLength +Specifies the minimum number of characters that a password must contain. +This parameter sets the **MinPasswordLength** property of the password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAPDisplayName (**ldapDisplayName**) defined for it in the Active Directory schema. + +Syntax: + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordHistoryCount +Specifies the number of previous passwords to save. +A user cannot reuse a password in the list of saved passwords. +This parameter sets the **PasswordHistoryCount** property for a password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Precedence +Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. +This parameter sets the **Precedence** property for a fine-grained password policy. +The LDAP display name (**ldapDisplayName**) for this property is msDS-PasswordSettingsPrecedence. + +This value determines which password policy to use when more than one password policy applies to a user or group. +When there is a conflict, the password policy that has the lower **Precedence** property value has higher priority. +For example, if PasswordPolicy1 has a **Precedence** property value of 200 and PasswordPolicy2 has a **Precedence** property value of 100, PasswordPolicy2 is used. + +Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. +For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. + +If the specified *Precedence* parameter is already assigned to another password policy object, the cmdlet returns a terminating error. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ReversibleEncryptionEnabled +Specifies whether the directory must store passwords using reversible encryption. +This parameter sets the **ReversibleEncryption** property for a password policy. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy object that is a template for the new fine-grained password policy object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +This cmdlet returns the new fine-grained password policy object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Get-ADFineGrainedPasswordPolicy](./Get-ADFineGrainedPasswordPolicy.md) + +[Remove-ADFineGrainedPasswordPolicy](./Remove-ADFineGrainedPasswordPolicy.md) + +[Set-ADFineGrainedPasswordPolicy](./Set-ADFineGrainedPasswordPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADGroup.md b/docset/winserver2025-ps/activedirectory/New-ADGroup.md new file mode 100644 index 0000000000..3b1b862b9b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADGroup.md @@ -0,0 +1,490 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADGroup +--- + +# New-ADGroup + +## SYNOPSIS +Creates an Active Directory group. + +## SYNTAX + +``` +New-ADGroup [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Description ] + [-DisplayName ] [-GroupCategory ] [-GroupScope] [-HomePage ] + [-Instance ] [-ManagedBy ] [-Name] [-OtherAttributes ] [-PassThru] + [-Path ] [-SamAccountName ] [-Server ] [] +``` + +## DESCRIPTION +The **New-ADGroup** cmdlet creates an Active Directory group object. +Many object properties are defined by setting cmdlet parameters. +Properties that cannot be set by cmdlet parameters can be set using the **OtherAttributes** parameter. + +The **Name** and **GroupScope** parameters specify the name and scope of the group and are required to create a new group. +You can define the new group as a security or distribution group by setting the **GroupType** parameter. +The **Path** parameter specifies the container or organizational unit (OU) for the group. + +The following methods explain different ways to create an object by using this cmdlet. + +Method 1: Use the **New-ADGroup** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +Method 2: Use a template to create the new object. +To do this, create a new group object or retrieve a copy of an existing group object and set the **Instance** parameter to this object. +The object provided to the **Instance** parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. +For more information, see the **Instance** parameter description for this cmdlet. + +Method 3: Use the Import-Csv cmdlet with the **New-ADGroup** cmdlet to create multiple Active Directory group objects. +To do this, use the **Import-CSV** cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. +Then pass these objects through the pipeline to the **New-ADGroup** cmdlet to create the group objects. + +## EXAMPLES + +### Example 1: Create a group and set its properties +``` +PS C:\> New-ADGroup -Name "RODC Admins" -SamAccountName RODCAdmins -GroupCategory Security -GroupScope Global -DisplayName "RODC Administrators" -Path "CN=Users,DC=Fabrikam,DC=Com" -Description "Members of this group are RODC Administrators" +``` + +This command creates a group named RODC Admins in the container CN=Users,DC=Fabrikam,DC=Com and set the **GroupCategory**, **DisplayName**, **GroupScope**, and **Description** properties on the new object. + +### Example 2: Create a group using existing property values +``` +PS C:\> Get-ADGroup FabrikamBranch1 -Properties Description | New-ADGroup -Name "Branch1Employees" -SamAccountName "Branch1Employees" -GroupCategory Distribution -PassThru +GroupScope : Universal +Name : Branch1Employees +GroupCategory : Distribution +SamAccountName : Branch1Employees +ObjectClass : group +ObjectGUID : 8eebce44-5df7-4bed-a98b-b987a702103e +SID : S-1-5-21-41432690-3719764436-1984117282-1117 +DistinguishedName : CN=Branch1Employees,CN=Users,DC=Fabrikam,DC=com +``` + +This command creates a new group using the property values from a current group. + +### Example 3: Create a group on an LDS instance +``` +PS C:\> New-ADGroup -Server localhost:60000 -Path "OU=AccountDeptOU,DC=AppNC" -Name "AccountLeads" -GroupScope DomainLocal -GroupCategory Distribution +``` + +This command creates a group named AccountLeads on an AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -GroupCategory +Specifies the category of the group. +The acceptable values for this parameter are: + +- Distribution or 0 +- Security or 1 + +This parameter sets the **GroupCategory** property of the group. +This parameter value combined with other group values sets the LDAP display name (**ldapDisplayName**) attribute named groupType. + +```yaml +Type: ADGroupCategory +Parameter Sets: (All) +Aliases: +Accepted values: Distribution, Security + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -GroupScope +Specifies the group scope of the group. +The acceptable values for this parameter are: + +- DomainLocal or 0 +- Global or 1 +- Universal or 2 + +This parameter sets the **GroupScope** property of a group object to the specified value. +The LDAP display name of this property is groupType. + +```yaml +Type: ADGroupScope +Parameter Sets: (All) +Aliases: +Accepted values: DomainLocal, Global, Universal + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a group object to use as a template for a new group object. + +You can use an instance of an existing group object as a template or you can construct a new group object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing group object as a template for a new object. +Use the **Get-ADGroup** cmdlet to retrieve a group object then pass this object to the *Instance* parameter of the **New-ADGroup** cmdlet to create a new group object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADGroup** object and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADGroup** cmdlet to create the new group object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADGroup +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- SAM account name (sAMAccountName) + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. + +In many cases, a default value is used for the *Path* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases: + +- If the cmdlet is run from an Active Directory module for Windows PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in New-ADUser, the *Path* parameter defaults to the Users container. +- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Path* is set in the following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in New-ADUser, the *Path* parameter defaults to the Users container. +- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Path* parameter does not take a default value. + +Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property. +However, for the provider cmdlets, the *Path* parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SamAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 20 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the string value provided is not terminated with a $ (dollar sign) character, the system adds one if necessary. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object that is a template for the new group object is received by the **Instance** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +Returns the new group object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory Snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADGroup](./Get-ADGroup.md) + +[Remove-ADGroup](./Remove-ADGroup.md) + +[Set-ADGroup](./Set-ADGroup.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADObject.md b/docset/winserver2025-ps/activedirectory/New-ADObject.md new file mode 100644 index 0000000000..136ca92014 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADObject.md @@ -0,0 +1,441 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADObject +--- + +# New-ADObject + +## SYNOPSIS +Creates an Active Directory object. + +## SYNTAX + +``` +New-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Description ] + [-DisplayName ] [-Instance ] [-Name] [-OtherAttributes ] [-PassThru] + [-Path ] [-ProtectedFromAccidentalDeletion ] [-Server ] [-Type] + [] +``` + +## DESCRIPTION +The **New-ADObject** cmdlet creates an Active Directory object such as a new organizational unit (OU) or new user account. +You can use this cmdlet to create any type of Active Directory object. +Many object properties are defined by setting cmdlet parameters. +Properties that are not set by cmdlet parameters can be set by using the *OtherAttributes* parameter. + +You must set the *Name* and *Type* parameters to create a new Active Directory object. +The *Name* specifies the name of the new object. +The *Type* parameter specifies the Lightweight Directory Access Protocol (LDAP) display name of the Active Directory schema class that represents the type of object you want to create. +Examples of *Type* values include computer, group, OU, and user. + +The *Path* parameter specifies the container where the object is created. +If you do not specify the *Path* parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain. + +The following methods explain different ways to create an object by using this cmdlet. + +Method 1: Use the **New-ADObject** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +Method 2: Use a template to create the new object. +To do this, create a new Active Directory object or retrieve a copy of an existing Active Directory object and set the *Instance* parameter to this object. +The object provided to the *Instance* parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. +For more information, see the *Instance* parameter description for this cmdlet. + +Method 3: Use the Import-Csv cmdlet with the **New-ADObject** cmdlet to create multiple Active Directory objects. +To do this, use the **Import-CSV** cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. +Then pass these objects through the pipeline to the **New-ADObject** cmdlet to create the Active Directory objects. + +## EXAMPLES + +### Example 1: Create a subnet object +``` +PS C:\> New-ADObject -Name "192.168.1.0/26" -Type "subnet" -Description "192.168.1.0/255.255.255.192" -OtherAttributes @{location="Building A";siteObject="CN=HQ,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM"} -Path "CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" +``` + +This command creates a subnet object in the HQ site with the described attributes. + +### Example 2: Create a subnet object by template +``` +PS C:\> $SubnetTemplate = Get-ADObject -Identity "CN=192.168.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com" -Properties description,location +PS C:\> New-ADObject -Instance $SubnetTemplate -Name "192.168.1.0/28" -Type "subnet" -Path "CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" +``` + +This example creates a new subnet object, using a different subnet object as a template. + +### Example 3: Create a contact object +``` +PS C:\> New-ADObject -Name "SaraDavisContact" -Type "contact" -ProtectedFromAccidentalDeletion $True -OtherAttributes @{'msDS-SourceObjectDN'="CN=FabrikamContacts,DC=CONTOSO,DC=COM"} +``` + +This command creates a new contact object, sets the **msDS-SourceObjectDN** property and protects the object from accidental deletion. + +### Example 4: Create a container object +``` +PS C:\> New-ADObject -Name "Apps" -Type "container" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000" +``` + +This command creates a new container object named Apps in an AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. + +You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing Active Directory object as a template for a new object. +To retrieve an instance of an existing Active Directory object, use a cmdlet such as **Get-ADObject**. +Then provide this object to the *Instance* parameter of the **New-ADObject** cmdlet to create a new Active Directory object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADObject** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADObject** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +To specify values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the X.500 path of the OU or container where the new object is created. + +In many cases, a default value is used for the *Path* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for *Path* will be set in the following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in New-ADUser, the *Path* parameter defaults to the Users container. +- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Path* is set in the following cases: + +- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in New-ADUser, the *Path* parameter defaults to the Users container. +- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Path* parameter does not take any default value. + +Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a *Path* property. +However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Type +Specifies the type of object to create. +Set the *Type* parameter to the LDAP display name of the Active Directory schema class that represents the type of object that you want to create. +Examples of type values include user, computer, and group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object that is a template for the new object is received by the *Instance* parameter. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADPartition** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +Returns the new Active Directory object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + +[Sync-ADObject](./Sync-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADOrganizationalUnit.md b/docset/winserver2025-ps/activedirectory/New-ADOrganizationalUnit.md new file mode 100644 index 0000000000..54f8e6c58b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADOrganizationalUnit.md @@ -0,0 +1,552 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adorganizationalunit?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADOrganizationalUnit +--- + +# New-ADOrganizationalUnit + +## SYNOPSIS + +Creates an Active Directory organizational unit. + +## SYNTAX + +``` +New-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-City ] [-Country ] + [-Credential ] [-Description ] [-DisplayName ] + [-Instance ] [-ManagedBy ] [-Name] [-OtherAttributes ] + [-PassThru] [-Path ] [-PostalCode ] [-ProtectedFromAccidentalDeletion ] + [-Server ] [-State ] [-StreetAddress ] [] +``` + +## DESCRIPTION + +The **New-ADOrganizationalUnit** cmdlet creates an Active Directory organizational unit (OU). +You can set commonly used OU property values by using the cmdlet parameters. +**Property** values that are not associated with cmdlet parameters can be set by using the *OtherAttributes* parameter. + +You must set the *Name* parameter to create a new OU. +If you do not specify the *Path* parameter, the cmdlet creates an OU under the default naming context (NC) head for the domain. + +The following methods describe how to create an object by using this cmdlet. + +Method 1: Use the **New-ADOrganizationalUnit** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +Method 2: Use a template to create the new object. +To do this, create a new OU object or get a copy of an existing OU object and set the *Instance* parameter to this object. +The object provided to the *Instance* parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. +For more information, see the *Instance* parameter description for this cmdlet. + +Method 3: Use the **Import-Csv** cmdlet with the **New-ADOrganizationalUnit** cmdlet to create multiple Active Directory OU objects. +To do this, use the [**Import-Csv**](/powershell/module/microsoft.powershell.utility/import-csv) cmdlet to create the custom objects +from a comma-separated value (CSV) file that contains a list of object properties. +Then pass these objects through the pipeline to the **New-ADOrganizationalUnit** cmdlet to create the OU objects. + +## EXAMPLES + +### Example 1: Create an OU + +``` +PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" +``` + +This command creates an OU named UserAccounts that is protected from accidental deletion. Note that accidental protection is implicit. + +### Example 2: Create an OU that is not protected from accidental deletion + +``` +PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False +``` + +This command creates an OU named UserAccounts that is not protected from accidental deletion. + +### Example 3: Create an OU that is protected from accidental deletion + +``` +PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"} +``` + +This command creates an OU named UserAccounts that is protected from accidental deletion. +The **seeAlso** and **managedBy** properties are set to specified values. + +### Example 4: Create an OU from a template OU + +``` +PS C:\> $OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy +PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate +``` + +This command uses the data from the OU OU=UserAccounts,DC=Fabrikam,DC=com as a template for another OU. + +### Example 5: Create an OU in an AD LDS instance + +``` +PS C:\> New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000" +``` + +This command creates an OU named Managed in an AD LDS instance. + +## PARAMETERS + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -City + +Specifies the town or city. +This parameter sets the **City** property of an OU object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is `l`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Country + +Specifies the country or region code. +This parameter sets the **Country** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is `c`. +This value is not used by Windows 2000. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential?view=powershell-7.3) cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description + +Specifies a description of the object. +This parameter sets the value of the **Description** property for the OU object. +The LDAP display name (**ldapDisplayName**) for this property is `description`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName + +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the OU object. +The LDAP display name (**ldapDisplayName**) for this property is `displayName`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance + +Specifies an instance of an OU object to use as a template for a new OU object. + +You can use an instance of an existing OU object as a template or you can construct a new OU object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing OU object as a template for a new object. +To retrieve an instance of an existing OU object use Get-ADOrganizationalUnit. +Then provide this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create a new OU object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADOrganizationalUnit** object and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object. + +> [!NOTE] +> Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADOrganizationalUnit +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy + +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of `managedBy`. + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name + +Specifies the name of the object. +This parameter sets the **Name** property of the OU object. +The LDAP display name (**ldapDisplayName**) of this property is `name`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes + +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute, separate the values with a comma: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +To specify values for multiple attributes, separate the attributes with a semi-colon: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path + +Specifies the X.500 path of the OU or container where the new object is created. + +In many cases, a default value is used for the *Path* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container. +- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Path* is set in the following cases: + +- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container. +- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context. + To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Path* parameter does not take any default value. + +> [!NOTE] +> The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property. +> +> However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PostalCode + +Specifies the postal code or zip code. +This parameter sets the **PostalCode** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is `postalCode`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion + +Indicates whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server + +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -State + +Specifies a state or province. +This parameter sets the **State** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is `st`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -StreetAddress + +Specifies a street address. +This parameter sets the **StreetAddress** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is `street`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit + +An OU object that is a template for the new OU object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit + +Returns the new OU object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES + +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADOrganizationalUnit](./Get-ADOrganizationalUnit.md) + +[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md) + +[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md) diff --git a/docset/winserver2025-ps/activedirectory/New-ADReplicationSite.md b/docset/winserver2025-ps/activedirectory/New-ADReplicationSite.md new file mode 100644 index 0000000000..42c753a65b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADReplicationSite.md @@ -0,0 +1,608 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adreplicationsite?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADReplicationSite +--- + +# New-ADReplicationSite + +## SYNOPSIS +Creates an Active Directory replication site in the directory. + +## SYNTAX + +``` +New-ADReplicationSite [-WhatIf] [-Confirm] [-AuthType ] + [-AutomaticInterSiteTopologyGenerationEnabled ] [-AutomaticTopologyGenerationEnabled ] + [-Credential ] [-Description ] [-Instance ] + [-InterSiteTopologyGenerator ] [-ManagedBy ] [-Name] + [-OtherAttributes ] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-RedundantServerTopologyEnabled ] [-ReplicationSchedule ] + [-ScheduleHashingEnabled ] [-Server ] [-TopologyCleanupEnabled ] + [-TopologyDetectStaleEnabled ] [-TopologyMinimumHopsEnabled ] + [-UniversalGroupCachingEnabled ] [-UniversalGroupCachingRefreshSite ] + [-WindowsServer2000BridgeheadSelectionMethodEnabled ] + [-WindowsServer2000KCCISTGSelectionBehaviorEnabled ] [-WindowsServer2003KCCBehaviorEnabled ] + [-WindowsServer2003KCCIgnoreScheduleEnabled ] + [-WindowsServer2003KCCSiteLinkBridgingEnabled ] [] +``` + +## DESCRIPTION +The **New-ADReplicationSite** cmdlet is used to create sites in Active Directory replication. +Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer, or to reduce network traffic over wide area network (WAN) links. +Sites can also be used to optimize replication between domain controllers. + +## EXAMPLES + +### Example 1: Create a replication site +```powershell +PS C:\> New-ADReplicationSite -Name "NorthAmerica" +``` + +This command creates a new site named NorthAmerica. + +### Example 2: Create a replication site and set a property for it +```powershell +PS C:\> New-ADReplicationSite -Name "Europe" -AutomaticInterSiteTopologyGenerationEnabled $FALSE +``` + +This command creates a new site named Europe, and sets the **AutomaticInterSiteTopologyGenerationEnabled** property on the new object. + +### Example 3: Create a replication site and set its replication schedule +```powershell +PS C:\> $Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule +PS C:\> $Schedule.ResetSchedule() +PS C:\> $Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty"); +PS C:\> New-ADReplicationSite -Name "Asia" -ReplicationSchedule $schedule +``` + +This example creates a new site named Asia, and sets the daily *ReplicationSchedule* from 20:00 to 22:30. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutomaticInterSiteTopologyGenerationEnabled +Indicates whether the cmdlet prevents the Knowledge Consistency Checker (KCC) that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. +Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AutomaticTopologyGenerationEnabled +Indicates whether to enable automatic topology generation. +When enabled, prevents the KCC from generating intrasite connections on all servers in the site. +Disable this option if you use manual connections and do not want the KCC to build connections automatically. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site object to use as a template for a new site object. + +You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site object as a template for a new object. +To retrieve an instance of an existing site object, use the **Get-ADReplicationSite** cmdlet. +Then provide this site object to the *Instance* parameter of the **New-ADReplicationSite** cmdlet to create a new site object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSite** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSite** cmdlet to create the new site object. + +Note: +Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationSite +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InterSiteTopologyGenerator +Specifies the server acting as the inter-site topology generator for this site. + +```yaml +Type: ADDirectoryServer +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values: + +- Distinguished name +- GUID (objectGUID) +- Security identifier (objectSid) +- SAM account name (sAMAccountName) + +Note: +The identifier in parentheses is the LDAP display name for the property. + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the replication site object. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RedundantServerTopologyEnabled +Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. +When enabled, disables the Knowledge Consistency Checker (KCC) failover. +Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED). + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ReplicationSchedule +Specifies the default replication schedule for connections within this site (intra-site replication). + +```yaml +Type: ActiveDirectorySchedule +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ScheduleHashingEnabled +Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TopologyCleanupEnabled +Indicates whether the cmdlet enables topology cleanup. +When enabled, prevents the KCC from removing connection objects that it does not need. +Disable this option if you want to take responsibility for removing old redundant connections. +Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TopologyDetectStaleEnabled +Indicates whether the cmdlet enables topology detect stale. +Prevents the KCC from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. +Use this option only if network communication is very unstable and brief outages are expected. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TopologyMinimumHopsEnabled +Indicates whether the cmdlet enables topology minimum hops. +When enabled, prevents the KCC from generating optimizing connections in the ring topology of intrasite replication. +Optimizing connections reduce the replication latency in the site and disabling them is not recommended. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UniversalGroupCachingEnabled +Indicates whether the cmdlet enables universal group caching. +If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. +It can be useful in sites with no GC servers available locally. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UniversalGroupCachingRefreshSite +Specifies the name of a site from which the cache is pulled if universal group caching is enabled. + +```yaml +Type: ADReplicationSite +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2000BridgeheadSelectionMethodEnabled +Implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WindowsServer2000KCCISTGSelectionBehaviorEnabled +Indicates whether the cmdlet implements the Windows 2000 Server method of ISTG selection. +Off by default. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCBehaviorEnabled +Implements KCC operation that is consistent with Windows Server 2003 forest functional level. +This option can be set if all domain controllers in the site are running Windows Server 2003. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCIgnoreScheduleEnabled +Indicates whether to ignore schedules. +When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCSiteLinkBridgingEnabled +Indicates whether the cmdlet enables site link bridging. +When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to enable or disable site link bridging. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite +A site object that is a template for the new site object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSite](./Get-ADReplicationSite.md) + +[Remove-ADReplicationSite](./Remove-ADReplicationSite.md) + +[Set-ADReplicationSite](./Set-ADReplicationSite.md) diff --git a/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLink.md b/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLink.md new file mode 100644 index 0000000000..8561d0f517 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLink.md @@ -0,0 +1,404 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adreplicationsitelink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADReplicationSiteLink +--- + +# New-ADReplicationSiteLink + +## SYNOPSIS +Creates a new Active Directory site link for in managing replication. + +## SYNTAX + +``` +New-ADReplicationSiteLink [-WhatIf] [-Confirm] [-AuthType ] [-Cost ] + [-Credential ] [-Description ] [-Instance ] + [-InterSiteTransportProtocol ] [-Name] + [-OtherAttributes ] [-PassThru] [-ReplicationFrequencyInMinutes ] + [-ReplicationSchedule ] [-Server ] [[-SitesIncluded] ] + [] +``` + +## DESCRIPTION +The **New-ADReplicationSiteLink** cmdlet can be used to create a new Active Directory site link. +A site link connects two or more sites. +Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. +You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. + +## EXAMPLES + +### Example 1: Create a replication site link +``` +PS C:\> New-ADReplicationSiteLink -Name "NorthAmerica-Europe" -SitesIncluded NorthAmerica,Europe +``` + +This command creates a new site link named NorthAmerica-Europe linking the two sites NorthAmerica and Europe. + +### Example 2: Create a replication site link and set properties for it +``` +PS C:\> New-ADReplicationSiteLink -Name "Europe-Asia" -SitesIncluded Europe,Asia -Cost 100 -ReplicationFrequencyInMinutes 15 -InterSiteTransportProtocol IP +``` + +This command creates a new site link named Europe-Asia linking two sites Europe and Asia, and set the *Cost*, *ReplicationFrequencyInMinutes*, and *InterSiteTransportProtocol* on the new object. + +### Example 3: Create a replication site link and set its replication schedule +``` +PS C:\> $Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule +PS C:\> $Schedule.ResetSchedule() +PS C:\> $Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") +PS C:\> New-ADReplicationSiteLink -Name "NorthAmerica-SouthAmerica" -SitesIncluded NorthAmerica,SouthAmerica -ReplicationSchedule $Schedule +``` + +This example creates a new site link named NorthAmerica-SouthAmerica linking two sites NorthAmerica and SouthAmerica, and set the daily *ReplicationSchedule* from 20:00 to 22:30. + +### Example 4: Create a replication site link and enable change notification for it +``` +PS C:\> New-ADReplicationSiteLink -Name "Europe-Asia" -SitesIncluded Europe,Asia -OtherAttributes @{'options'=1} +``` + +This command creates a new site link named Europe-Asia to link two sites, Europe and Asia. +The command also enables change notification on the new object. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Cost +Specifies the cost to be placed on the site link. +For more information on determining the cost, see [Determining the Cost](https://go.microsoft.com/fwlink/?LinkId=221871) in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site link object to use as a template for a new site link object. + +You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site link object as a template for a new object. +To retrieve an instance of an existing site link object, use a cmdlet such as **Get-ADReplicationSiteLink**. +Then provide this object to the *Instance* parameter of the **New-ADReplicationSiteLink** cmdlet to create a new Active Directory object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSiteLink** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the Instance parameter of the **New-ADReplicationSiteLink** cmdlet to create the new site link object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADReplicationSiteLink +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InterSiteTransportProtocol +Specifies a valid intersite transport protocol option. +The acceptable values for this parameter are: + +- IP +- SMTP + +```yaml +Type: ADInterSiteTransportProtocolType +Parameter Sets: (All) +Aliases: +Accepted values: IP, SMTP + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the site link. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAPDisplayName (**ldapDisplayName**) defined for it in the Active Directory schema. + +Syntax: + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationFrequencyInMinutes +Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. +Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. +By default, intersite replication across each site link occurs every 180 minutes (3 hours). +You can adjust this frequency to match your specific needs. +Be aware that increasing this frequency increases the amount of bandwidth used by replication. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ReplicationSchedule +Specifies the default replication schedule for any connections within this site link (intra-site replication). +This allows you to schedule the availability of site links for use by replication. +By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. +You can limit this schedule to specific days of the week and times of day. +You can, for example, schedule intersite replication so that it only occurs after normal business hours. + +```yaml +Type: ActiveDirectorySchedule +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SitesIncluded +Specifies the list of sites included in the site link. + +```yaml +Type: ADReplicationSite[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink +A site link object that is a template for the new site link object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSiteLink](./Get-ADReplicationSiteLink.md) + +[Remove-ADReplicationSiteLink](./Remove-ADReplicationSiteLink.md) + +[Set-ADReplicationSiteLink](./Set-ADReplicationSiteLink.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLinkBridge.md b/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLinkBridge.md new file mode 100644 index 0000000000..5513523529 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADReplicationSiteLinkBridge.md @@ -0,0 +1,332 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adreplicationsitelinkbridge?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADReplicationSiteLinkBridge +--- + +# New-ADReplicationSiteLinkBridge + +## SYNOPSIS +Creates a site link bridge in Active Directory for replication. + +## SYNTAX + +``` +New-ADReplicationSiteLinkBridge [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Description ] [-Instance ] + [-InterSiteTransportProtocol ] [-Name] + [-OtherAttributes ] [-PassThru] [-Server ] [[-SiteLinksIncluded] ] + [] +``` + +## DESCRIPTION +The **New-ADReplicationSiteLinkBridge** cmdlet creates a site link bridge in Active Directory for use in replication. +A site link bridge connects two or more site links and enables transitivity between site links. +Each site link in a bridge must have a site in common with another site link in the bridge. + +## EXAMPLES + +### Example 1: Create a site link bridge +``` +PS C:\> New-ADReplicationSiteLinkBridge -Name "NorthAmerica-Asia" -SiteLinksIncluded "NorthAmerica-Europe","Europe-Asia" +``` + +This command creates a site link bridge named NorthAmerica-Asia that bridges the site links NorthAmerica-Europe and Europe-Asia. + +### Example 2: Create a site link bridge and set the intersite transport protocol +``` +PS C:\> New-ADReplicationSiteLinkBridge -Name "NorthAmerica-Asia" -SiteLinksIncluded "NorthAmerica-Europe","Europe-Asia" -InterSiteTransportProtocol IP +``` + +This command creates a site link bridge named NorthAmerica-Asia that bridges the site links NorthAmerica-Europe and Europe-Asia, and sets the *InterSiteTransportProtocol* value on the new object. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. + +You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site link bridge object as a template for a new object. +To retrieve an instance of an existing Active Directory object, use the Get-ADReplicationSiteLinkBridge cmdlet. +Then provide this object to the Instance parameter of the **New-ADReplicationSiteLinkBridge** cmdlet to create a new site link bridge object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSiteLinkBridge** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSiteLinkBridge** cmdlet to create the new site link bridge object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADReplicationSiteLinkBridge +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InterSiteTransportProtocol +Specifies the intersite transport protocol for this site link bridge. +The acceptable values for this parameter are: + +- IP +- SMTP + +```yaml +Type: ADInterSiteTransportProtocolType +Parameter Sets: (All) +Aliases: +Accepted values: IP, SMTP + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the replication site link bridge object. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- FQDN +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteLinksIncluded +Specifies an array of site links that are included in this site link bridge. +Accepted values for this parameter are the distinguished name, a GUID, or the name of a site link. +This parameter must contain two sites upon creation or else the *Instance* parameter must be included and used. + +```yaml +Type: ADReplicationSiteLink[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge +A site link bridge object that is a template for the new site link bridge object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge + +## NOTES +* By default, all site links are bridged (transitive), and creating a site link design is not required. We recommend that you keep transitivity enabled by not changing this default. However, you must disable bridging for all site links and complete a site link bridge design if either of the following is true: + +- Your IP network is not fully routed. +- You need to control the replication flow of the changes made in Active Directory Domain Services (AD DS). + +## RELATED LINKS + +[Get-ADReplicationSiteLinkBridge](./Get-ADReplicationSiteLinkBridge.md) + +[Remove-ADReplicationSiteLinkBridge](./Remove-ADReplicationSiteLinkBridge.md) + +[Set-ADReplicationSiteLinkBridge](./Set-ADReplicationSiteLinkBridge.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADReplicationSubnet.md b/docset/winserver2025-ps/activedirectory/New-ADReplicationSubnet.md new file mode 100644 index 0000000000..9f2ee08239 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADReplicationSubnet.md @@ -0,0 +1,333 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adreplicationsubnet?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADReplicationSubnet +--- + +# New-ADReplicationSubnet + +## SYNOPSIS +Creates an Active Directory replication subnet object. + +## SYNTAX + +``` +New-ADReplicationSubnet [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Description ] [-Instance ] [-Location ] [-Name] + [-OtherAttributes ] [-PassThru] [-Server ] [[-Site] ] + [] +``` + +## DESCRIPTION +The **New-ADReplicationSubnet** cmdlet creates a new Active Directory subnet object. +Subnet objects (class subnet) define network subnets in Active Directory. +A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. +Subnets group computers in a way that identifies their physical proximity on the network. +Subnet objects in Active Directory are used to map computers to sites. + +## EXAMPLES + +### Example 1: Create a subnet +``` +PS C:\> New-ADReplicationSubnet -Name "10.0.0.0/25" +``` + +This command creates a subnet named 10.0.0.0/25. + +### Example 2: Create a subnet for a specified location +``` +PS C:\> New-ADReplicationSubnet -Name "10.10.0.0/22" -Site Asia -Location "Tokyo,Japan" +``` + +This command creates a new subnet named 10.10.0.0/22 with Asia as its associated site, and sets the **Location** property to Tokyo,Japan. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a subnet object to use as a template for a new subnet object. + +You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing subnet object as a template for a new subnet object. +To retrieve an instance of an existing subnet object, use the Get-ADReplicationSubnet cmdlet. +Then provide this object to the *Instance* parameter of the **New-ADReplicationSubnet** cmdlet to create a new subnet object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSubnet** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSubnet** cmdlet to create the new subnet object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADReplicationSubnet +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Location +Specifies a description of the physical location of this subnet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the subnet. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +Subnet names in Active Directory take the form network/bits masked. +For example, the subnet object 172.16.72.0/22 has a subnet of 172.16.72.0 and a 22-bit subnet mask. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +The following examples show how to use this parameter. + +To set the value of a custom attribute called favColors that takes a set of Unicode strings, use the following syntax: + +`-OtherAttributes @{'favColors'="pink","purple"}` + +To set values for favColors and dateOfBirth simultaneously, use the following syntax: + +`-OtherAttributes @{'favColors'="pink","purple"; 'dateOfBirth'=" 01/01/1960"}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Site +Specifies the site associated with this subnet. + +```yaml +Type: ADReplicationSite +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet +A subnet object that is a template for the new subnet object is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSubnet](./Get-ADReplicationSubnet.md) + +[Remove-ADReplicationSubnet](./Remove-ADReplicationSubnet.md) + +[Set-ADReplicationSubnet](./Set-ADReplicationSubnet.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADResourceProperty.md b/docset/winserver2025-ps/activedirectory/New-ADResourceProperty.md new file mode 100644 index 0000000000..b54c50b1c8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADResourceProperty.md @@ -0,0 +1,477 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adresourceproperty?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADResourceProperty +--- + +# New-ADResourceProperty + +## SYNOPSIS +Creates a resource property in Active Directory. + +## SYNTAX + +``` +New-ADResourceProperty [-WhatIf] [-Confirm] [-AppliesToResourceTypes ] [-AuthType ] + [-Credential ] [-Description ] [-DisplayName] [-Enabled ] + [-ID ] [-Instance ] [-IsSecured ] [-OtherAttributes ] + [-PassThru] [-ProtectedFromAccidentalDeletion ] + -ResourcePropertyValueType [-Server ] [-SharesValuesWith ] + [-SuggestedValues ] [] +``` + +## DESCRIPTION +The **New-ADResourceProperty** cmdlet creates a resource property in the directory. + +## EXAMPLES + +### Example 1: Create a resource property +``` +PS C:\> New-ADResourceProperty -DisplayName "Authors" -ResourcePropertyValueType MS-DS-MultivaluedText +``` + +This command creates a resource property with the display name Authors. +The resource property enables the names of multiple authors to be specified. + +### Example 2: Create a resource property to include suggested values +``` +PS C:\> $US = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("US", "United States of America", "United States of America") +PS C:\> $JP = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("JP", "Japan", "Japan") +PS C:\> New-ADResourceProperty -DisplayName "Country" -ResourcePropertyValueType MS-DS-MultivaluedChoice -SuggestedValues $US,$JP +``` + +This command creates a new resource property with display name Country. +The suggested values are set to US and JP. +Applications using this resource property would allow their users to specify one of the suggested values as this resource property's value. + +### Example 3: Create a resource property with shared values +``` +PS C:\> New-ADResourceProperty -DisplayName "Country" -ResourcePropertyValueType MS-DS-MultivaluedChoice -SharesValuesWith Country +``` + +This command creates a reference resource property with the display name Country. +It uses an existing claim type named Country for its suggested values. +This enables the resource property to be always valid for comparisons with the referenced claim type in a central access rule. + +### Example 4: Create a multivalued text resource property +``` +PS C:\> New-ADResourceProperty -DisplayName "Authors" -ResourcePropertyValueType MS-DS-MultivaluedText -ID "Authors_60DB20331638" +``` + +This command creates a resource property with the display name Authors, and sets its ID to Authors_60DB20331638. + +The ID should only be set manually in a multi-forest environment where the same resource property must work across forests. +By default, **New-ADResourceProperty** generates the ID automatically. +For resource properties to be considered identical across forests, their ID must be the same. + +## PARAMETERS + +### -AppliesToResourceTypes +Specifies the resource types to which this resource property is applied. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the resource property. +The display name of the resource property must be unique. + +The display name of a resource property can be used as an identity in other Active Directory cmdlets. +For example, if the display name of a resource property is Country, then you can type `Get-ADResourceProperty -Identity "Country"` to get the resource property. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether the resource property is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ID +Specifies the resource property ID. +This is an optional parameter. +By default, New-ADResourceProperty generates the ID automatically. + +The ID should only be set manually in a multi-forest environment where the same resource properties need to work across forests. +For resource properties to be considered identical across forests, their ID must be the same. + +To specify the ID, the ID string must conform to the following format: + +- Start with a prefix string of one to 15 characters in length. +- The prefix string must be followed by an underscore. +- The prefix string and underscore must be followed by a suffix string of 1 to 16 characters in length. +- All characters contained in either prefix or suffix strings must contain only valid filename characters. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a resource property object to use as a template for a new resource property object. + +You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing resource property object as a template for a new object. +To retrieve an instance of an existing resource property object, use a cmdlet such as **Get-ADResourceProperty**. +Then provide this object to the *Instance* parameter of the **New-ADResourceProperty** cmdlet to create a new resource property object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADResourceProperty** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADResourceProperty** cmdlet to create the new resource property object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADResourceProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsSecured +Indicates whether the resource property is secure. +Only secure resource properties can be used for authorization decisions or used within central access rules. +Unsecured resource properties cannot be used for these purposes. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAPDisplayName (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourcePropertyValueType +Specifies the value type for a resource property. +When a resource property is passed to a resource manager (for example, File Server), the resource manager leverages the resource property value type to determine how to handle the resource property. + +You can use the Get-ADResourcePropertyValueType cmdlet to get the list of resource property value types. + +Below is a list of the built-in resource property value types available in Active Directory: + +- MS-DS-SinglevaluedChoice +- MS-DS-YesNo +- MS-DS-Number +- MS-DS-DateTime +- MS-DS-OrderedList +- MS-DS-Text +- MS-DS-MultivaluedText +- MS-DS-MultivaluedChoice + +```yaml +Type: ADResourcePropertyValueType +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SharesValuesWith +Specifies a reference resource property. +Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. +This enables the resource property to always remain valid for use in comparisons to its referred claim type within a central access rule. + +```yaml +Type: ADClaimType +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SuggestedValues +Specifies one or more suggested values for the resource property. +An application may choose to present this list of suggested values for the user to choose from. +When **RestrictValues** is set to $True, the application should restrict the user to pick values from this list only. + +```yaml +Type: ADSuggestedValueEntry[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## NOTES +* This cmdlet does not work with an Active Directory Snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADResourceProperty](./Get-ADResourceProperty.md) + +[Remove-ADResourceProperty](./Remove-ADResourceProperty.md) + +[Set-ADResourceProperty](./Set-ADResourceProperty.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADResourcePropertyList.md b/docset/winserver2025-ps/activedirectory/New-ADResourcePropertyList.md new file mode 100644 index 0000000000..0c58e233e1 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADResourcePropertyList.md @@ -0,0 +1,288 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adresourcepropertylist?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADResourcePropertyList +--- + +# New-ADResourcePropertyList + +## SYNOPSIS +Creates a resource property list in Active Directory. + +## SYNTAX + +``` +New-ADResourcePropertyList [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Description ] [-Instance ] [-Name] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Server ] [] +``` + +## DESCRIPTION +The **New-ADResourcePropertyList** cmdlet creates a resource property list in Active Directory. + +## EXAMPLES + +### Example 1: Create a resource property list +``` +PS C:\> New-ADResourcePropertyList -Name "Corporate Resource Property List" +``` + +This command creates a new resource property list named Corporate Resource Property List. + +### Example 2: Create a resource property list and specify a description +``` +PS C:\> New-ADResourcePropertyList -Name "Corporate Resource Property List" -Description "For corporate documents." +``` + +This command creates a new resource property list named Corporate Resource Property List with the description For corporate documents. + +### Example 3: Create a resource property list with values from an existing resource property list +``` +PS C:\> Get-ADResourcePropertyList -Identity "Corporate Resource Property List" | New-ADResourcePropertyList -Name "Finance Resource Property List" +``` + +This command creates a new resource property list using the property values from Corporate Resource Property List. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an resource property list object to use as a template for a new resource property list object. + +You can use an instance of an existing resource property list object as a template or you can construct a new resource property list object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing resource property list object as a template for a new object. +To retrieve an instance of an existing resource property list object, use a cmdlet such as **Get-ADResourcePropertyList**. +Then provide this object to the Instance parameter of the **New-ADResourcePropertyList** cmdlet to create a new resource property list object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADResourcePropertyList** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the Instance parameter of the **New-ADResourcePropertyList** cmdlet to create the new resource property list object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP Display Name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADResourcePropertyList](./Get-ADResourcePropertyList.md) + +[Remove-ADResourcePropertyList](./Remove-ADResourcePropertyList.md) + +[Set-ADResourcePropertyList](./Set-ADResourcePropertyList.md) + diff --git a/docset/winserver2025-ps/activedirectory/New-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/New-ADServiceAccount.md new file mode 100644 index 0000000000..605391ddde --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADServiceAccount.md @@ -0,0 +1,862 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADServiceAccount +--- + +# New-ADServiceAccount + +## SYNOPSIS +Creates a new Active Directory managed service account or group managed service account object. + +## SYNTAX + +### Group (Default) +``` +New-ADServiceAccount [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-AuthenticationPolicy ] [-AuthenticationPolicySilo ] + [-AuthType ] [-Certificates ] [-CompoundIdentitySupported ] + [-Credential ] [-Description ] [-DisplayName ] -DNSHostName + [-Enabled ] [-HomePage ] [-Instance ] + [-KerberosEncryptionType ] [-ManagedPasswordIntervalInDays ] [-Name] + [-OtherAttributes ] [-PassThru] [-Path ] + [-PrincipalsAllowedToDelegateToAccount ] + [-PrincipalsAllowedToRetrieveManagedPassword ] [-SamAccountName ] [-Server ] + [-ServicePrincipalNames ] [-TrustedForDelegation ] [] +``` + +### RestrictedToSingleComputer +``` +New-ADServiceAccount [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-AccountPassword ] [-AuthenticationPolicy ] + [-AuthenticationPolicySilo ] [-AuthType ] [-Certificates ] + [-Credential ] [-Description ] [-DisplayName ] [-Enabled ] + [-HomePage ] [-Instance ] [-KerberosEncryptionType ] + [-Name] [-OtherAttributes ] [-PassThru] [-Path ] [-RestrictToSingleComputer] + [-SamAccountName ] [-Server ] [-ServicePrincipalNames ] + [-TrustedForDelegation ] [] +``` + +### RestrictedToOutboundAuthenticationOnly +``` +New-ADServiceAccount [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-AuthenticationPolicy ] [-AuthenticationPolicySilo ] + [-AuthType ] [-Certificates ] [-Credential ] [-Description ] + [-DisplayName ] [-Enabled ] [-HomePage ] [-Instance ] + [-KerberosEncryptionType ] [-Name] [-OtherAttributes ] + [-PassThru] [-Path ] [-RestrictToOutboundAuthenticationOnly] [-SamAccountName ] + [-Server ] [-ServicePrincipalNames ] [-TrustedForDelegation ] [] +``` + +## DESCRIPTION +The **New-ADServiceAccount** cmdlet creates a new Active Directory managed service account. +By default, the cmdlet creates a group managed service account. +To create a standalone managed service account which is linked to a specific computer, use the **RestrictToSingleComputer** parameter. +To create a group managed service account which can only be used in client roles, use the **RestrictToOutboundAuthenticationOnly** parameter. +This creates a group managed service account that can be used for outbound connections only and any attempts to connect to services using this account will fail because the account does not have enough information for authentication. +You can set commonly used managed service account property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be set by using the **OtherAttributes** parameter. + +The **Path** parameter specifies the container or organizational unit (OU) for the new managed service account object. +When you do not specify the **Path** parameter, the cmdlet creates an object in the default managed service accounts container for managed service account objects in the domain. + +The following methods explain different ways to create an object by using this cmdlet. + +- Method 1: Use the **New-ADServiceAccount** cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. + +- Method 2: Use a template to create the new object. +To do this, create a new managed service account object or retrieve a copy of an existing managed service account object and set the **Instance** parameter to this object. +The object provided to the **Instance** parameter is used as a template for the new object. +You can override property values from the template by setting cmdlet parameters. +For examples and more information, see the **Instance** parameter description for this cmdlet. + +- Method 3: Use the **Import-Csv** cmdlet with the **New-ADServiceAccount** cmdlet to create multiple Active Directory managed service account objects. +To do this, use the **Import-CSV** cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. +For more information, type `Get-Help Import-CSV`. +Then pass these objects through the pipeline to the **New-ADServiceAccount** cmdlet to create the managed service account objects. + +## EXAMPLES + +### Example 1: Create an enabled managed service account +```powershell +PS C:\> New-ADServiceAccount -Name "Service01" -DNSHostName "Service01.contoso.com" -Enabled $True +``` + +This command creates an enabled managed service account in Active Directory Domain Services (AD DS). + +### Example 2: Create a managed service account and register its service principal name +```powershell +PS C:\> New-ADServiceAccount -Name "Service01" -ServicePrincipalNames "MSSQLSVC/Machine3.corp.contoso.com" -DNSHostName "Service01.contoso.com" +``` + +This command creates a managed service account and registers its service principal name. + +### Example 3: Create a managed service account for a single computer +```powershell +PS C:\> New-ADServiceAccount -Name "Service01" -RestrictToSingleComputer +``` + +This command creates a managed service account and restricts its use to a single computer. + +### Example 4: Create a managed service account for outbound authentication only +```powershell +PS C:\> New-ADServiceAccount -Name "Service01" -RestrictToOutboundAuthenticationOnly +``` + +This command creates a managed service account and restricts its use to outbound authentication. + +### Example 5: Create a new managed service account and register multiple service principal names +```Powershell +PS C:\> New-ADServiceAccount service1 -ServicePrincipalNames "HTTP/Machine3.corp.contoso.com,HTTP/Machine3.corp.contoso.com/contoso" -DNSHostName service1.contoso.com +``` + +## PARAMETERS + +### -AccountExpirationDate +Specifies the expiration date for an account. +This parameter sets the **AccountExpirationDate** property of an account object. +The LDAP display name (**ldapDisplayName**) for this property is accountExpires. + +Use the **DateTime** syntax when you specify this parameter. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountNotDelegated +Indicates whether the security context of the user is delegated to a service. +When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountPassword +Specifies a new password value for the service account. +This value is stored as an encrypted string. + +The following conditions apply based on the manner in which the password parameter is used: + +- $Null password is specified. +Random password is set and the account is enabled unless it is requested to be disabled. +- No password is specified. +Random password is set and the account is enabled unless it is requested to be disabled. +- User password is specified. +Password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled. + +The new **ADServiceAccount** object will always either be disabled or have a user-requested or randomly-generated password. +There is no way to create an enabled service account object with a password that violates domain password policy, such as an empty password. + +```yaml +Type: SecureString +Parameter Sets: RestrictedToSingleComputer +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + + +### -AuthenticationPolicy +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Certificates +Specifies an array of certificates. +The cmdlet modifies the DER-encoded X.509v3 certificates of the account. +These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. +This parameter sets the **Certificates** property of the account object. +The LDAP Display Name (**ldapDisplayName**) for this property is userCertificate. + +To add values: + +`-Certificates @{Add=value1,value2,...}` + +To remove values: + +`-Certificates @{Remove=value3,value4,...}` + +To replace values: + +`-Certificates @{Replace=value1,value2,...}` + +To clear all values: + +`-Certificates $Null` + +You can specify more than one operation by using a list separated by semicolons. +For example, use the following syntax to add and remove Certificate values: + +`-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported +Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. +This value sets the compound identity supported flag of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute will be overwritten by the service or system which manages the setting. + +```yaml +Type: Boolean +Parameter Sets: Group +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the service account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type an administrative account name, such as Admin1 or Contoso\Admin1 or you can specify a **PSCredential** object. +If you specify a service account name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP Display Name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DNSHostName +Specifies the DNS host name of Service Account. + +```yaml +Type: String +Parameter Sets: Group +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether an account is enabled. +An enabled account requires a password. +This parameter sets the **Enabled** property for an account object. +This parameter also sets the **ADS_UF_ACCOUNTDISABLE** flag of the Active Directory UAC attribute. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP Display Name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a service account object to use as a template for a new service account object. + +You can use an instance of an existing service account object as a template or you can construct a new service account object for template use. +You can construct a new service account using the Windows PowerShell command line or by using a script. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType +Indicates whether an account supports Kerberos encryption types which are used during creation of service tickets. +This value sets the encryption types supported flags of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- None +- DES +- RC4 +- AES128 +- AES256 + +None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account. + +DES is a weak encryption type that is not supported by default since Windows 7 and Windows Server 2008 R2. + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute will be overwritten by the service or system which manages the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: (All) +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedPasswordIntervalInDays +Specifies the number of days for the password change interval. +If set to 0 then the default is used. +This can only be set on object creation. +After that the setting is read only. +This value returns the **msDS-ManagedPasswordInterval** of the group managed service account object. + +```yaml +Type: Int32 +Parameter Sets: Group +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP Display Name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes +Specifies object attribute values for attributes that are not represented by cmdlet parameters. +You can set one or more parameters at the same time with this parameter. +If an attribute takes more than one value, you can assign multiple values. +To identify an attribute, specify the LDAP Display Name (**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +You can specify values for more than one attribute by using semicolons to separate attributes. +The following syntax shows how to set values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the X.500 path of the organizational unit (OU) or container where the new object is created. + +In many cases, a default value will be used for the **Path** parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for **Path** is set in the following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in **New-ADUser**, the **Path** parameter defaults to the Users container. +- If none of the previous cases apply, the default value of **Path** is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for **Path** is set in the following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. +For example: in **New-ADUser**, the **Path** parameter defaults to the Users container. +- If the target AD LDS instance has a default naming context, the default value of **Path** is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Path** parameter does not take any default value. + +Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property. +However, for the provider cmdlets, the **Path** parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount +Specifies the accounts that can act on the behalf of users to services running as this managed service account or group-managed service account. +This parameter sets the **msDS-AllowedToActOnBehalfOfOtherIdentity** attribute of the object. + +```yaml +Type: ADPrincipal[] +Parameter Sets: Group +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToRetrieveManagedPassword +Specifies the membership policy for systems that can use a group-managed service account. +For a service to run under a group managed service account, the system must be in the membership policy of the account. +This parameter sets the **msDS-GroupMSAMembership** attribute of a group-managed service account object. +This parameter should be set to the principals allowed to use this group-managed service account. + +```yaml +Type: ADPrincipal[] +Parameter Sets: Group +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RestrictToOutboundAuthenticationOnly +Indicates that the cmdlet creates a group-managed service account that on success can be used by a service for successful outbound authentication requests only. +This allows creating a group managed service account without the parameters required for successful inbound authentication. + +```yaml +Type: SwitchParameter +Parameter Sets: RestrictedToOutboundAuthenticationOnly +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RestrictToSingleComputer +Indicates that the cmdlet creates a managed service account that can be used only for a single computer. +Managed service accounts that are linked to a single computer account were introduced in Windows Server 2008 R2. + +```yaml +Type: SwitchParameter +Parameter Sets: RestrictedToSingleComputer +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 15 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the specified **SAMAccountName** string does not end with a $ (dollar sign), one is appended if necessary. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames +Specifies the service principal names for the account. +This parameter sets the **ServicePrincipalNames** property of the account. +The LDAP display name (**ldapDisplayName**) for this property is servicePrincipalName. +This parameter uses the following syntax to add remove, replace or clear service principal name values. + +To add values: + +`-ServicePrincipalNames @{Add=value1,value2,...}` + +To remove values: + +`-ServicePrincipalNames @{Remove=value3,value4,...}` + +To replace values: + +`-ServicePrincipalNames @{Replace=value1,value2,...}` + +To clear all values: + +`-ServicePrincipalNames $Null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove service principal names. + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TrustedForDelegation +Indicates whether an account is trusted for Kerberos delegation. +A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. +This parameter sets the **TrustedForDelegation** property of an account object. +This value also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216) + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +You can pipe a managed service account object that is a template for the new managed service account object to the **Instance** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +This cmdlet returns the new managed service account object when the **PassThru** parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet requires that you create a Microsoft Group Key Distribution Service (GKDS) root key first to begin using group managed service accounts in your Active Directory deployment. For more information on how to create the GKDS root key using Windows PowerShell, see [Create the Key Distribution Services KDS Root Key](https://go.microsoft.com/fwlink/?LinkId=253584). + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) diff --git a/docset/winserver2025-ps/activedirectory/New-ADUser.md b/docset/winserver2025-ps/activedirectory/New-ADUser.md new file mode 100644 index 0000000000..c21bb69c05 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/New-ADUser.md @@ -0,0 +1,1508 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/new-aduser?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-ADUser +--- + +# New-ADUser + +## SYNOPSIS + +Creates an Active Directory user. + +## SYNTAX + +```powershell +New-ADUser [-AccountExpirationDate ] [-AccountNotDelegated ] + [-AccountPassword ] [-AllowReversiblePasswordEncryption ] + [-AuthenticationPolicy ] + [-AuthenticationPolicySilo ] [-AuthType ] + [-CannotChangePassword ] [-Certificates ] + [-ChangePasswordAtLogon ] [-City ] [-Company ] + [-CompoundIdentitySupported ] [-Country ] [-Credential ] + [-Department ] [-Description ] [-DisplayName ] [-Division ] + [-EmailAddress ] [-EmployeeID ] [-EmployeeNumber ] [-Enabled ] + [-Fax ] [-GivenName ] [-HomeDirectory ] [-HomeDrive ] + [-HomePage ] [-HomePhone ] [-Initials ] [-Instance ] + [-KerberosEncryptionType ] [-LogonWorkstations ] + [-Manager ] [-MobilePhone ] [-Name] [-Office ] + [-OfficePhone ] [-Organization ] [-OtherAttributes ] + [-OtherName ] [-PassThru] [-PasswordNeverExpires ] + [-PasswordNotRequired ] [-Path ] [-POBox ] [-PostalCode ] + [-PrincipalsAllowedToDelegateToAccount ] [-ProfilePath ] + [-SamAccountName ] [-ScriptPath ] [-Server ] + [-ServicePrincipalNames ] [-SmartcardLogonRequired ] [-State ] + [-StreetAddress ] [-Surname ] [-Title ] [-TrustedForDelegation ] + [-Type ] [-UserPrincipalName ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `New-ADUser` cmdlet creates an Active Directory user. You can set commonly used user property +values by using the cmdlet parameters. + +You can set property values that are not associated with cmdlet parameters by using the +**OtherAttributes** parameter. When using this parameter, be sure to place single quotes around the +attribute name. + +You must specify the **SamAccountName** parameter to create a user. + +You can use the `New-ADUser` cmdlet to create different types of user accounts such as iNetOrgPerson +accounts. To do this in Active Directory Domain Services (AD DS), set the **Type** parameter to the +Lightweight Directory Access Protocol (LDAP) display name for the type of account you want to +create. This type can be any class in the Active Directory schema that is a subclass of user and +that has an object category of person. + +The **Path** parameter specifies the container or organizational unit (OU) for the new user. When +you do not specify the **Path** parameter, the cmdlet creates a user object in the default container +for user objects in the domain. + +The following methods explain different ways to create an object by using this cmdlet. + +- Method 1: Use the `New-ADUser` cmdlet, specify the required parameters, and set any additional + property values by using the cmdlet parameters. + +- Method 2: Use a template to create the new object. To do this, create a new user object or + retrieve a copy of an existing user object and set the **Instance** parameter to this object. The + object provided to the **Instance** parameter is used as a template for the new object. You can + override property values from the template by setting cmdlet parameters. For examples and more + information, see the **Instance** parameter description for this cmdlet. + +- Method 3: Use the `Import-Csv` cmdlet with the `New-ADUser` cmdlet to create multiple Active + Directory user objects. To do this, use the `Import-Csv` cmdlet to create the custom objects from + a comma-separated value (CSV) file that contains a list of object properties. Then pass these + objects through the pipeline to the `New-ADUser` cmdlet to create the user objects. + +## EXAMPLES + +### Example 1: Create a user with an imported certificate + +```powershell +$splat = @{ + Name = 'ChewDavid' + Certificate = (New-Object System.Security.Cryptography.X509Certificates.X509Certificate -ArgumentList 'Export.cer') +} +New-ADUser @splat +``` + +This command creates a user named `ChewDavid` with a certificate imported from the file `Export.cer`. + +### Example 2: Create a user and set properties + +```powershell +New-ADUser -Name 'ChewDavid' -OtherAttributes @{ + 'title'='director' + 'mail'='chewdavid@fabrikam.com' +} +``` + +This command creates a new user named ChewDavid and sets the **title** and **mail** properties on +the new object. + +### Example 3: Create an inetOrgPerson user + +```powershell +New-ADUser -Name 'ChewDavid' -Type iNetOrgPerson -Path 'DC=AppNC' -Server lds.Fabrikam.com:50000 +``` + +This command creates an **inetOrgPerson**-class user named ChewDavid on an AD LDS instance. + +### Example 4: Create a user and set password + +```powershell +$splat = @{ + Name = 'ChewDavid' + AccountPassword = (Read-Host -AsSecureString 'AccountPassword') + Enabled = $true +} +New-ADUser @splat +``` + +This command creates a new user named ChewDavid and sets the account password. + +## PARAMETERS + +### -AccountExpirationDate + +Specifies the expiration date for an account. This parameter sets the **AccountExpirationDate** +property of an account object. The LDAP display name (**ldapDisplayName**) for this property is +`accountExpires`. Use the **DateTime** syntax when you specify this parameter. Time is assumed to be +local time unless otherwise specified. When a time value is not specified, the time is assumed to +12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountNotDelegated + +Indicates whether the security context of the user is delegated to a service. When this parameter is +set to `$true`, the security context of the account is not delegated to a service even when the +service account is set as trusted for Kerberos delegation. This parameter sets the +**AccountNotDelegated** property for an Active Directory account. This parameter also sets the +**ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. + +The acceptable values for this parameter are: + +- `$false` or 0 +- `$true` or 1 + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccountPassword + +Specifies a new password value for an account. + +This value is stored as an encrypted string. + +The following conditions apply based on the manner in which the password parameter is used: + +- $Null password is specified: No password is set and the account is disabled unless it is requested + to be enabled. +- No password is specified: No password is set and the account is disabled unless it is requested to + be enabled. +- User password is specified: Password is set and the account is disabled unless it is requested to + be enabled. + +User accounts, by default, are created without a password. If you provide a password, an attempt +will be made to set that password however, this can fail due to password policy restrictions. The +user account will still be created and you may use `Set-ADAccountPassword` to set the password on +that account. In order to ensure that accounts remain secure, user accounts will never be enabled +unless a valid password is set or **PasswordNotRequired** is set to `$true`. + +The account is created if the password fails for any reason. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllowReversiblePasswordEncryption + +Indicates whether reversible password encryption is allowed for the account. This parameter sets the +**AllowReversiblePasswordEncryption** property of the account. This parameter also sets the +**ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED** flag of the Active Directory User Account Control (UAC) +attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationPolicy + +Specifies an Active Directory Domain Services authentication policy object. Specify the +authentication policy object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds +two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo + +Specifies an Active Directory Domain Services authentication policy silo object. + +Specify the authentication policy silo object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds +two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthType + +Specifies the authentication method to use. The acceptable values for this parameter are: + +- `Negotiate` or `0` +- `Basic` or `1` + +The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required +for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CannotChangePassword + +Indicates whether the account password can be changed. This parameter sets the +**CannotChangePassword** property of an account. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Certificates + +Specifies the DER-encoded X.509v3 certificates of the account. These certificates include the public +key certificates issued to this account by the Microsoft Certificate Service. This parameter sets +the Certificates property of the account object. The LDAP display name (**ldapDisplayName**) for +this property is `userCertificate`. + +```yaml +Type: X509Certificate[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ChangePasswordAtLogon + +Indicates whether a password must be changed during the next logon attempt. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +This parameter cannot be set to `$true` or 1 for an account that also has the +**PasswordNeverExpires** property set to `$true`. + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -City + +Specifies the user's town or city. This parameter sets the **City** property of a user object. The +LDAP display name (**ldapDisplayName**) of this property is `l`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Company + +Specifies the user's company. This parameter sets the **Company** property of a user object. The +LDAP display name (**ldapDisplayName**) of this property is `company`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported + +Specifies whether an account supports Kerberos service tickets which includes the authorization data +for the user's device. This value sets the compound identity supported flag of the Active Directory +`msDS-SupportedEncryptionTypes` attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +> [!WARNING] +> Domain-joined Windows systems and services such as clustering manage their own +> `msDS-SupportedEncryptionTypes` attribute. Therefore any changes to the flag on the +> `msDS-SupportedEncryptionTypes` attribute are overwritten by the service or system that manages +> the setting. + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Country + +Specifies the country or region code for the user's language of choice. This parameter sets the +**Country** property of a user object. The LDAP display name (**ldapDisplayName**) of this property +is `c`. + +This value is not used by Windows 2000. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory +PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated +with the drive is the default. To specify this parameter, you can type a user name, such as User1 or +Domain01\User01 or you can specify a **PSCredential** object. + +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory PowerShell returns a terminating error. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Department + +Specifies the user's department. This parameter sets the **Department** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is `department`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description + +Specifies a description of the object. This parameter sets the value of the **Description** property +for the user object. The LDAP display name (**ldapDisplayName**) for this property is `description`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName + +Specifies the display name of the object. This parameter sets the **DisplayName** property of the +user object. The LDAP display name (**ldapDisplayName**) for this property is `displayName`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Division + +Specifies the user's division. This parameter sets the **Division** property of a user object. The +LDAP display name (**ldapDisplayName**) of this property is `division`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EmailAddress + +Specifies the user's e-mail address. This parameter sets the **EmailAddress** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `mail`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EmployeeID + +Specifies the user's employee ID. This parameter sets the **EmployeeID** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is `employeeID`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EmployeeNumber + +Specifies the user's employee number. This parameter sets the **EmployeeNumber** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `employeeNumber`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Enabled + +Specifies if an account is enabled. An enabled account requires a password. This parameter sets the +**Enabled** property for an account object. This parameter also sets the **ADS_UF_ACCOUNTDISABLE** +flag of the Active Directory User Account Control (UAC) attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Fax + +Specifies the user's fax phone number. This parameter sets the **Fax** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is `facsimileTelephoneNumber`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -GivenName + +Specifies the user's given name. This parameter sets the **GivenName** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is `givenName`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomeDirectory + +Specifies a user's home directory. This parameter sets the **HomeDirectory** property of a user +object. The LDAP display name (**ldapDisplayName**) for this property is `homeDirectory`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomeDrive + +Specifies a drive that is associated with the UNC path defined by the **HomeDirectory** property. +The drive letter is specified as `:` where `` indicates the letter of the +drive to associate. The `` must be a single, uppercase letter and the colon is +required. + +This parameter sets the **HomeDrive** property of the user object. The LDAP display name +(**ldapDisplayName**) for this property is `homeDrive`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomePage + +Specifies the URL of the home page of the object. This parameter sets the **homePage** property of a +user object. The LDAP display name (**ldapDisplayName**) for this property is `wWWHomePage`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -HomePhone + +Specifies the user's home telephone number. This parameter sets the **HomePhone** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `homePhone`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Initials + +Specifies the initials that represent part of a user's name. You can use this value for the user's +middle initial. This parameter sets the **Initials** property of a user object. The LDAP display +name (**ldapDisplayName**) of this property is `initials`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Instance + +Specifies an instance of a user object to use as a template for a new user object. You can use an +instance of an existing user object as a template or you can construct a new user object for +template use. You can construct a new user object using the Windows PowerShell command line or by +using a script. + +- Method 1: Use an existing user object as a template for a new object. To retrieve an instance of + an existing user object, use a cmdlet such as `Get-ADUser`. Then provide this object to the + **Instance** parameter of the `New-ADUser` cmdlet to create a new user object. You can override + property values of the new object by setting the appropriate parameters. +- Method 2: Create a new **ADUser** object and set the property values by using the Windows + PowerShell command line interface. Then pass this object to the **Instance** parameter of the + `New-ADUser` cmdlet to create the new Active Directory user object. + +> [!NOTE] +> Specified attributes are not validated, so attempting to set attributes that do not exist or +> cannot be set raises an error. + +```yaml +Type: ADUser +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType + +Specifies whether an account supports Kerberos encryption types which are used during creation of +service tickets. This value sets the encryption types supported flags of the Active Directory +`msDS-SupportedEncryptionTypes` attribute. + +Possible values for this parameter are: + +- `None` +- `DES` +- `RC4` +- `AES128` +- `AES256` + +`None` removes all encryption types from the account, resulting in the KDC being unable to issue +service tickets for services using the account. + +`DES` is a weak encryption type that is not supported by default since Windows 7 and Windows Server +2008 R2. + +> [!WARNING] +> Domain-joined Windows systems and services such as clustering manage their own +> `msDS-SupportedEncryptionTypes` attribute. Therefore any changes to the flag on the +> `msDS-SupportedEncryptionTypes` attribute are overwritten by the service or system that manages +> the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: (All) +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LogonWorkstations + +Specifies the computers that the user can access. To specify more than one computer, create a single +comma-separated list. You can identify a computer by using the Security Account Manager (SAM) +account name (**sAMAccountName**) or the DNS host name of the computer. The SAM account name is the +same as the NetBIOS name of the computer. The LDAP display name (**ldapDisplayName**) for this +property is `userWorkStations`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Manager + +Specifies the user's manager. This parameter sets the **Manager** property of a user object. This +parameter is set by providing one of the following property values. + +The identifier in parentheses is the LDAP display name for the property. The acceptable values for +this parameter are: + +- A distinguished name +- A GUID (`objectGUID`) +- A security identifier (`objectSid`) +- A SAM account name (`sAMAccountName`) + +```yaml +Type: ADUser +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MobilePhone + +Specifies the user's mobile phone number. This parameter sets the **MobilePhone** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `mobile`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name + +Specifies the name of the object. This parameter sets the **Name** property of a user object. The +LDAP display name (**ldapDisplayName**) of this property is `name`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Office + +Specifies the location of the user's office or place of business. This parameter sets the **Office** +property of a user object. The LDAP display name (**ldapDisplayName**) of this property is +`physicalDeliveryOfficeName`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OfficePhone + +Specifies the user's office telephone number. This parameter sets the **OfficePhone** property of a +user object. The LDAP display name (**ldapDisplayName**) of this property is `telephoneNumber`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Organization + +Specifies the user's organization. This parameter sets the **Organization** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `o`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OtherAttributes + +Specifies object attribute values for attributes that are not represented by cmdlet parameters. You +can set one or more parameters at the same time with this parameter. If an attribute takes more than +one value, you can assign multiple values. To identify an attribute, specify the LDAP display name +(**ldapDisplayName**) defined for it in the Active Directory schema. + +To specify a single value for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value}` + +To specify multiple values for an attribute: + +`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}` + +To specify values for multiple attributes: + +`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}` + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OtherName + +Specifies a name in addition to a user's given name and surname, such as the user's middle name. +This parameter sets the **OtherName** property of a user object. The LDAP display name +(**ldapDisplayName**) of this property is `middleName`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. By default, this cmdlet does not +generate any output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires + +Specifies whether the password of an account can expire. This parameter sets the +**PasswordNeverExpires** property of an account object. This parameter also sets the +**ADS_UF_DONT_EXPIRE_PASSWD** flag of the Active Directory User Account Control attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +This parameter cannot be set to `$true` or `1` for an account that also has the +**ChangePasswordAtLogon** property set to `$true`. + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PasswordNotRequired + +Specifies whether the account requires a password. A password is not required for a new account. +This parameter sets the **PasswordNotRequired** property of an account object. + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Path + +Specifies the X.500 path of the OU or container where the new object is created. In many cases, a +default value is used for the **Path** parameter if no value is specified. The rules for determining +the default value are given below. The rules listed first are evaluated first and when a default +value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for **Path** is set in the +following cases: + +- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to + the current path of the provider drive. +- If the cmdlet has a default path, this is used. For example: in New-ADUser, the **Path** parameter + defaults to the Users container. +- If none of the previous cases apply, the default value of **Path** is set to the default partition + or naming context of the target domain. + +In AD LDS environments, a default value for **Path** is set in the following cases: + +- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter + is set to the current path of the provider drive. +- If the cmdlet has a default path, this is used. For example: in `New-ADUser`, the **Path** + parameter defaults to the Users container. +- If the target AD LDS instance has a default naming context, the default value of _Path_ is set to + the default naming context. To specify a default naming context for an AD LDS environment, set the + `msDS-defaultNamingContext` property of the Active Directory directory service agent object + (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Path** parameter does not take any default value. + +> [!NOTE] +> The Active Directory Provider cmdlets, such as `New-Item`, `Remove-Item`, `Remove-ItemProperty`, +> `Rename-Item`, and `Set-ItemProperty` also contain a **Path** property. However, for the Active +> Directory Provider cmdlets, the **Path** parameter identifies the path of the actual object rather +> than the container. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -POBox + +Specifies the user's post office box number. This parameter sets the **POBox** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `postOfficeBox`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PostalCode + +Specifies the user's postal code or zip code. This parameter sets the **PostalCode** property of a +user object. The LDAP display name (**ldapDisplayName**) of this property is `postalCode`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount + +Specifies an array of principal objects. This parameter sets the +`msDS-AllowedToActOnBehalfOfOtherIdentity` attribute of a computer account object. + +```yaml +Type: ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ProfilePath + +Specifies a path to the user's profile. This value can be a local absolute path or a Universal +Naming Convention (UNC) path. This parameter sets the **ProfilePath** property of the user object. +The LDAP display name (**ldapDisplayName**) for this property is `profilePath`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SamAccountName + +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service +account. The maximum length of the description is 256 characters. To be compatible with older +operating systems, create a SAM account name that is 20 characters or less. This parameter sets the +**SAMAccountName** for an account object. The LDAP display name (**ldapDisplayName**) for this +property is `sAMAccountName`. + +> [!NOTE] +> Information the user should notice even if skimmingIf the string value provided is not terminated +> with a `$` character, the system adds one if needed. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ScriptPath + +Specifies a path to the user's log on script. This value can be a local absolute path or a Universal +Naming Convention (UNC) path. This parameter sets the **ScriptPath** property of the user object. +The LDAP display name (**ldapDisplayName**) for this property is `scriptPath`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Server + +Specifies the AD DS instance to connect to, by providing one of the following values for a +corresponding domain name or directory server. The service may be any of the following: AD LDS, AD +DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when + the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames + +Specifies the service principal names for the account. This parameter sets the +**ServicePrincipalNames** property of the account. The LDAP display name (**ldapDisplayName**) for +this property is servicePrincipalName. To enter multiple values, use the following syntax: +`,,...`. If the values contain spaces or otherwise require quotation marks, +use the following syntax: `'','',...''`. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SmartcardLogonRequired + +Specifies whether a smart card is required to logon. This parameter sets the +**SmartCardLoginRequired** property for a user object. This parameter also sets the +**ADS_UF_SMARTCARD_REQUIRED** flag of the Active Directory User Account Control attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -State + +Specifies the user's or Organizational Unit's state or province. This parameter sets the **State** +property of a user object. The LDAP display name (**ldapDisplayName**) of this property is `st`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -StreetAddress + +Specifies the user's street address. + +This parameter sets the **StreetAddress** property of a user object. The LDAP display name +(**ldapDisplayName**) of this property is streetAddress. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Surname + +Specifies the user's last name or surname. This parameter sets the **Surname** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `sn`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Title + +Specifies the user's title. + +This parameter sets the **Title** property of a user object. The LDAP display name +(**ldapDisplayName**) of this property is `title`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TrustedForDelegation + +Indicates whether an account is trusted for Kerberos delegation. A service that runs under an +account that is trusted for Kerberos delegation can assume the identity of a client requesting the +service. This parameter sets the **TrustedForDelegation** property of an account object. This value +also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control +attribute. + +The acceptable values for this parameter are: + +- `$false` or `0` +- `$true` or `1` + +```yaml +Type: System.Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Type + +Specifies the type of object to create. Set the **Type** parameter to the LDAP display name of the +Active Directory schema class that represents the type of object that you want to create. The +selected type must be a subclass of the User schema class. If this parameter is not specified it +defaults to `User`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -UserPrincipalName + +Specifies a user principal name (UPN) in the format `@`. A UPN is a friendly +name assigned by an administrator that is shorter than the LDAP distinguished name used by the +system and easier to remember. The UPN is independent of the user object's distinguished name, so a +user object can be moved or renamed without affecting the user logon name. When signing on using a +UPN, users no longer have to choose a domain from a list on the logon dialog box. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADUser + +A user object that is a template for the new user object is received by the **Instance** parameter. + +## OUTPUTS + +### None + +By default, this cmdlet does not generate any output. + +### Microsoft.ActiveDirectory.Management.ADUser + +Returns the new user object when the **PassThru** parameter is specified. + +## NOTES + +- This cmdlet does not work with an Active Directory snapshot. +- This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADUser](./Get-ADUser.md) + +[Remove-ADUser](./Remove-ADUser.md) + +[Set-ADUser](./Set-ADUser.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicy.md b/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicy.md new file mode 100644 index 0000000000..7929a6ec5d --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicy.md @@ -0,0 +1,208 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADAuthenticationPolicy +--- + +# Remove-ADAuthenticationPolicy + +## SYNOPSIS +Removes an Active Directory Domain Services authentication policy object. + +## SYNTAX + +``` +Remove-ADAuthenticationPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADAuthenticationPolicy** cmdlet removes an Active Directory® Domain Services authentication policy. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy to remove. +You can identify an authentication policy by its distinguished name, GUID or name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the *Identity* parameter. + +## EXAMPLES + +### Example 1: Remove an authentication policy by specifying a name +``` +PS C:\> Remove-ADAuthenticationPolicy -Identity AuthenticationPolicy01 +``` + +This command removes the authentication policy specified by the *Identity* parameter. + +### Example 2: Remove multiple authentication policies +``` +PS C:\> Get-ADAuthenticationPolicy -Filter 'Enforce -eq $false' | Remove-ADAuthenticationPolicy +``` + +This command uses the **Get-ADAuthenticationPolicy** cmdlet with the *Filter* parameter to get all authentication policies that are not enforced. +The pipeline operator then passes the result of the filter to the **Remove-ADAuthenticationPolicy** cmdlet. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy +This cmdlet accepts an authentication policy object. + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicy](./Get-ADAuthenticationPolicy.md) + +[New-ADAuthenticationPolicy](./New-ADAuthenticationPolicy.md) + +[Set-ADAuthenticationPolicy](./Set-ADAuthenticationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicySilo.md b/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicySilo.md new file mode 100644 index 0000000000..ff9ba9a1d1 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADAuthenticationPolicySilo.md @@ -0,0 +1,217 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adauthenticationpolicysilo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADAuthenticationPolicySilo +--- + +# Remove-ADAuthenticationPolicySilo + +## SYNOPSIS +Removes an Active Directory Domain Services authentication policy silo object. + +## SYNTAX + +``` +Remove-ADAuthenticationPolicySilo [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADAuthenticationPolicySilo** cmdlet removes an Active Directory® Domain Services authentication policy silo object. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy silo to remove. +You can identify an authentication policy silo by its distinguished name, GUID or name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy silo object to the *Identity* parameter. + +## EXAMPLES + +### Example 1: Remove an authentication policy silo object +``` +PS C:\> Remove-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo01 +``` + +This command removes the authentication policy silo object named AuthenticationPolicySilo01. + +### Example 2: Remove all authentication policy silo objects that match a filter +``` +PS C:\> Get-ADAuthenticationPolicySilo -Filter 'Enforce -eq $False' | Remove-ADAuthenticationPolicySilo +``` + +This command uses the Get-ADAuthenticationPolicySilo cmdlet with the Filter parameter to get all authentication policy silos that are not enforced. +The pipeline operator then passes the result of the filter to the **Remove-ADAuthenticationPolicySilo** cmdlet. + +### Example 3: Remove all matching authentication policy silos without confirmation +``` +PS C:\> Get-ADAuthenticationPolicySilo -Filter 'Enforce -eq $False' | Remove-ADAuthenticationPolicySilo -Confirm:$False +``` + +This command uses the **Get-ADAuthenticationPolicySilo** cmdlet with the Filter parameter to get all authentication policy silos that are not enforced. +The pipeline operator then passes the result of the filter to the **Remove-ADAuthenticationPolicySilo** cmdlet. +However, because the *Confirm* parameter is set to $False, no confirmation messages appear. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo +This cmdlet accepts an authentication policy silo object. + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicySilo](./Get-ADAuthenticationPolicySilo.md) + +[New-ADAuthenticationPolicySilo](./New-ADAuthenticationPolicySilo.md) + +[Set-ADAuthenticationPolicySilo](./Set-ADAuthenticationPolicySilo.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicy.md b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicy.md new file mode 100644 index 0000000000..1522e29d3c --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicy.md @@ -0,0 +1,207 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adcentralaccesspolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADCentralAccessPolicy +--- + +# Remove-ADCentralAccessPolicy + +## SYNOPSIS +Removes a central access policy from Active Directory. + +## SYNTAX + +``` +Remove-ADCentralAccessPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADCentralAccessPolicy** cmdlet can be used to remove a central access policy from Active Directory. + +## EXAMPLES + +### Example 1: Remove a central access policy by name +``` +PS C:\> Remove-ADCentralAccessPolicy -Identity "Finance Policy" +``` + +This command removes the central access policy named Finance Policy. + +### Example 2: Remove all central access policies using a filter +``` +PS C:\> Get-ADCentralAccessPolicy -Filter 'Name -Like "Finance*"' | Remove-ADCentralAccessPolicy +``` + +This command gets all resource property lists whose name starts with Finance and then remove them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A SAM Account Name (sAMAccountName) + +```yaml +Type: ADCentralAccessPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +An Active Directory object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADCentralAccessPolicy](./Get-ADCentralAccessPolicy.md) + +[New-ADCentralAccessPolicy](./New-ADCentralAccessPolicy.md) + +[Set-ADCentralAccessPolicy](./Set-ADCentralAccessPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicyMember.md b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicyMember.md new file mode 100644 index 0000000000..415a1b8283 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessPolicyMember.md @@ -0,0 +1,256 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adcentralaccesspolicymember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADCentralAccessPolicyMember +--- + +# Remove-ADCentralAccessPolicyMember + +## SYNOPSIS +Removes central access rules from a central access policy in Active Directory. + +## SYNTAX + +``` +Remove-ADCentralAccessPolicyMember [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Members] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Remove-ADCentralAccessPolicyMember** cmdlet removes central access rules from a central access policy in Active Directory. + +## EXAMPLES + +### Example 1: Remove a resource property from a central access policy +``` +PS C:\> Remove-ADCentralAccessPolicyMember -Identity "Finance Policy" -Members "Finance Documents Rule" +``` + +This command removes the resource property named Finance Documents Rule from the central access policy named Finance Policy. + +### Example 2: Remove central access rules from a central access policy +``` +PS C:\> Remove-ADCentralAccessPolicyMember -Identity "Finance Policy" -Members "Finance Documents Rule","Corporate Documents Rule" +``` + +This command removes the central access rules named Finance Documents Rule and Corporate Documents Rule from the central access policy Finance Policy. + +### Example 3: Get central access policies using a filter then remove specified central access rules from those policies +``` +PS C:\> Get-ADCentralAccessPolicy -Filter "Name -like 'Corporate*'" | Remove-ADCentralAccessPolicyMember -Members "Finance Documents Rule","Corporate Documents Rule" +``` + +This command gets the central access policies that begin with Corporate in its name, and then pipes that result to the **Remove-ADCentralAccessPolicyMember**, which then removes the central access rules named Finance Documents Rule and Corporate Documents Rule from the policies. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADCentralAccessPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Members +Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central access policy. + +To identify each object, use one of the following property values: + +- Name +- A distinguished name +- GUID (objectGUID) + +Note: The identifier in parentheses is the LDAP display name. + +You can also provide objects to this parameter directly. + +```yaml +Type: ADCentralAccessRule[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +An **ADCentralAccessPolicy** object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.ADCentralAccessPolicy +This cmdlet returns the modified **ADCentralAccessPolicy** object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work with an Active Directory snapshot. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADCentralAccessPolicyMember](./Add-ADCentralAccessPolicyMember.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessRule.md b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessRule.md new file mode 100644 index 0000000000..b9ea22e98b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADCentralAccessRule.md @@ -0,0 +1,209 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adcentralaccessrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADCentralAccessRule +--- + +# Remove-ADCentralAccessRule + +## SYNOPSIS +Removes a central access rule from Active Directory. + +## SYNTAX + +``` +Remove-ADCentralAccessRule [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADCentralAccessRule** cmdlet can be used to remove a central access rule from Active Directory. + +## EXAMPLES + +### Example 1: Remove a specific central access rule +``` +PS C:\> Remove-ADCentralAccessRule -Identity "Finance Documents Rule" +``` + +This command removes the specified central access rule, Finance Documents Rule. + +### Example 2: Remove all central access rules using a filter +``` +PS C:\> Get-ADCentralAccessRule -Filter "ResourceCondition -like '*Department*'" | Remove-ADCentralAccessRule +``` + +This command removes the central access rules with Department in their resource conditions. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADCentralAccessRule +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry +An Active Directory object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$false` when using this cmdlet. + +## RELATED LINKS + +[Get-ADCentralAccessRule](./Get-ADCentralAccessRule.md) + +[New-ADCentralAccessRule](./New-ADCentralAccessRule.md) + +[Set-ADCentralAccessRule](./Set-ADCentralAccessRule.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADClaimTransformPolicy.md b/docset/winserver2025-ps/activedirectory/Remove-ADClaimTransformPolicy.md new file mode 100644 index 0000000000..1ff2455f40 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADClaimTransformPolicy.md @@ -0,0 +1,217 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adclaimtransformpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADClaimTransformPolicy +--- + +# Remove-ADClaimTransformPolicy + +## SYNOPSIS +Removes a claim transformation policy object from Active Directory. + +## SYNTAX + +``` +Remove-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADClaimTransformPolicy** cmdlet can be used to remove a claim transformation policy object from Active Directory. + +## EXAMPLES + +### Example 1: Remove a claims transformation policy by name +``` +PS C:\> Remove-ADClaimTransformPolicy -Identity DenyAllPolicy +``` + +This command removes the claims transformation policy with the name DenyAllPolicy. + +### Example 2: Get all claims transformation policies using a filter then remove them +``` +PS C:\> Get-ADClaimTransformPolicy -Filter "Description -eq 'For testing only.'" | Remove-ADClaimTransformPolicy +``` + +This command gets all claims transformation policies that were marked in their description as for testing only and removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADClaimTransformPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +A claim transform policy object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADClaimTransformPolicy](./Get-ADClaimTransformPolicy.md) + +[New-ADClaimTransformPolicy](./New-ADClaimTransformPolicy.md) + +[Set-ADClaimTransformPolicy](./Set-ADClaimTransformPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADClaimType.md b/docset/winserver2025-ps/activedirectory/Remove-ADClaimType.md new file mode 100644 index 0000000000..97a2f73452 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADClaimType.md @@ -0,0 +1,221 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adclaimtype?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADClaimType +--- + +# Remove-ADClaimType + +## SYNOPSIS +Removes a claim type from Active Directory. + +## SYNTAX + +``` +Remove-ADClaimType [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Force] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADClaimType** cmdlet can be used to remove a claim type from Active Directory. + +## EXAMPLES + +### Example 1: Remove a claim type by name +``` +PS C:\> Remove-ADClaimType -Identity Title +``` + +This command removes the claim type with the name Title. + +### Example 2: Get all disabled claim types and remove them +``` +PS C:\> Get-ADClaimType -Filter "Enabled -eq `$False" | Remove-ADClaimType +``` + +This command gets all the disabled claim types and remove them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADClaimType +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADClaimType](./Get-ADClaimType.md) + +[New-ADClaimType](./New-ADClaimType.md) + +[Set-ADClaimType](./Set-ADClaimType.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADComputer.md b/docset/winserver2025-ps/activedirectory/Remove-ADComputer.md new file mode 100644 index 0000000000..0aa584ea45 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADComputer.md @@ -0,0 +1,282 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adcomputer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADComputer +--- + +# Remove-ADComputer + +## SYNOPSIS +Removes an Active Directory computer. + +## SYNTAX + +``` +Remove-ADComputer [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADComputer** cmdlet removes an Active Directory computer. + +The *Identity* parameter specifies the Active Directory computer to remove. +You can identify a computer by its distinguished name, GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to a computer object variable, such as `$`, or you can pass a computer object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADComputer** cmdlet to retrieve a computer object and then pass the object through the pipeline to the Remove-ADComputer cmdlet. + +## EXAMPLES + +### Example 1: Remove a specified computer from Active Directory +``` +PS C:\> Remove-ADComputer -Identity "USER04-SRV4" +``` + +This command removes a specified computer from Active Directory. + +### Example 2: Remove all computers from a specified location using a filter +``` +PS C:\> Get-ADComputer -Filter 'Location -eq "NA/HQ/Building A"' | Remove-ADComputer + + +Confirm +Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=LabServer-01,CN=Computers,DC=Fabrikam,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a +``` + +This command removes all computers in the location specified by using the *Filter* parameter. + +### Example 3: Remove all computers from a specified location using a filter +``` +PS C:\> Get-ADComputer -Filter 'Location -eq "NA/HQ/Building A"' | Remove-ADComputer -Confirm:$False +``` + +This command removes all computers from the location specified by using the *Filter* parameter. +The command does not prompt you for confirmation. + +### Example 4: Remove a computer and all leaf objects that are located under a specified directory +``` +PS C:\> Get-ADComputer -Identity "USER01-SRV4" | Remove-ADObject -Recursive +``` + +This command removes a computer and all leaf objects that are located underneath it in the directory. +Note that only a few computer objects create child objects, such as servers running the Clustering service. +This example can be useful for removing those objects and any child objects owned by and associated with them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: True +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory computer object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Accounts Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If the identifier given is a distinguished name, the partition to search is computed from that distinguished name. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. + +```yaml +Type: ADComputer +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +A computer object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[New-ADComputer](./New-ADComputer.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[Set-ADComputer](./Set-ADComputer.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADComputerServiceAccount.md b/docset/winserver2025-ps/activedirectory/Remove-ADComputerServiceAccount.md new file mode 100644 index 0000000000..f27364efc8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADComputerServiceAccount.md @@ -0,0 +1,299 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adcomputerserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADComputerServiceAccount +--- + +# Remove-ADComputerServiceAccount + +## SYNOPSIS +Removes one or more service accounts from a computer. + +## SYNTAX + +``` +Remove-ADComputerServiceAccount [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-PassThru] [-Server ] + [-ServiceAccount] [] +``` + +## DESCRIPTION +The **Remove-ADComputerServiceAccount** cmdlet removes service accounts from an Active Directory computer. + +The *Identity* parameter specifies the Active Directory computer that contains the service accounts to remove. +You can identify a computer by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to a computer object variable, such as `$`, or pass a computer object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADComputer** cmdlet to retrieve a computer object and then pass the object through the pipeline to the **Remove-ADComputerServiceAccount** cmdlet. + +The *ServiceAccount* parameter specifies the service accounts to remove. +You can identify a service account by its distinguished name, GUID, security identifier (SID) or security accounts manager (SAM) account name. +You can also specify service account object variables, such as `$`. +If you are specifying more than one service account, use a comma-separated list. + +## EXAMPLES + +### Example 1: Remove a service account +``` +PS C:\> Remove-ADComputerServiceAccount -Identity ComputerAcct1 -ServiceAccount SvcAcct1 +``` + +This command removes a service account SvcAcct1 from a Computer Account ComputerAcct1. + +### Example 2: Remove multiple service accounts +``` +PS C:\> Remove-ADComputerServiceAccount -Identity ComputerAcct1 -ServiceAccount SvcAcct1,SvcAcct2 +``` + +This command removes service accounts SvcAcct1 and SvcAcct2 from a Computer Account ComputerAcct1. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory computer object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- Security Accounts Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If the identifier given is a distinguished name, the partition to search is computed from that distinguished name. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. + +```yaml +Type: ADComputer +Parameter Sets: (All) +Aliases: Computer + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccount +Specifies one or more Active Directory service accounts. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +```yaml +Type: ADServiceAccount[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +A computer object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +Returns an object that represents the modified computer object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. +* This cmdlet does not work with an Active Directory snapshot. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADDomainControllerPasswordReplicationPolicy.md b/docset/winserver2025-ps/activedirectory/Remove-ADDomainControllerPasswordReplicationPolicy.md new file mode 100644 index 0000000000..b406e14a9b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADDomainControllerPasswordReplicationPolicy.md @@ -0,0 +1,308 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-addomaincontrollerpasswordreplicationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADDomainControllerPasswordReplicationPolicy +--- + +# Remove-ADDomainControllerPasswordReplicationPolicy + +## SYNOPSIS +Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy. + +## SYNTAX + +### AllowedPRP +``` +Remove-ADDomainControllerPasswordReplicationPolicy [-WhatIf] [-Confirm] -AllowedList + [-AuthType ] [-Credential ] [-Identity] [-PassThru] + [-Server ] [] +``` + +### DeniedPRP +``` +Remove-ADDomainControllerPasswordReplicationPolicy [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] -DeniedList [-Identity] [-PassThru] + [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADDomainControllerPasswordReplicationPolicy** cmdlet removes one or more users, computers, and groups from the allowed or denied list of a read-only domain controller (RODC) password replication policy. + +The *Identity* parameter specifies the RODC that uses the allowed and denied lists to apply the password replication policy. +You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. +You can also identify a domain controller by the name of the server object that represents the domain controller, the distinguished name of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the distinguished name of the computer object that represents the domain controller. +You can also set the *Identity* parameter to a domain controller object variable, such as `$`, or pass a domain controller object through the pipeline operator to the *Identity* parameter. +For example, you can use the **Get-ADDomainController** cmdlet to retrieve a domain controller object and then pass the object through the pipeline operator to the **Remove-ADDomainControllerPasswordReplicationPolicy** cmdlet. +You must provide a read-only domain controller. + +The *AllowedList* parameters specify the users, computers and groups to remove from the allowed list. +Similarly, the *DeniedList* parameter specifies the users, computers and groups to remove from the denied list. +You must specify either one or both of the *AllowedList* and *DeniedList* parameters. +You can identify a user, computer or group by distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. +You can also specify user, computer or group variables, such as `$`. +If you are specifying more than one item, use a comma-separated list. + +## EXAMPLES + +### Example 1: Remove specific users from the Allowed list on a RODC +``` +PS C:\> Remove-ADDomainControllerPasswordReplicationPolicy -Identity "USER01-RODC1" -AllowedList "PattiFuller", "DavidChew" +``` + +This command removes the users with samAccountNames PattiFuller and DavidChew from the Allowed list on the RODC USER01-RODC1. + +### Example 2: Remove specific users from the Denied list on a RODC +``` +PS C:\> Remove-ADDomainControllerPasswordReplicationPolicy -Identity "USER01-RODC1" -DeniedList "ElisaDaugherty", "EvanNarvaez" +``` + +This command removes the users with samAccountNames Elisa Daugherty and Evan Narvaez from the Denied list on the RODC FABRIKAM-RODC1. + +## PARAMETERS + +### -AllowedList +Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to replicate their passwords to this RODC. +You can specify more than one value by using a comma-separated list. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Accounts Manager (SAM) account name (sAMAccountName) + +```yaml +Type: ADPrincipal[] +Parameter Sets: AllowedPRP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +Specifies the credentials for the security context under which the task is performed. +If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. +If running under the context of an Active Directory module for Windows PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeniedList +Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this RODC. +You can specify more than one value by using a comma-separated list. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +```yaml +Type: ADPrincipal[] +Parameter Sets: DeniedPRP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain controller object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A GUID (objectGUID) +- An IPV4Address +- A Global IPV6Address +- A DNS Host Name (dNSHostName) +- A name of the server object +- A distinguished name of the NTDS Settings object +- A distinguished name of the server object that represents the domain controller +- A GUID of NTDS settings object under the configuration partition +- A GUID of server object under the configuration partition +- A distinguished name of the computer object that represents the domain controller + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADDomainController +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomainController +A read-only domain controller object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomainController +This cmdlet returns the modified read-only domain controller object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADDomainControllerPasswordReplicationPolicy](./Add-ADDomainControllerPasswordReplicationPolicy.md) + +[Get-ADDomainController](./Get-ADDomainController.md) + +[Get-ADDomainControllerPasswordReplicationPolicy](./Get-ADDomainControllerPasswordReplicationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicy.md new file mode 100644 index 0000000000..0f8d37f1ac --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicy.md @@ -0,0 +1,224 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adfinegrainedpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADFineGrainedPasswordPolicy +--- + +# Remove-ADFineGrainedPasswordPolicy + +## SYNOPSIS +Removes an Active Directory fine-grained password policy. + +## SYNTAX + +``` +Remove-ADFineGrainedPasswordPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADFineGrainedPasswordPolicy** cmdlet removes an Active Directory fine-grained password policy. + +The *Identity* parameter specifies the Active Directory fine-grained password policy to remove. +You can identify a fine-grained password policy by its distinguished name or GUID. +You can also set the *Identity* parameter to a fine-grained password object variable, such as `$`, or you can pass a fine-grained password policy object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADFineGrainedPasswordPolicy** cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the **Remove-ADFineGrainedPasswordPolicy** cmdlet. + +## EXAMPLES + +### Example 1: Remove a fine-grained password policy object by name +``` +PS C:\> Remove-ADFineGrainedPasswordPolicy -Identity MyPolicy +``` + +This command removes the fine-grained password policy object named MyPolicy. + +### Example 2: Remove a fine-grained password policy object by distinguished name +``` +PS C:\> Remove-ADFineGrainedPasswordPolicy -Identity 'CN=MyPolicy,CN=Password Settings Container,CN=System,DC=USER01,DC=COM' +``` + +This command removes the fine-grained password policy object with DistinguishedName CN=MyPolicy,CN=Password Settings Container,CN=System,DC=USER01,DC=COM. + +### Example 3: Remove fine-grained password policy objects that contains a specified string +``` +PS C:\> Get-ADFineGrainedPasswordPolicy -Filter "Name -like '*user*'" | Remove-ADFineGrainedPasswordPolicy +``` + +This command removes all fine-grained password policy objects that contain user in their names. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory fine-grained password policy object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name (distinguishedName) +- A GUID (objectGUID) +- A Name (name) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADFineGrainedPasswordPolicy](./Get-ADFineGrainedPasswordPolicy.md) + +[New-ADFineGrainedPasswordPolicy](./New-ADFineGrainedPasswordPolicy.md) + +[Set-ADFineGrainedPasswordPolicy](./Set-ADFineGrainedPasswordPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicySubject.md b/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicySubject.md new file mode 100644 index 0000000000..77ebcfd48d --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADFineGrainedPasswordPolicySubject.md @@ -0,0 +1,298 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adfinegrainedpasswordpolicysubject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADFineGrainedPasswordPolicySubject +--- + +# Remove-ADFineGrainedPasswordPolicySubject + +## SYNOPSIS +Removes one or more users from a fine-grained password policy. + +## SYNTAX + +``` +Remove-ADFineGrainedPasswordPolicySubject [-WhatIf] [-Confirm] [-AuthType ] + [-Credential ] [-Identity] [-Partition ] [-PassThru] + [-Server ] [-Subjects] [] +``` + +## DESCRIPTION +The **Remove-ADFineGrainedPasswordPolicySubject** cmdlet removes one or more global security groups and users from a fine-grained password policy. + +The *Identity* parameter specifies the fine-grained password policy. +You can identify a fine-grained password policy by its distinguished name or GUID. +You can also set the *Identity* parameter to a fine-grained password policy object variable, such as `$`, or pass a fine-grained password policy object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADFineGrainedPasswordPolicy** cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline to the **Remove-ADFineGrainedPasswordPolicySubject** cmdlet. + +The **Subjects** parameter specifies the users and groups to remove from the password policy. +You can identify a user or group by its distinguished name (DN), GUID, security identifier (SID), Security Account Manager (SAM) account name, or canonical name. +You can also specify user or group object variables, such as `$`. +If you are specifying more than one user or group, use a comma-separated list. + +## EXAMPLES + +### Example 1: Remove a fine-grained password policy subject from multiple users +``` +PS C:\> Remove-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects BobKe,KimAb +``` + +This command removes the fine-grained password policy subject named DlgtdAdminsPSO from the users with SAM account names BobKe and KimAb. + +### Example 2: Remove fine-grained password policy subjects by name +``` +PS C:\> Get-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO | where {$_.Name -like "*Price"} | Remove-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO +``` + +This command removes any subjects that have names ending with Price from the name list on which the fine-grained password policy named DlgtdAdminsPSO applies. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory fine-grained password policy object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A name (name) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Subjects +Specifies one or more users or groups. +To specify more than one user or group, use a comma-separated list. +You can identify a user or group by one of the following property values: + +- Distinguished Name (DN) +- GUID (objectGUID) +- Security Identifier (objectSid) +- SAM Account Name (sAMAccountName) + +Note: The identifier in parentheses is the LDAP display name for the attribute. + +You can also provide objects to this parameter directly. + +```yaml +Type: ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +Returns an object that represents the modified fine-grained password policy object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory Snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADFineGrainedPasswordPolicySubject](./Add-ADFineGrainedPasswordPolicySubject.md) + +[Get-ADFineGrainedPasswordPolicySubject](./Get-ADFineGrainedPasswordPolicySubject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADGroup.md b/docset/winserver2025-ps/activedirectory/Remove-ADGroup.md new file mode 100644 index 0000000000..cdf7b3c9c8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADGroup.md @@ -0,0 +1,272 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADGroup +--- + +# Remove-ADGroup + +## SYNOPSIS +Removes an Active Directory group. + +## SYNTAX + +``` +Remove-ADGroup [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADGroup** cmdlet removes an Active Directory group object. +You can use this cmdlet to remove security and distribution groups. + +The *Identity* parameter specifies the Active Directory group to remove. +You can identify a group by its distinguished name, GUID, security identifier, Security Account Manager (SAM) account name, or canonical name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADGroup** cmdlet to retrieve a group object and then pass the object through the pipeline to the **Remove-ADGroup** cmdlet. + +If the **ADGroup** is being identified by its distinguished name, the *Partition* parameter is automatically determined. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Remove a group by name +``` +PS C:\> Remove-ADGroup -Identity SanjaysReports +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "CN=SanjayReports,DC=Fabrikam,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): +``` + +This command removes the group that has SAM account name SanjaysReports. + +### Example 2: Get filtered groups and remove them +``` +PS C:\> Get-ADGroup -Filter 'Name -like "Sanjay*"' | Remove-ADGroup +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "CN=SanjaysReports,DC=Fabrikam,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): +``` + +This command gets all groups whose name starts with Sanjay and then removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Account Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADGroup +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* will be set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory Snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[New-ADGroup](./New-ADGroup.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Set-ADGroup](./Set-ADGroup.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADGroupMember.md b/docset/winserver2025-ps/activedirectory/Remove-ADGroupMember.md new file mode 100644 index 0000000000..f884ae0da0 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADGroupMember.md @@ -0,0 +1,382 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 06/11/2021 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adgroupmember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADGroupMember +--- + +# Remove-ADGroupMember + +## SYNOPSIS +Removes one or more members from an Active Directory group. + +## SYNTAX + +``` +Remove-ADGroupMember [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Members] [-Partition ] [-PassThru] [-Server ] + [-DisablePermissiveModify] [] +``` + +## DESCRIPTION +The **Remove-ADGroupMember** cmdlet removes one or more users, groups, service accounts, or computers from an Active Directory group. + +The *Identity* parameter specifies the Active Directory group that contains the members to remove. +You can identify a group by its distinguished name, GUID, security identifier, or Security Account Manager (SAM) account name. +You can also specify a group object variable, such as `$`, or pass a group object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADGroup** cmdlet to retrieve a group object and then pass the object through the pipeline to the Remove-ADGroupMember cmdlet. + +The *Members* parameter specifies the users, computers and groups to remove from the group specified by the *Identity* parameter. +You can identify a user, computer or group by its distinguished name, GUID, security identifier, or SAM account name. +You can also specify user, computer, and group object variables, such as `$`. +If you are specifying more than one new member, use a comma-separated list. +You cannot pass user, computer, or group objects through the pipeline to this cmdlet. +To remove user, computer, or group objects from a group by using the pipeline, use the Remove-ADPrincipalGroupMembership cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Remove a member from a group +``` +PS C:\> Remove-ADGroupMember -Identity DocumentReaders -Members DavidChew +Confirm +Are you sure you want to perform this action? +Performing operation "Set" on Target "CN=DocumentReaders,CN=Users,DC=Fabrikam,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): +``` + +This command removes the user with the SAM account name DavidChew from the group DocumentReaders. + +### Example 2: Remove multiple members from a group +``` +PS C:\> Remove-ADGroupMember -Identity "DocumentReaders" -Members administrator,DavidChew +``` + +This command removes the users with SAM account name administrator and DavidChew from the group DocumentReaders. + +### Example 3: Remove a distinguished user from a group +``` +PS C:\> Get-ADGroup -Server localhost:60000 -Identity CN=AccessControl,DC=AppNC | Remove-ADGroupMember -Members CN=GlenJohn,DC=AppNC +Confirm +Are you sure you want to perform this action? +Performing operation "Set" on Target "CN=AccessControl,DC=AppNC". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): +``` + +This command removes the user with the distinguished name CN=GlenJohn,DC=AppNC from the group AccessControl on an AD LDS instance using the pipeline. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: True +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisablePermissiveModify +Group membership updates use permissive modify by default. This suppresses an error when removing a member that is not member of the group. +When this parameter is used, an error "The specified account name is not a member of the group" is returned. + +This parameter is available in Windows Server 2019 with the September 2020 Updates. + + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Account Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADGroup +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Members +Specifies an array of user, group, and computer objects in a comma-separated list to remove from a group. +To identify each object, use one of the following property values. +Note: The identifier in parentheses is the LDAP display name. +The acceptable values for this parameter are: + +- Distinguished name +- GUID (objectGUID) +- Security identifier (objectSid) +- SAM account name (sAMAccountName) + +You can also provide objects to this parameter directly. + +The following examples show how to specify this parameter. + +This example specifies a user and group to remove by specifying the distinguished name and the SAM account name properties. + +`-Members "CN=SaraDavis,CN=employees,CN=Users,DC=contoso,DC=com", "saradavisreports"` + +This example specifies a user and a group object that are defined in the current Windows PowerShell session as input for the parameter. + +`-Members $userObject, $GroupObject` + +The objects specified for this parameter are processed as **Microsoft.ActiveDirectory.Management.ADPrincipal** objects. +Derived types, such as the following, are also received by this parameter. + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADGroup** + +You cannot pass objects through the pipeline to this parameter. + +```yaml +Type: ADPrincipal[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisablePermissiveModify +Group membership updates use permissive modify by default. This suppresses an error when removing a member that is not member of the group. +When this parameter is used, an error "The specified account name is not a member of the group" is returned. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +Returns the modified group object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADObject.md b/docset/winserver2025-ps/activedirectory/Remove-ADObject.md new file mode 100644 index 0000000000..c4ed224f22 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADObject.md @@ -0,0 +1,359 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADObject +--- + +# Remove-ADObject + +## SYNOPSIS +Removes an Active Directory object. + +## SYNTAX + +``` +Remove-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-IncludeDeletedObjects] [-Partition ] [-Recursive] [-Server ] + [] +``` + +## DESCRIPTION +The **Remove-ADObject** cmdlet removes an Active Directory object. +You can use this cmdlet to remove any type of Active Directory object. + +The *Identity* parameter specifies the Active Directory object to remove. +You can identify an object by its distinguished name or GUID. +You can also set the *Identity* parameter to an Active Directory object variable, such as `$`, or pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADObject** cmdlet to retrieve an object and then pass the object through the pipeline to the **Remove-ADObject** cmdlet. + +If the object you specify to remove has child objects, you must specify the *Recursive* parameter. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except when: + +- Using a distinguished name to identify objects. +The partition is auto-generated from the distinguished name. +- Running cmdlets from an Active Directory provider drive. +The current path is used to set the partition. +- A default naming context or partition is specified. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Remove an object by distinguished name +``` +PS C:\> Remove-ADObject -Identity 'CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM' +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y +``` + +This command removes the object identified by the distinguished name CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM. + +### Example 2: Remove a container and its children +``` +PS C:\> Remove-ADObject -Identity "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" -Recursive +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y +``` + +This command deletes the container with the distinguished name OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. +All the children of the container, including the ones that are protected from accidental deletion, are also deleted. + +### Example 3: Remove an object by GUID +``` +PS C:\> Remove-ADObject -Identity "65511e76-ea80-45e1-bc93-08a78d8c4853" -Confirm:$False +``` + +This command removes the object with the GUID 65511e76-ea80-45e1-bc93-08a78d8c4853 without prompting for confirmation. + +### Example 4: Remove an object from an LDS instance +``` +PS C:\> Remove-ADObject -Identity "CN=InternalApps,DC=AppNC" -Server "FABRIKAM-SRV1:60000" +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "CN=InternalApps,DC=AppNC". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y +``` + +This command removes the object with distinguished name CN=InternalApps,DC=AppNC from an LDS instance. + +### Example 5: Recycle objects in the Recycle Bin +``` +PS C:\> Get-ADObject -Filter 'isDeleted -eq $True -and -not (isRecycled -eq $true) -and name -ne "Deleted Objects" -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects | Remove-ADObject +``` + +This command recycles all the objects in the Recycle Bin that used to be in the container OU=Accounting,DC=Fabrikam,DC=com. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, the Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IncludeDeletedObjects +Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. +When this parameter is specified, the cmdlet uses the following LDAP controls: + +- Show Deleted Objects (1.2.840.113556.1.4.417) +- Show Deactivated Links (1.2.840.113556.1.4.2065) + +Note: If this parameter is not specified, the cmdlet does not return or operate on deleted objects. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Recursive +Indicates that this cmdlet removes the object and any children it contains. + +Note: Specifying this parameter removes all child objects even if there are objects marked with **ProtectedFromAccidentalDeletion**. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object is received by the *Identity* parameter. +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work when connected to a global catalog port. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + +[Sync-ADObject](./Sync-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADOrganizationalUnit.md b/docset/winserver2025-ps/activedirectory/Remove-ADOrganizationalUnit.md new file mode 100644 index 0000000000..75313e32d9 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADOrganizationalUnit.md @@ -0,0 +1,301 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adorganizationalunit?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADOrganizationalUnit +--- + +# Remove-ADOrganizationalUnit + +## SYNOPSIS +Removes an Active Directory organizational unit. + +## SYNTAX + +``` +Remove-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Recursive] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADOrganizationalUnit** cmdlet removes an Active Directory organizational unit (OU). + +The *Identity* parameter specifies the organizational unit to remove. +You can identify an organizational unit by its distinguished name or GUID. +You can also set the parameter to an organizational unit object variable, such as `$` or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADOrganizationalUnit** cmdlet to retrieve the object and then pass the object through the pipeline to the Remove-ADOrganizationalUnit cmdlet. + +If the object you want to remove has child objects, you must specify the *Recursive* parameter. + +If the **ProtectedFromAccidentalDeletion** property of the organizational unit object is set to true, the cmdlet returns a terminating error. + +For AD LDS environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Remove an OU and its children +``` +PS C:\> Remove-ADOrganizationalUnit -Identity "OU=Accounting,DC=FABRIKAM,DC=COM" -Recursive +Are you sure you want to remove the item and all its children? +Performing recursive remove on Target: 'OU=Accounting,DC=Fabrikam,DC=com'. +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help +(default is "Y"):y +``` + +This command removes an OU and all of its children. +If the OU is protected from deletion, then the OU and its children are not deleted. +If the OU is not protected but any of the children are, then the OU and its children are deleted. + +### Example 2: Remove on OU by its GUID +``` +PS C:\> Remove-ADOrganizationalUnit -Identity "1b228aa5-2c14-48b8-ad8a-2685dc22e055" -Confirm:$False +``` + +This command removes an OU that is specified by its objectGUID and suppresses the confirmation prompt. + +### Example 3: Remove a specified OU +``` +PS C:\> Remove-ADOrganizationalUnit -Identity "OU=Accounting,DC=FABRIKAM,DC=COM" +Confirm +Are you sure you want to perform this action? +Performing operation "Remove" on Target "OU=Accounting,DC=Fabrikam,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help +(default is "Y"):y +``` + +This command removes the Accounting OU. + +### Example 4: Remove an OU from an AD LDS instance +``` +PS C:\> Remove-ADOrganizationalUnit -Identity "OU=Managed,DC=AppNC" -Server "FABRIKAM-SRV1:60000" -Confirm:$False +``` + +This command removes an OU from an AD LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +-A distinguished name +-A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADOrganizationalUnit +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Identity* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Recursive +Indicates that this cmdlet removes the OU and any child items it contains. +You must specify this parameter to remove an OU that is not empty. + +Note: Specifying this parameter removes all child objects of an OU that are marked with **ProtectedFromAccidentalDeletion**. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit +An **ADOrganizationalUnit** object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADOrganizationalUnit](./Get-ADOrganizationalUnit.md) + +[New-ADOrganizationalUnit](./New-ADOrganizationalUnit.md) + +[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADPrincipalGroupMembership.md b/docset/winserver2025-ps/activedirectory/Remove-ADPrincipalGroupMembership.md new file mode 100644 index 0000000000..6ec51f7c0f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADPrincipalGroupMembership.md @@ -0,0 +1,332 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adprincipalgroupmembership?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADPrincipalGroupMembership +--- + +# Remove-ADPrincipalGroupMembership + +## SYNOPSIS +Removes a member from one or more Active Directory groups. + +## SYNTAX + +``` +Remove-ADPrincipalGroupMembership [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-MemberOf] [-Partition ] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Remove-ADPrincipalGroupMembership** cmdlet removes a user, group, computer, service account, or any other account object from one or more Active Directory groups. + +The *Identity* parameter specifies the user, group, or computer to remove. +You can identify the user, group, or computer by its distinguished name, GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also specify a user, group, or computer object variable, such as `$`, or pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADUser** cmdlet to get a user object and then pass the object through the pipeline to the **Remove-ADPrincipalGroupMembership** cmdlet. +Similarly, you can use Get-ADGroup or Get-ADComputer to get group, service account, and computer objects to pass through the pipeline. + +This cmdlet collects all of the user, computer, service account, and group objects from the pipeline, and then removes these objects from the specified group by using one Active Directory operation. + +The *MemberOf* parameter specifies the groups that you want to remove the member from. +You can identify a group by its distinguished name, GUID, security identifier, or SAM account name. +You can also specify group object variable, such as `$`. +To specify more than one group, use a comma-separated list. +You cannot pass group objects through the pipeline to the MemberOf parameter. +To remove a member from groups that are passed through the pipeline, use Remove-ADGroupMember cmdlet. + +## EXAMPLES + +### Example 1: Remove a user from a group +``` +PS C:\> Remove-ADPrincipalGroupMembership -Identity "David Chew" -MemberOf "Administrators" +Remove members from group +Do you want to remove all the specified member(s) from the specified group(s)? +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y +``` + +This command removes the user David Chew from the Administrators group. + +### Example 2: Remove a user from a distinguished name group +``` +PS C:\> Get-ADUser -Server localhost:60000 -Identity "CN=GlenJohns,DC=AppNC" | Remove-ADPrincipalGroupMembership -MemberOf "CN=AccessControl,DC=AppNC" +``` + +This command retrieves the user with the distinguished name CN=DavidChew,DC=AppNC and removes it from the group with the distinguished name CN=AccessControl,DC=AppNC by using the pipeline operator. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory principal object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -MemberOf +Specifies the Active Directory groups to remove a user, computer, or group to as a member. +You can identify a group by providing one of the following values. +Note: The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +If you are specifying more than one group, use commas to separate the groups in the list. + +```yaml +Type: ADGroup[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADPrincipal +A principal object that represents user, computer, or group is received by the *Identity* parameter. +Derived types, such as the following are also received by this parameter. + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADGroup** + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADPrincipal +Returns a principal object that represents the modified user, computer or group object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSite.md b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSite.md new file mode 100644 index 0000000000..a24a913928 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSite.md @@ -0,0 +1,219 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adreplicationsite?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADReplicationSite +--- + +# Remove-ADReplicationSite + +## SYNOPSIS +Deletes the specified replication site object from Active Directory. + +## SYNTAX + +``` +Remove-ADReplicationSite [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADReplicationSite** cmdlet deletes a specified replication site object from Active Directory. +If domain controllers are no longer needed in a network location, you can remove them from a site and then delete the site object. +Before deleting the site, you must remove all domain controllers from the site either by removing them entirely or by moving them to a new location. + +## EXAMPLES + +### Example 1: Remove a specified replication site +``` +PS C:\> Remove-ADReplicationSite -Identity "Europe" +``` + +This command removes the site with name Europe. + +### Example 2: Get filtered replication sites and remove them +``` +PS C:\> Get-ADReplicationSite -Filter "Description -eq 'For testing only.'" | Remove-ADReplicationSite +``` + +This command gets the sites that are for testing only and removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A connection name +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSite +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished Name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +## OUTPUTS + +### None + +## NOTES +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADReplicationSite](./Get-ADReplicationSite.md) + +[New-ADReplicationSite](./New-ADReplicationSite.md) + +[Set-ADReplicationSite](./Set-ADReplicationSite.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLink.md b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLink.md new file mode 100644 index 0000000000..31d18aa895 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLink.md @@ -0,0 +1,207 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adreplicationsitelink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADReplicationSiteLink +--- + +# Remove-ADReplicationSiteLink + +## SYNOPSIS +Deletes an Active Directory site link used to manage replication. + +## SYNTAX + +``` +Remove-ADReplicationSiteLink [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADReplicationSiteLink** cmdlet removes a site link object used to manage replication traffic between two sites in your Active Directory installation. +For more information on site links, see [Creating a Site Link Design](https://go.microsoft.com/fwlink/?LinkId=221870) in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221870. + +## EXAMPLES + +### Example 1: Remove a replication site link +``` +PS C:\> Remove-ADReplicationSiteLink -Identity "Europe-Asia" +``` + +This command removes the site link with the name Europe-Asia. + +### Example 2: Get a filtered list of replication site links and remove them +``` +PS C:\> Get-ADReplicationSiteLink -Filter "SitesIncluded -eq 'NorthAmerica'" | Remove-ADReplicationSiteLink +``` + +This command gets the site links that include NorthAmerica and removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLink +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink +A site link object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADReplicationSiteLink](./Get-ADReplicationSiteLink.md) + +[New-ADReplicationSiteLink](./New-ADReplicationSiteLink.md) + +[Set-ADReplicationSiteLink](./Set-ADReplicationSiteLink.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLinkBridge.md b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLinkBridge.md new file mode 100644 index 0000000000..606a60a871 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSiteLinkBridge.md @@ -0,0 +1,190 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adreplicationsitelinkbridge?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADReplicationSiteLinkBridge +--- + +# Remove-ADReplicationSiteLinkBridge + +## SYNOPSIS +Deletes a replication site link bridge from Active Directory. + +## SYNTAX + +``` +Remove-ADReplicationSiteLinkBridge [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADReplicationSiteLinkBridge** cmdlet deletes a replication site link bridge from Active Directory. +A site link bridge connects two or more site links and enables transitivity between site links. +Each site link in a bridge must have a site in common with another site link in the bridge. + +## EXAMPLES + +### Example 1: Remove a site link bridge +``` +PS C:\> Remove-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" +``` + +This command removes the site link bridge named NorthAmerica-Asia. + +### Example 2: Remove a filtered list of site link bridges +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Filter "SiteLinksIncluded -eq 'Europe-Asia'" | Remove-ADReplicationSiteLinkBridge +``` + +This command gets the site link bridges that include Europe-Asia and removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLinkBridge +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge +A site link bridge object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADReplicationSiteLinkBridge](./Get-ADReplicationSiteLinkBridge.md) + +[New-ADReplicationSiteLinkBridge](./New-ADReplicationSiteLinkBridge.md) + +[Set-ADReplicationSiteLinkBridge](./Set-ADReplicationSiteLinkBridge.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSubnet.md b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSubnet.md new file mode 100644 index 0000000000..b770011757 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADReplicationSubnet.md @@ -0,0 +1,210 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adreplicationsubnet?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADReplicationSubnet +--- + +# Remove-ADReplicationSubnet + +## SYNOPSIS +Deletes the specified Active Directory replication subnet object from the directory. + +## SYNTAX + +``` +Remove-ADReplicationSubnet [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADReplicationSubnet** cmdlet deletes the specified Active Directory replication subnet object from the directory. +Subnet objects (class subnet) define network subnets in Active Directory. +A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. +Subnets group computers in a way that identifies their physical proximity on the network. +Subnet objects in Active Directory are used to map computers to sites. + +## EXAMPLES + +### Example 1: Remove a specified subnet +``` +PS C:\> Remove-ADReplicationSubnet -Identity "10.0.0.0/25" +``` + +This cmdlet removes the subnet identified as 10.0.0.0/25. + +### Example 3: Remove a filtered list of subnets +``` +PS C:\> Get-ADReplicationSubnet -Filter "Location -like '*Japan'" | Remove-ADReplicationSubnet +``` + +This command gets all the subnets in Japan and removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSubnet +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet +A subnet object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADReplicationSubnet](./Get-ADReplicationSubnet.md) + +[New-ADReplicationSubnet](./New-ADReplicationSubnet.md) + +[Set-ADReplicationSubnet](./Set-ADReplicationSubnet.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADResourceProperty.md b/docset/winserver2025-ps/activedirectory/Remove-ADResourceProperty.md new file mode 100644 index 0000000000..d4a19e1c69 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADResourceProperty.md @@ -0,0 +1,197 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adresourceproperty?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADResourceProperty +--- + +# Remove-ADResourceProperty + +## SYNOPSIS +Removes a resource property from Active Directory. + +## SYNTAX + +``` +Remove-ADResourceProperty [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADResourceProperty** cmdlet removes a resource property from Active Directory. + +## EXAMPLES + +### Example 1: Remove a resource property +``` +PS C:\> Remove-ADResourceProperty -Identity "Country" +``` + +This command removes the specified resource property. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the resource property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourceProperty +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADResourceProperty](./Get-ADResourceProperty.md) + +[New-ADResourceProperty](./New-ADResourceProperty.md) + +[Set-ADResourceProperty](./Set-ADResourceProperty.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyList.md b/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyList.md new file mode 100644 index 0000000000..565f03f5ac --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyList.md @@ -0,0 +1,203 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adresourcepropertylist?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADResourcePropertyList +--- + +# Remove-ADResourcePropertyList + +## SYNOPSIS +Removes one or more resource property lists from Active Directory. + +## SYNTAX + +``` +Remove-ADResourcePropertyList [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADResourcePropertyList** cmdlet removes one or more resource property lists from Active Directory. + +## EXAMPLES + +### Example 1: Remove a specified resource property list +``` +PS C:\> Remove-ADResourcePropertyList -Identity "Corporate Resource Property List" +``` + +This command removes the resource property list named Corporate Resource Property List. + +### Example 2: Remove a filtered list of resource property lists +``` +PS C:\> Get-ADResourcePropertyList -Filter 'Name -Like "Branch*"' | Remove-ADResourcePropertyList +``` + +This command gets all resource property lists whose name starts with Branch and then removes them. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the resource property.The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADResourcePropertyList](./Get-ADResourcePropertyList.md) + +[New-ADResourcePropertyList](./New-ADResourcePropertyList.md) + +[Set-ADResourcePropertyList](./Set-ADResourcePropertyList.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyListMember.md b/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyListMember.md new file mode 100644 index 0000000000..091f1dabaf --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADResourcePropertyListMember.md @@ -0,0 +1,253 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adresourcepropertylistmember?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADResourcePropertyListMember +--- + +# Remove-ADResourcePropertyListMember + +## SYNOPSIS +Removes one or more resource properties from a resource property list in Active Directory. + +## SYNTAX + +``` +Remove-ADResourcePropertyListMember [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Members] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Remove-ADResourcePropertyListMember** cmdlet can be used to remove one or more resource properties from a resource property list in Active Directory. + +## EXAMPLES + +### Example 1: Remove a specified resource property list member +``` +PS C:\> Remove-ADResourcePropertyListMember -Identity "Global Resource Property List" -Members Country +``` + +This command removes the resource property specified as a list member, Country, from the specified resource property list, Global Resource Property List. + +### Example 2: Remove multiple resource property list members +``` +PS C:\> Remove-ADResourcePropertyListMember -Identity "Corporate Resource Property List" -Members Department,Country +``` + +This command removes the resource properties named Department and Country from the resource property list, Corporate Resource Property List. + +### Example 3: Remove specified members from a filtered resource property list +``` +PS C:\> Get-ADResourcePropertyList -Filter "Name -like 'Corporate*'" | Remove-ADResourcePropertyListMember -Members Department,Country +``` + +This command gets the resource property lists that have a name that begins with Corporate and then pipes it to **Remove-ADResourcePropertyListMember**, which then removes the resource properties with the name Department and Country from it. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Members +Specifies an array of **ADResourceProperty** objects in a comma-separated list to add to a resource property list. +To identify each object, use one of the following property values: + +- Name +- Distinguished name +- GUID (objectGUID) + +Note: The identifier in parentheses is the LDAP display name. + +You can also provide objects to this parameter directly. + +You cannot pass objects through the pipeline to this parameter. + +```yaml +Type: ADResourceProperty[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList +An **ADResourcePropertyList** object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList +Returns the modified **ADResourcePropertyList** object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work with an Active Directory snapshot. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Add-ADResourcePropertyListMember](./Add-ADResourcePropertyListMember.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Remove-ADServiceAccount.md new file mode 100644 index 0000000000..a4690f23cc --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADServiceAccount.md @@ -0,0 +1,257 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADServiceAccount +--- + +# Remove-ADServiceAccount + +## SYNOPSIS +Removes an Active Directory managed service account or group managed service account object. + +## SYNTAX + +``` +Remove-ADServiceAccount [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADServiceAccount** cmdlet removes an Active Directory managed service account. +This cmdlet does not make changes to any computers that use the managed service account. +After this operation, the managed service account no longer exists in the directory, but computers are configured to use the managed service account. + +The *Identity* parameter specifies the Active Directory managed service account to remove. +You can identify a managed service account by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the *Identity* parameter to a managed service account object variable, such as `$`, or you can pass a managed service account object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADServiceAccount** cmdlet to retrieve a managed service account object and then pass the object through the pipeline to the **Remove-ADServiceAccount** cmdlet. + +Note: Removing the service account is a different operation than uninstalling the service account locally. + +## EXAMPLES + +### Example 1: Remove a specified managed service account +``` +PS C:\> Remove-ADServiceAccount -Identity SQL-SRV1 +``` + +This command removes the managed service account identified as SQL-SRV1. + +### Example 2: Remove a filtered list of managed service accounts +``` +PS C:\> Get-ADServiceAccount -Filter "Name -like 'SQL*'" | Remove-ADServiceAccount +``` + +This command removes all managed service accounts whose names start with SQL. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In AD DS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* will be set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet has the *Confirm* parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Remove-ADUser.md b/docset/winserver2025-ps/activedirectory/Remove-ADUser.md new file mode 100644 index 0000000000..2d715a6417 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Remove-ADUser.md @@ -0,0 +1,272 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/remove-aduser?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-ADUser +--- + +# Remove-ADUser + +## SYNOPSIS +Removes an Active Directory user. + +## SYNTAX + +``` +Remove-ADUser [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Identity] + [-Partition ] [-Server ] [] +``` + +## DESCRIPTION +The **Remove-ADUser** cmdlet removes an Active Directory user. + +The *Identity* parameter specifies the Active Directory user to remove. +You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the *Identity* parameter to a user object variable, such as `$`, or you can pass a user object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADUser** cmdlet to retrieve a user object and then pass the object through the pipeline to the Remove-ADUser cmdlet. + +If the **ADUser** is being identified by its DN, the *Partition* parameter will be automatically determined. + +For AD LDS environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Remove a specified user +```powershell +PS C:\> Remove-ADUser -Identity GlenJohn +``` + +This command removes the user with SAM account name GlenJohn. + +### Example 2: Remove a filtered list of users +```powershell +PS C:\> Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | Remove-ADUser +``` + +This command searches for any users that have disabled accounts and removes them. + +### Example 3: Remove a user by distinguished name +```powershell +PS C:\> Remove-ADUser -Identity "CN=Glen John,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" +``` + +This command removes the user with the distinguished name CN=Glen John,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 4: Get a user by distinguished name and remove it +```powershell +PS C:\> Get-ADUser -Identity "cn=glenjohn,dc=appnc" -Server Lds.Fabrikam.com:50000 | Remove-ADUser +``` + +This command gets the user with the distinguished name cn=glenjohn,dc=appnc from the AD LDS instance and removes it. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADUser +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value will be used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. + +In AD DS environments, a default value for Partition will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* will be set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADUser +A user object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* By default, this cmdlet prompts for confirmation as it is defined with **High impact** and the default value of the **$ConfirmPreference** variable is **High**. To bypass prompting for confirmation before removal, you can specify `-Confirm:$False` when using this cmdlet. + +## RELATED LINKS + +[Get-ADUser](./Get-ADUser.md) + +[New-ADUser](./New-ADUser.md) + +[Set-ADUser](./Set-ADUser.md) + diff --git a/docset/winserver2025-ps/activedirectory/Rename-ADObject.md b/docset/winserver2025-ps/activedirectory/Rename-ADObject.md new file mode 100644 index 0000000000..7b1004f899 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Rename-ADObject.md @@ -0,0 +1,335 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/rename-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Rename-ADObject +--- + +# Rename-ADObject + +## SYNOPSIS +Changes the name of an Active Directory object. + +## SYNTAX + +``` +Rename-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-NewName] [-Partition ] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Rename-ADObject** cmdlet renames an Active Directory object. +This cmdlet sets the **Name** property of an Active Directory object that has a Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of name. +To modify the given name, surname, and other name of a user, use the Set-ADUser cmdlet. +To modify the Security Account Manager (SAM) account name of a user, computer, or group, use the Set-ADUser, Set-ADComputer, or Set-ADGroup cmdlet. + +The *Identity* parameter specifies the object to rename. +You can identify an object or container by its distinguished name or GUID. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADObject** cmdlet to get an object and then pass the object through the pipeline to the Rename-ADObject cmdlet. +You can also use the **Get-ADGroup**, **Get-ADUser**, **Get-ADComputer**, **Get-ADServiceAccount**, **Get-ADOrganizationalUnit**, and **Get-ADFineGrainedPasswordPolicy** cmdlets to get an object that you can pass through the pipeline to this cmdlet. + +The *NewName* parameter defines the new name for the object and must be specified. + +## EXAMPLES + +### Example 1: Rename a site +``` +PS C:\> Rename-ADObject -Identity "CN=HQ,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" -NewName "UnitedKingdomHQ" +``` + +This command renames the name of an existing site HQ to the new name UnitedKingdomHQ. +If the distinguished name is provided in the *Identity* parameter, then the *Partition* parameter is not required. + +### Example 2: Rename an object +``` +PS C:\> Rename-ADObject -Identity "4777c8e8-cd29-4699-91e8-c507705a0966" -NewName "AmsterdamHQ" -Partition "CN=Configuration,DC=FABRIKAM,DC=COM" +``` + +This command renames the object with the GUID 4777c8e8-cd29-4699-91e8-c507705a0966 to SiteNewName. +The *Partition* parameter is required because the naming context of the site object is not known from the GUID specified by the *Identity* parameter. + +### Example 3: Rename an object by distinguished name +``` +PS C:\> Rename-ADObject -Identity "OU=ManagedGroups,OU=Managed,DC=Fabrikam,DC=Com" -NewName "Groups" +``` + +This command renames the object with the distinguished name OU=ManagedGroups,OU=Managed,DC=Fabrikam,DC=Com to Groups. + +### Example 4: Rename an object by GUID +``` +PS C:\> Rename-ADObject -Identity "4777c8e8-cd29-4699-91e8-c507705a0966" -NewName "DavidChew" +``` + +This command renames the object with GUID 4777c8e8-cd29-4699-91e8-c507705a0966 to DavidChews. +The *Partition* parameter is not specified because the object is in the default naming context of the domain. + +### Example 5: Rename a container in an LDS instance +``` +PS C:\> Rename-ADObject -Identity "CN=Apps,DC=AppNC" -NewName "InternalApps" -Server "FABRIKAM-SRV1:60000" +``` + +This command renames the container CN=Apps,DC=AppNC to InternalApps in an LDS instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, the Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -NewName +Specifies the new name of the object. +This parameter sets the Name property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object is received by the *Identity* parameter. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Reset-ADServiceAccountPassword.md b/docset/winserver2025-ps/activedirectory/Reset-ADServiceAccountPassword.md new file mode 100644 index 0000000000..4ecb65d71e --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Reset-ADServiceAccountPassword.md @@ -0,0 +1,183 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/reset-adserviceaccountpassword?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Reset-ADServiceAccountPassword +--- + +# Reset-ADServiceAccountPassword + +## SYNOPSIS +Resets the password for a standalone managed service account. + +## SYNTAX + +``` +Reset-ADServiceAccountPassword [-WhatIf] [-Confirm] [-AuthType ] [-Identity] + [-Partition ] [] +``` + +## DESCRIPTION +The **Reset-ADServiceAccountPassword** cmdlet resets the password for the standalone managed service account (MSA) on the local computer. +You must run this cmdlet on the computer where the standalone MSA is installed. +Reset is not supported for group managed service accounts. + +The *Identity* parameter specifies the Active Directory standalone MSA that receives the password reset. +You can identify an MSA by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to a MSA object variable, such as `$`, or pass a MSA object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADServiceAccount** cmdlet to retrieve a standalone MSA object and then pass the object through the pipeline to the **Reset-ADServiceAccountPassword** cmdlet. + +Note: When you reset the password for a computer, you also reset all of the standalone MSA passwords for that computer. + +## EXAMPLES + +### Example 1: Reset the password for a standalone MSA +``` +PS C:\> Reset-ADServiceAccountPassword -Identity ServiceAccount1 +``` + +This command resets the password on the standalone managed service account ServiceAccount1. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Restore-ADObject.md b/docset/winserver2025-ps/activedirectory/Restore-ADObject.md new file mode 100644 index 0000000000..6470b3d265 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Restore-ADObject.md @@ -0,0 +1,362 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/restore-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Restore-ADObject +--- + +# Restore-ADObject + +## SYNOPSIS +Restores an Active Directory object. + +## SYNTAX + +``` +Restore-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-NewName ] [-Partition ] [-PassThru] [-Server ] + [-TargetPath ] [] +``` + +## DESCRIPTION +The **Restore-ADObject** cmdlet restores a deleted Active Directory object. + +The *NewName* parameter specifies the new name for the restored object. +If the *NewName* parameter is not specified, the value of the Active Directory attribute with an Lightweight Directory Access Protocol (LDAP) display name of msDS-lastKnownRDN is used. +The *TargetPath* parameter specifies the new location for the restored object. +If the *TargetPath* is not specified, the value of the Active Directory attribute with an LDAP display name of lastKnownParent is used. + +The *Identity* parameter specifies the Active Directory object to restore. +You can identify an object by its distinguished name or GUID. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADObject** cmdlet to get a deleted object by specifying the *IncludeDeletedObjects* parameter. +You can then pass the object through the pipeline to the Restore-ADObject cmdlet. + +Note: You can get the distinguished names of deleted objects by using the **Get-ADObject** cmdlet with the *IncludeDeletedObjects* parameter specified. + +## EXAMPLES + +### Example 1: Restore an object and set attributes for the deleted object +``` +PS C:\> Restore-ADObject -Identity "613dc90a-2afd-49fb-8bd8-eac48c6ab59f" -NewName "Kim Abercrombie" -TargetPath "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" +``` + +This command restores the **ADObject** while setting the **msDS-LastKnownRDN** attribute of the deleted object to the *NewName* parameter and setting the lastKnownRDN to the *TargetPath* parameter. + +### Example 2: Restore an object by distinguished name +``` +PS C:\> Restore-ADObject -Identity "CN=Kim Abercrombie\0ADEL:613dc90a-2afd-49fb-8bd8-eac48c6ab59f,CN=Deleted Objects,DC=FABRIKAM,DC=COM" -NewName "Kim Abercrombie" -TargetPath "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" +``` + +This command restores the **ADObject** while setting the **msDS-LastKnownRDN** attribute of the deleted object to *NewName* parameter and setting the lastKnownRDN to the *TargetPath* parameter. + +### Example 3: Restore an object from a filtered list of users +``` +PS C:\> Get-ADObject -Filter 'samaccountname -eq "pattifuller"' -IncludeDeletedObjects | Restore-ADObject +``` + +This command finds a deleted user whose SAM account name is pattifuller and restores it. + +### Example 4: Restore an object by its GUID +``` +PS C:\> Restore-ADObject -Identity '6bb3bfe9-4355-48ee-b3b6-4fda6917d31d' -Server server1:50000 +``` + +This command restores an AD LDS object using ObjectGUID. + +### Example 5: Restore an object by its msds-LastKnownRDN attribute +``` +PS C:\> Get-ADObject -Filter 'msds-lastknownrdn -eq "user1"' -Server server1:50000 -IncludeDeletedObjects -SearchBase "o=app1,c=us" | Restore-ADObject +``` + +This command restores an AD LDS object using the **msds-LastKnownRDN** attribute. + +### Example 6: Restore deleted Configuration objects in a certain date/time range +``` +PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) +PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate -and isDeleted -eq $True -and -not (isRecycled -eq $True) -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects -SearchBase "CN=Deleted Objects,CN=Configuration,DC=contoso,DC=com" | Restore-ADObject +``` + +This command restores deleted configuration objects in a certain date/time range. This will be Helpful if you know when these objects were deleted. + +### Example 7: Restore all deleted Configuration objects + +``` +Get-ADObject -filter 'isdeleted -eq $true -and name -ne "Deleted Objects"' -includeDeletedObjects -property * -SearchBase "CN=Deleted Objects,CN=Configuration,DC=contoso,DC=com" | Restore-ADObject +``` + +This command restores all deleted configuration objects. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A Security Account Manager account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -NewName +Specifies the new name of the object. +This parameter sets the **Name** property of the Active Directory object. +The LDAP display name (**ldapDisplayName**) of this property is name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetPath +Specifies the new location for the object. +This location must be the path to a container or organizational unit. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object is received by the *Identity* parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +Returns the restored object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Revoke-ADAuthenticationPolicySiloAccess.md b/docset/winserver2025-ps/activedirectory/Revoke-ADAuthenticationPolicySiloAccess.md new file mode 100644 index 0000000000..455f7b29a9 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Revoke-ADAuthenticationPolicySiloAccess.md @@ -0,0 +1,259 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/revoke-adauthenticationpolicysiloaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Revoke-ADAuthenticationPolicySiloAccess +--- + +# Revoke-ADAuthenticationPolicySiloAccess + +## SYNOPSIS +Revokes membership in an authentication policy silo for the specified account. + +## SYNTAX + +``` +Revoke-ADAuthenticationPolicySiloAccess [-WhatIf] [-Confirm] [-Account] [-AuthType ] + [-Credential ] [-Identity] [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Revoke-ADAuthenticationPolicySiloAccess** cmdlet revokes the membership in an authentication policy silo for one or more accounts in Active Directory® Domain Services. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy silo that contains the user accounts to remove. +You can identify an authentication policy silo by its distinguished name, GUID or name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy object to the *Identity* parameter. + +The *Account* parameter specifies the users, computers and service accounts to remove from the authentication policy silo specified by the *Identity* parameter. +You can identify a user, computer or service account by its distinguished name, GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. +You can also use the *Account* parameter to specify a variable that contains user, computer, and service account objects. + +## EXAMPLES + +### Example 1: Revoke access to an authentication policy silo +``` +PS C:\> Revoke-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 -Account User01 -Confirm:$False +``` + +This command revokes access to the authentication policy silo named AuthenticationPolicySilo01 for the user account named User01. +Because the *Confirm* parameter is set to $False, no confirmation message appears. + +### Example 2: Revoke access to an authentication policy silo for filter matches +``` +PS C:\> Get-ADComputer -Filter 'Name -like "newComputer*"' | Revoke-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo02 +Confirm +Are you sure you want to perform this action? +Performing the operation "Set" on target "CN=Silo,CN=AuthN Silos,CN=AuthN PolicyConfiguration,CN=Services,CN=Configuration,DC=DC01,DC=Contoso,DC=com". +[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A +``` + +This command first uses the **Get-ADComputer** cmdlet to get a list of computers that match the filter specified by the Filter parameter. +The output is then passed to the **Revoke-ADAuthenticationPolicySiloAccess** to remove access to the authentication policy silo named AuthenticationPolicySilo02. +Because the *Confirm* parameter is not specified, a confirmation message appears. + +## PARAMETERS + +### -Account +Specifies the account to remove from the authentication policy silo. +Specify the account in one of the following formats: + +- A distinguished name +- GUID +- security identifier +- SAM account name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +You can also use this parameter to specify a variable that contains user, computer, and service account objects. + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an **ADAuthenticationPolicySilo** object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- A GUID +- A name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo +This cmdlet accepts an authentication policy silo object. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo +This cmdlet returns the modified authentication policy silo object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Grant-ADAuthenticationPolicySiloAccess](./Grant-ADAuthenticationPolicySiloAccess.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Search-ADAccount.md b/docset/winserver2025-ps/activedirectory/Search-ADAccount.md new file mode 100644 index 0000000000..f549f4f427 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Search-ADAccount.md @@ -0,0 +1,604 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/search-adaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Search-ADAccount +--- + +# Search-ADAccount + +## SYNOPSIS +Gets Active Directory user, computer, or service accounts. + +## SYNTAX + +### AccountDisabled +``` +Search-ADAccount [-AccountDisabled] [-AuthType ] [-ComputersOnly] [-Credential ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-UsersOnly] [] +``` + +### AccountExpired +``` +Search-ADAccount [-AccountExpired] [-AuthType ] [-ComputersOnly] [-Credential ] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-UsersOnly] [] +``` + +### AccountExpiring +``` +Search-ADAccount [-AccountExpiring] [-AuthType ] [-ComputersOnly] [-Credential ] + [-DateTime ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [-TimeSpan ] [-UsersOnly] [] +``` + +### AccountInactive +``` +Search-ADAccount [-AccountInactive] [-AuthType ] [-ComputersOnly] [-Credential ] + [-DateTime ] [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] + [-SearchScope ] [-Server ] [-TimeSpan ] [-UsersOnly] [] +``` + +### LockedOut +``` +Search-ADAccount [-AuthType ] [-ComputersOnly] [-Credential ] [-LockedOut] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-UsersOnly] [] +``` + +### PasswordExpired +``` +Search-ADAccount [-AuthType ] [-ComputersOnly] [-Credential ] [-PasswordExpired] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-UsersOnly] [] +``` + +### PasswordNeverExpires +``` +Search-ADAccount [-AuthType ] [-ComputersOnly] [-Credential ] [-PasswordNeverExpires] + [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope ] + [-Server ] [-UsersOnly] [] +``` + +## DESCRIPTION +The **Search-ADAccount** cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specified by the parameters. +Search criteria include account and password status. +For example, you can search for all accounts that have expired by specifying the *AccountExpired* parameter. +Similarly, you can search for all accounts with an expired password by specifying the *PasswordExpired* parameter. +You can limit the search to user accounts by specifying the *UsersOnly* parameter. +Similarly, when you specify the *ComputersOnly* parameter, the cmdlet only retrieves computer accounts. + +Some search parameters, such as *AccountExpiring* and *AccountInactive* use a default time that you can change by specifying the *DateTime* or *TimeSpan* parameter. +The *DateTime* parameter specifies a distinct time. +The *TimeSpan* parameter specifies a time range from the current time. +For example, to search for all accounts that expire in 10 days, specify the *AccountExpiring* and *TimeSpan* parameter and set the value of *TimeSpan* to 10.00:00:00. +To search for all accounts that expire before December 31, 2012, set the *DateTime* parameter to 12/31/2012. + +## EXAMPLES + +### Example 1: Get all users, computers, and service accounts that are disabled +``` +PS C:\> Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +Guest user +Pattith user +PattiFul_51399 user +PattyFul-LPTOP computer +PattyFul-DSKTOP computer +``` + +This command returns all users, computers, and service accounts that are disabled. + +### Example 2: Get all users that are disabled +``` +PS C:\> Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +Guest user +PattiFul user +PattiFul_51399 user +``` + +This command returns all users that are disabled. + +### Example 3: Get all users, computers, and service accounts that are expired +``` +PS C:\> Search-ADAccount -AccountExpired | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +Evan Narvaez user +Patti Fuller user +David Chew user +``` + +This command returns all users, computers, and service accounts that are expired. + +### Example 4: Get all users, computers, and service accounts that will expire in a specified time +``` +PS C:\> Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +David Chew user +Evan Narvaez user +Patti Fuller user +``` + +This command returns all users, computers, and service accounts that will expire in the next 6 days. + +### Example 5: Get all accounts that have expired +``` +PS C:\> Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +David Chew user +Evan Narvaez user +Patti Fuller user +``` + +This command returns all accounts where the password has expired. + +### Example 6: Get all accounts that are locked out +``` +PS C:\> Search-ADAccount -LockedOut | FT Name,ObjectClass -A +Name ObjectClass +---- ----------- +Patti Fuller user +``` + +This command returns all accounts that have been locked out. + +## PARAMETERS + +### -AccountDisabled +Specifies a search for accounts that are disabled. +An account is disabled when the ADAccount **Enabled** property is set to false. + +```yaml +Type: SwitchParameter +Parameter Sets: AccountDisabled +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountExpired +Specifies a search for accounts that are expired. +An account is expired when the ADAccount **AccountExpirationDate** property is set to a time in the past. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for the **AccountExpirationDate** property is accountExpires. + +```yaml +Type: SwitchParameter +Parameter Sets: AccountExpired +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountExpiring +Indicates that this cmdlet searches for accounts that are expiring in a given time period or by a specified time. +To specify a time period, use the *AccountExpiring* parameter with the *TimeSpan* parameter. +To specify a specific time, use the *AccountExpiring* parameter with the *DateTime* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: AccountExpiring +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountInactive +Indicates that this cmdlet searches for accounts that have not logged in within a given time period or since a specified time. +To specify a time period, use the *TimeSpan* parameter. +To specify a specific time, use the *DateTime* parameter. +Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level or higher, so this parameter will only work in that mode. + +```yaml +Type: SwitchParameter +Parameter Sets: AccountInactive +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputersOnly +Indicates that this cmdlet searches only computer accounts. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +Specifies the credentials for the security context under which the task is performed. +If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. +If running under the context of an Active Directory module for Windows PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DateTime +Specifies a distinct time value for **Search-ADAccount** parameters such as *AccountExpiring*, *AccountInactive*, and *PasswordExpired*. + +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to be midnight local time. +If you do not specify a date, the date is assumed to be the current date. +The following examples show commonly-used syntax to specify a *DateTime* object. + +- "4/17/2006" +- "Monday, April 17, 2006" +- "2:22:45 PM" +- "Monday, April 17, 2006 2:22:45 PM" + +These examples specify the same date and the time without the seconds. + +- "4/17/2006 2:22 PM" +- "Monday, April 17, 2006 2:22 PM" +- "2:22 PM" + +The following example shows how to specify a date and time by using the RFC1123 standard. +This example defines time by using Greenwich Mean Time (GMT). + +- "Mon, 17 Apr 2006 21:22:48 GMT" + +The following example shows how to specify a value as Coordinated Universal Time (UTC). +This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. + +- "2006-04-17T14:22:48.0000000" + +The following example shows how to set the *AccountExpiring* parameter to a *DateTime* value of June 18, 2012 at 2:00:00 AM. + +`-AccountExpiring -DateTime "6/18/2012 2:00:00 AM"` + +```yaml +Type: DateTime +Parameter Sets: AccountExpiring, AccountInactive +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockedOut +Indicates that this cmdlet searches for accounts that are locked out. + +```yaml +Type: SwitchParameter +Parameter Sets: LockedOut +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordExpired +Indicates that this cmdlet searches for accounts that have an expired password. + +```yaml +Type: SwitchParameter +Parameter Sets: PasswordExpired +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires +Indicates that this cmdlet searches for accounts that have a password that does not expire. + +```yaml +Type: SwitchParameter +Parameter Sets: PasswordNeverExpires +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultPageSize +Specifies the number of objects to include in one page for an Active Directory Domain Services query. + +The default is 256 objects per page. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResultSetSize +Specifies the maximum number of objects to return for an Active Directory Domain Services query. +If you want to receive all of the objects, set this parameter to $Null (null value). +You can use Ctrl+C to stop the query and return of objects. +The default is $Null. + +The following example shows how to set this parameter so that you receive all of the returned objects: + +`-ResultSetSize $Null` + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchBase +Specifies an Active Directory path to search. + +When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. + +When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services (AD DS) target, the default value of this parameter is the default naming context of the target domain. + +When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Lightweight Directory Services (AD LDS) target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the **msDS-defaultNamingContext** property of the Active Directory service agent object **nTDSDSA** for the AD LDS instance. +If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. + +The following example shows how to set this parameter to search under an organizational unit. + +`-SearchBase "ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com"` + +When the value of the *SearchBase* parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. +If the value of the *SearchBase* parameter is set to an empty string and you are not connected to a global catalog port, an error is generated. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SearchScope +Specifies the scope of an Active Directory search. +The acceptable values for this parameter are: + +- Base or 0 +- OneLevel or 1 +- Subtree or 2 + +A Base query searches only the current path or object. +A OneLevel query searches the immediate children of that path or object. +A Subtree query searches the current path or object and all children of that path or object. + +```yaml +Type: ADSearchScope +Parameter Sets: (All) +Aliases: +Accepted values: Base, OneLevel, Subtree + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TimeSpan +Specifies a time interval. +This parameter is used to specify a time value for **Search-ADAccount** parameters such as *AccountExpiring*. +Specify the time interval in the following format: + +\[-\]D.H:M:S.F + +where: + +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F = Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. + +The following examples show how to set this parameter. + +Set the time to 2 days + +`-TimeSpan "2.00:00:00"` + + Set the time span to the previous 2 days + +`-TimeSpan "-2.00:00.00"` + + Set the time to 4 hours + +`-TimeSpan "4:00"` + +For example, to search for all accounts that are expiring in 10 days, specify the *AccountExpiring* and *TimeSpan* parameters as follows. + + `-AccountExpiring -TimeSpan "10.00:00.00"` + +```yaml +Type: TimeSpan +Parameter Sets: AccountExpiring, AccountInactive +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UsersOnly +Indicates that this cmdlet searches for user accounts only. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount +This cmdlet returns one or more account objects that meet the conditions set by the parameters. + +## NOTES + +## RELATED LINKS + +[Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) + +[Disable-ADAccount](./Disable-ADAccount.md) + +[Enable-ADAccount](./Enable-ADAccount.md) + +[Get-ADAccountResultantPasswordReplicationPolicy](./Get-ADAccountResultantPasswordReplicationPolicy.md) + +[Set-ADAccountControl](./Set-ADAccountControl.md) + +[Set-ADAccountExpiration](./Set-ADAccountExpiration.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) + +[Unlock-ADAccount](./Unlock-ADAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAccountAuthenticationPolicySilo.md b/docset/winserver2025-ps/activedirectory/Set-ADAccountAuthenticationPolicySilo.md new file mode 100644 index 0000000000..306b2d3c7f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAccountAuthenticationPolicySilo.md @@ -0,0 +1,273 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adaccountauthenticationpolicysilo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAccountAuthenticationPolicySilo +--- + +# Set-ADAccountAuthenticationPolicySilo + +## SYNOPSIS +Modifies the authentication policy or authentication policy silo of an account. + +## SYNTAX + +``` +Set-ADAccountAuthenticationPolicySilo [-WhatIf] [-Confirm] [-AuthenticationPolicy ] + [-AuthenticationPolicySilo ] [-AuthType ] [-Credential ] + [-Identity] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADAccountAuthenticationPolicySilo** cmdlet modifies the authentication policy or authentication policy silo of an account. +This cmdlet assigns authentication policy silo objects and authentication policy object to an Active Directory Domain Services account. +In order for the account to belong to an authentication policy silo, you must use the **Grant-ADAuthenticationPolicySiloAccess** cmdlet to grant access to the object. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy to modify. +You can identify an authentication policy by its distinguished name, GUID or name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the *Identity* parameter. + +## EXAMPLES + +### Example 1: Assign an authentication policy silo and authentication policy +``` +PS C:\> Set-ADAccountAuthenticationPolicySilo -Identity User01 -AuthenticationPolicySilo AuthenticationPolicySilo01 -AuthenticationPolicy AuthenticationPolicy01 +``` + +This example assigns the authentication policy silo named AuthenticationPolicySilo01 and the authentication policy named AuthenticationPolicy01 to the user account named User01. + +### Example 2: Assign an authentication policy silo and authentication policy by using a filter +``` +PS C:\> Get-ADComputer -Filter 'Name -like "NewComputer*"' | Set-ADAccountAuthenticationPolicySilo -AuthenticationPolicySilo AuthenticationPolicySilo02 -AuthenticationPolicy AuthenticationPolicy02 +``` + +This example first uses the **Get-ADComputer** cmdlet to get all computer accounts that match the filter specified by the Filter parameter. +The output of this command is passed to **Set-ADAccountAuthenticationPolicySilo** to assign the authentication policy silo named AuthenticationPolicySilo02 and the authentication policy named AuthenticationPolicy02 to them. + +## PARAMETERS + + +### -AuthenticationPolicy +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory Domain Services object. +Specify the Active Directory Domain Services object in one of the following formats: + +- distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Grant-ADAuthenticationPolicySiloAccess](./Grant-ADAuthenticationPolicySiloAccess.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAccountControl.md b/docset/winserver2025-ps/activedirectory/Set-ADAccountControl.md new file mode 100644 index 0000000000..e31f6631da --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAccountControl.md @@ -0,0 +1,572 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adaccountcontrol?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAccountControl +--- + +# Set-ADAccountControl + +## SYNOPSIS +Modifies user account control (UAC) values for an Active Directory account. + +## SYNTAX + +``` +Set-ADAccountControl [-WhatIf] [-Confirm] [-AccountNotDelegated ] + [-AllowReversiblePasswordEncryption ] [-AuthType ] [-CannotChangePassword ] + [-Credential ] [-DoesNotRequirePreAuth ] [-Enabled ] + [-HomedirRequired ] [-Identity] [-MNSLogonAccount ] [-Partition ] + [-PassThru] [-PasswordNeverExpires ] [-PasswordNotRequired ] [-Server ] + [-TrustedForDelegation ] [-TrustedToAuthForDelegation ] [-UseDESKeyOnly ] + [] +``` + +## DESCRIPTION +The **Set-ADAccountControl** cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. +UAC values are represented by cmdlet parameters. +For example, set the *PasswordNeverExpires* parameter to change whether an account password could expire and to modify the **ADS_UF_DONT_EXPIRE_PASSWD** UAC value. + +The *Identity* parameter specifies the Active Directory account to modify. + +You can identify an account by its distinguished name, GUID, security identifier (SID), or security accounts manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an account object through the pipeline to the *Identity* parameter. +For example, you can use the **Search-ADAccount** cmdlet to retrieve an account object and then pass the object through the pipeline to the **Set-ADAccountControl** cmdlet. +Similarly, you can use **Get-ADUser**, **Get-ADComputer**, or **Get-ADServiceAccount** cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Require that a user use a password to logon +``` +PS C:\> Set-ADAccountControl -Identity ElisaD -PasswordNotRequired $False +``` + +This command sets the flag on userAccountControl to make sure that a password is required for logon. + +### Example 2: Disable change password on a user account +``` +PS C:\> Set-ADAccountControl -Identity 'CN=Elisa Daugherty,OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -CannotChangePassword $True +``` + +This command sets the security descriptor of the user to make sure they cannot change their own password. + +### Example 3: Disable delegation on a user account +``` +PS C:\> Set-ADAccountControl -Identity SQLAdmin1 -AccountNotDelegated $True +``` + +This command sets the flag on userAccountControl to make sure that the account cannot be delegated. + +### Example 4: Set a user account to be trusted to authenticate for delegation +``` +PS C:\> Set-ADAccountControl -Identity 'CN=IIS01 SvcAccount,OU=ServiceAccounts,OU=Managed,DC=FABRIKAM,DC=COM' -TrustedToAuthForDelegation $True +``` + +This command sets the flag on userAccountControl to make sure that the account is now trusted to authenticate for delegation. + +### Example 5: Set a specified computer to be trusted for delegation +``` +PS C:\> Set-ADAccountControl -Identity "FABRIKAM-SRV1" -TrustedForDelegation $True +``` + +This command sets specified computer to be trusted for delegation. + +### Example 6: Set a user password to never expire +``` +PS C:\> Set-ADAccountControl -Identity EvanNa -PasswordNeverExpires $True +``` + +This command sets the password of the user to never expire. + +### Example 7: Set a user account to require a home directory +``` +PS C:\> Set-ADAccountControl -Identity 'CN=Evan Narvaez,OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -HomedirRequired $True +``` + +This command sets the user account to require a Home Directory. + +## PARAMETERS + +### -AccountNotDelegated +Indicates whether the security context of the user is delegated to a service. +When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory UAC attribute. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowReversiblePasswordEncryption +Indicates whether reversible password encryption is allowed for the account. +This parameter sets the **AllowReversiblePasswordEncryption** property of the account. +This parameter also sets the **ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED** flag of the Active Directory UAC attribute. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CannotChangePassword +Indicates whether an account can change its password. +To disallow password change by the account set this to $True. +This parameter changes the Boolean value of the **CannotChangePassword** property of an account. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoesNotRequirePreAuth +Indicates whether Kerberos pre-authentication is required to logon using the user or computer account. +This parameter sets the **ADS_UF_DONT_REQUIRE_PREAUTH** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Specifies whether an account is enabled. +An enabled account requires a password. +This parameter sets the **Enabled** property for an account object. +This parameter also sets the **ADS_UF_ACCOUNTDISABLE** flag of the Active Directory UAC attribute.The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomedirRequired +Indicates whether a home directory is required for the account. +This parameter sets the **ADS_UF_HOMEDIR_REQUIRED** flag of the Active Directory UAC attribute.The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A SAM Account Name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADUser** + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -MNSLogonAccount +Indicates whether the account is a Majority Node Set (MNS) logon account. +This parameter also sets the **ADS_UF_MNS_LOGON_ACCOUNT** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +You can use MNS logon accounts to configure a multi-node cluster without using a shared disk drive. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires +Indicates whether the password of an account can expire. +This parameter sets the **PasswordNeverExpires** property of an account object. +This parameter also sets the **ADS_UF_DONT_EXPIRE_PASSWD** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Note: This parameter cannot be set to $True for an account that also has the **ChangePasswordAtLogon** property set to $True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNotRequired +Indicates whether the account requires a password. +This parameter sets the **PasswordNotRequired** property of an account, such as a user or computer account. +This parameter also sets the **ADS_UF_PASSWD_NOTREQD** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustedForDelegation +Indicates whether an account is trusted for Kerberos delegation. +A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. +This parameter sets the **TrustedForDelegation** property of an account object. +This value also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustedToAuthForDelegation +Indicates whether an account is enabled for delegation. +When this parameter is set to true, a service running under such an account can impersonate a client on other remote servers on the network. +This parameter sets the **ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseDESKeyOnly +Indicates whether an account is restricted to use only Data Encryption Standard encryption types for keys. +This parameter sets the **ADS_UF_USE_DES_KEY_ONLY** flag of the Active Directory UAC attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount +An account object is received by the *Identity* parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work when connected to global catalog port. + +## RELATED LINKS + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAccountExpiration.md b/docset/winserver2025-ps/activedirectory/Set-ADAccountExpiration.md new file mode 100644 index 0000000000..6e364aaf3d --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAccountExpiration.md @@ -0,0 +1,345 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adaccountexpiration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAccountExpiration +--- + +# Set-ADAccountExpiration + +## SYNOPSIS +Sets the expiration date for an Active Directory account. + +## SYNTAX + +``` +Set-ADAccountExpiration [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [[-DateTime] ] [-Identity] [-Partition ] [-PassThru] [-Server ] + [-TimeSpan ] [] +``` + +## DESCRIPTION +The **Set-ADAccountExpiration** cmdlet sets the expiration time for a user, computer, or service account. +To specify an exact time, use the *DateTime* parameter. +To specify a time period from the current time, use the *TimeSpan* parameter. + +The *Identity* parameter specifies the Active Directory account to modify. + +You can identify an account by its distinguished name, GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an account object through the pipeline to the *Identity* parameter. +For example, you can use the **Search-ADAccount** cmdlet to retrieve an account object and then pass the object through the pipeline to the Set-ADAccountExpiration cmdlet. +Similarly, you can use **Get-ADUser**, **Get-ADComputer**, or **Get-ADServiceAccount** cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + + To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Set the account expiration date for a specified user +``` +PS C:\> Set-ADAccountExpiration -Identity PattiFu -DateTime "10/18/2008" +``` + +This command sets the account with SamAccountName PattiFu to expire on the 18th of October, 2008. + +### Example 2: Set the account expiration date for all user accounts in a specified group +``` +PS C:\> Get-ADGroupMember -Identity BO1Accounts | where {$_.objectClass -eq "user"} | Set-ADAccountExpiration -TimeSpan 60.0:0 +``` + +This command sets the expiration date of all the user accounts who are a member of the group BO1Accounts to 60 days from now. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DateTime +Specifies the expiration time for the account by using a **DateTime** value. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TimeSpan +Specifies a time interval that begins at the current time. +The account expires at the end of the time interval. + +Specify the time interval in the following format: + +\[-\]D.H:M:S.F + +where: + +- D = Days (0 to 10675199) +- H = Hours (0 to 23) +- M = Minutes (0 to 59) +- S = Seconds (0 to 59) +- F = Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: + +-10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAccount +An account object is received by the *Identity* parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAccountPassword.md b/docset/winserver2025-ps/activedirectory/Set-ADAccountPassword.md new file mode 100644 index 0000000000..bb3b5f0d16 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAccountPassword.md @@ -0,0 +1,359 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adaccountpassword?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAccountPassword +--- + +# Set-ADAccountPassword + +## SYNOPSIS +Modifies the password of an Active Directory account. + +## SYNTAX + +``` +Set-ADAccountPassword [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-NewPassword ] [-OldPassword ] [-Partition ] + [-PassThru] [-Reset] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADAccountPassword** cmdlet sets the password for a user, computer, or service account. + +The *Identity* parameter specifies the Active Directory account to modify. + +You can identify an account by its distinguished name, GUID, security identifier (SID) or security accounts manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Search-ADAccount** cmdlet to retrieve an account object and then pass the object through the pipeline to the **Set-ADAccountPassword** cmdlet. +Similarly, you can use **Get-ADUser**, **Get-ADComputer**, or **Get-ADServiceAccount**, for standalone MSAs, cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet. + +Note: Group MSAs cannot set password since they are changed at predetermined intervals. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the Partition parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Set a password for a user account using a distinguished name +``` +PS C:\> Set-ADAccountPassword -Identity 'CN=Elisa Daugherty,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) +``` + +This command sets the password of the user account with DistinguishedName CN=Elisa Daugherty,OU=Accounts,DC=Fabrikam,DC=com to p@ssw0rd. + +### Example 2: Change a specified user's password +``` +PS C:\> Set-ADAccountPassword -Identity elisada -OldPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) -NewPassword (ConvertTo-SecureString -AsPlainText "qwert@12345" -Force) +``` + +This command sets the password of the user account with SamAccountName elisada to qwert@12345. +Using -NewPassword with a value, without providing an -OldPassword parameter value, will also reset the password. + +### Example 3: Prompt a specified user to change their password +``` +PS C:\> Set-ADAccountPassword -Identity EvanNa + + +Please enter the current password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com' +Password:********** +Please enter the desired password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com' +Password:*********** +Repeat Password:*********** +``` + +This command sets the password of the user account with DistinguishedName CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com. +The cmdlet prompts you for old and new passwords. + +### Example 4: Prompt a user for a new password that is stored in a temporary variable +``` +PS C:\> $NewPassword = (Read-Host -Prompt "Provide New Password" -AsSecureString) +PS C:\> Set-ADAccountPassword -Identity DavidChe -NewPassword $NewPassword -Reset +Provide New Password: ********** +``` + +This command prompts the user for a new password that is stored in a temporary variable named $NewPassword, then uses it to reset the password for the user account with SamAccountName DavidChe. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -NewPassword +Specifies a new password value. +This value is stored as an encrypted string. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OldPassword +Specifies the most recent password value. +This value is processed as an encrypted string. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for **Partition** is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Reset +Specifies to reset the password on an account. +When you use this parameter, you must set the *NewPassword* parameter. +You do not need to specify the *OldPassword* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory provider drive, when running under that drive. +- By using the domain of the computer running Windows PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount +An account object is received by the *Identity* parameter. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. This cmdlet does not work when connected to global catalog port. + +## RELATED LINKS + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Get-ADUser](./Get-ADUser.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicy.md b/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicy.md new file mode 100644 index 0000000000..ad0d4ac2ef --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicy.md @@ -0,0 +1,616 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAuthenticationPolicy +--- + +# Set-ADAuthenticationPolicy + +## SYNOPSIS +Modifies an Active Directory Domain Services authentication policy object. + +## SYNTAX + +### Identity +``` +Set-ADAuthenticationPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-ComputerAllowedToAuthenticateTo ] [-ComputerTGTLifetimeMins ] [-Credential ] + [-Description ] [-Enforce ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] + [-RollingNTLMSecret ] [-Server ] [-ServiceAllowedToAuthenticateFrom ] + [-ServiceAllowedToAuthenticateTo ] [-ServiceAllowedNTLMNetworkAuthentication ] + [-ServiceTGTLifetimeMins ] [-UserAllowedToAuthenticateFrom ] + [-UserAllowedToAuthenticateTo ] [-UserAllowedNTLMNetworkAuthentication ] + [-UserTGTLifetimeMins ] [] +``` + +### Instance +``` +Set-ADAuthenticationPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADAuthenticationPolicy** cmdlet modifies the properties of an Active Directory® Domain Services authentication policy. +Commonly used attributes of the object can be specified by the parameters of this cmdlet. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Remove*, *Replace*, and *Clear* parameters. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy to modify. +You can specify an authentication policy object by using a distinguished name, a GUID, or a name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the *Identity* parameter. +To get an authentication policy object, use the **Get-ADAuthenticationPolicy** cmdlet. + +Use the *Instance* parameter to specify an authentication policy object to use as a template for the object being modified. +Do not specify both the *Instance* parameter and the *Identity* parameter. + +## EXAMPLES + +### Example 1: Modify properties of a specified authentication policy +``` +PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy01 -Description "TestDescription" -UserTGTLifetimeMins 45 +``` + +This command modifies the description and the **UserTGTLifetimeMins** properties of the specified authentication policy. + +### Example 2: Modify properties of an authentication policy by using an Instance. +``` +PS C:\> $AuthPolicy = Get-ADAuthenticationPolicy -Identity AuthenticationPolicy02 +PS C:\> $AuthPolicy.Description = 'testDescription' +PS C:\> $AuthPolicy.UserTGTLifetimeMins = 60 +PS C:\> Set-ADAuthenticationPolicy -Instance $AuthPolicy +``` + +This example first gets the authentication policy named AuthenticationPolicy02 by using the **Get-ADAuthenticationPolicy** cmdlet. +The authentication policy object is stored in the variable named $authPolicy. + +The next commands modify the properties of the object in the variable, and the final command specifies the *Instance* parameter to commit the changes to the authentication policy stored in the $authPolicy variable. + +### Example 3: Modify multiple authentication policies +``` +PS C:\> Get-ADAuthenticationPolicy -Filter 'UserTGTLifetimeMins -le 50' | Set-ADAuthenticationPolicy -UserTGTLifetimeMins 60 +``` + +This command uses the **Get-ADAuthenticationPolicy** cmdlet with the *Filter* parameter to get all authentication policies that have the **UserTGTLifetimeMins** value set below 50 minutes. +The pipeline operator then passes the result of the filter to **Set-AdAuthenticationPolicy**, which sets the new *UserTGTLifetimeMins* value to 60 minutes. + +### Example 4: Replace an existing property value +``` +PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy03 -Replace @{description="New Description"} +``` + +This command replaces the existing description property for **AuthenticationPolicy03** with the new description specified by the *Replace* parameter. + +## PARAMETERS + +### -Add +Specifies a list of values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a parameter. +To identify an attribute, specify the Lightweight Directory Access Protocol (LDAP) display name defined for it in the Active Directory Domain Services schema. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a parameter. +To modify an object property, you must specify the LDAP display name. +You can modify more than one property by specifying a comma-separated list. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerAllowedToAuthenticateTo +Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as "User01" or "Domain01\User01", or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the object. +This parameter sets the value of the description property for the object. +The LDAP display name (**ldapDisplayName**) for this property is "description". + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enforce +Indicates whether the authentication policy is enforced. +Specify $True to set the authentication policy to enforced. +Specify $False to set the authentication policy to not enforced. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- Distinguished Name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of an **ADAuthenticationPolicy** object to use to update the actual **ADAuthenticationPolicy** object. +When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding **ADAuthenticationPolicy** object. +The cmdlet only updates the object properties that have changed. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +To get the **ADAuthenticationPolicy** object to use to update the **ADAuthenticationPolicy** on which the cmdlet runs, use the **Get-ADAuthenticationPolicy** cmdlet. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Indicates whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove the values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must specify the LDAP display name. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies a list of values for an object property that replaces the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must specify the LDAP display name. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RollingNTLMSecret +Beginning with Windows 10, version 1703, this feature is deprecated and should not be configured in Active Directory. + +```yaml +Type: ADStrongNTLMPolicyType +Parameter Sets: Identity +Aliases: +Accepted values: Disabled, Optional, Required + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAllowedNTLMNetworkAuthentication +Specifies that the policy allows NTLM network authentication if the service account has an access control expression specified by the *ServiceAllowedToAuthenticateFrom* parameter. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAllowedToAuthenticateFrom +Specifies an access control expression used to determine from which devices the service can authenticate. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAllowedToAuthenticateTo +Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable TGTs for service accounts. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserAllowedNTLMNetworkAuthentication +Indicates that the policy allows NTLM network authentication if the user account has an access control expression specified by the *UserAllowedToAuthenticateFrom* parameter. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserAllowedToAuthenticateFrom +Specifies an access control expression used to determine from which devices the users can authenticate. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserAllowedToAuthenticateTo +Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserTGTLifetimeMins +Specifies the lifetime in minutes for non-renewable TGTs for user accounts. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy +This cmdlet accepts an authentication policy object. + +## OUTPUTS + +### System.Object +Returns one or more objects. + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicy](./Get-ADAuthenticationPolicy.md) + +[New-ADAuthenticationPolicy](./New-ADAuthenticationPolicy.md) + +[Remove-ADAuthenticationPolicy](./Remove-ADAuthenticationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicySilo.md b/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicySilo.md new file mode 100644 index 0000000000..e610a18c34 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADAuthenticationPolicySilo.md @@ -0,0 +1,491 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adauthenticationpolicysilo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADAuthenticationPolicySilo +--- + +# Set-ADAuthenticationPolicySilo + +## SYNOPSIS +Modifies an Active Directory Domain Services authentication policy silo object. + +## SYNTAX + +### Identity +``` +Set-ADAuthenticationPolicySilo [-WhatIf] [-Confirm] [-Add ] [-AuthType ] + [-Clear ] [-ComputerAuthenticationPolicy ] [-Credential ] + [-Description ] [-Enforce ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] [-Server ] + [-ServiceAuthenticationPolicy ] [-UserAuthenticationPolicy ] + [] +``` + +### Instance +``` +Set-ADAuthenticationPolicySilo [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADAuthenticationPolicySilo** cmdlet modifies the properties of an Active Directory® Domain Services authentication policy silo. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear* and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory Domain Services authentication policy to modify. +You can specify an authentication policy object by using a distinguished name, a GUID, or a name. +You can also use the *Identity* parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the *Identity* parameter. +To get an authentication policy object, use the **Get-ADAuthenticationPolicy** cmdlet. + +Use the *Instance* parameter to specify an authentication policy object to use as a template for the object being modified. +Do not specify both the *Instance* parameter and the *Identity* parameter. + +## EXAMPLES + +### Example 1: Modify an authentication policy silo +``` +PS C:\> Set-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo01 -UserAuthenticationPolicy 'AuthenticationPolicy1' +``` + +This command modifies the user authentication policy for the authentication policy silo named AuthenticationPolicySilo01. + +### Example 2: Modify multiple properties of an authentication policy silo +``` +PS C:\> $AuthPolicySilo = Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo02 +PS C:\> $AuthPolicySilo.Description = 'testDescription' +PS C:\> $AuthPolicySilo.Enforce = $False +PS C:\> Set-ADAuthenticationPolicySilo -Instance $AuthPolicySilo +``` + +This example first gets an authentication policy silo object and stores it in the variable named $AuthPolicySilo. +Properties of the authentication policy silo are then modified, and finally the contents of the variable are written to the authentication policy silo by using the *Instance* parameter. + +### Example 3: Modify multiple authentication policy silo objects by filtering +``` +PS C:\> Get-ADAuthenticationPolicySilo -Filter 'UserAuthenticationPolicy -eq "AuthenticationPolicy01"' | Set-ADAuthenticationPolicySilo -UserAuthenticationPolicy AuthenticationPolicy02 +``` + +This example first gets all authentication policy silos that match the filter specified by the Filter parameter for Get-ADAuthenticationPolicySilo. +The results of the filter are then passed to Set-ADAuthenticationPolicySilo by using the pipeline operator. + +### Example 4: Replace a value in an authentication policy silo object +``` +PS C:\> Set-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo03 -Replace @{description="New Description"} +``` + +This command replaces the description for the authentication policy silo object named AuthenticationPolicySilo03. + +## PARAMETERS + +### -Add +Specifies a list of values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a parameter. +To identify an attribute, specify the Lightweight Directory Access Protocol (LDAP) display name defined for it in the Active Directory Domain Services schema. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a parameter. +To modify an object property, you must specify the LDAP display name. +You can modify more than one property by specifying a comma-separated list. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerAuthenticationPolicy +Specifies the authentication policy that applies to computer accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in a provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the object. +This parameter sets the value of the description property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enforce +Indicates whether the authentication policy is enforced. +Specify $True to set the authentication policy to enforced. +Specify $False to set the authentication policy to not enforced. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- A distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of an **ADAuthenticationPolicySilo** object to use to update the actual **ADAuthenticationPolicySilo** object. +When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding **ADAuthenticationPolicySilo** object. +The cmdlet only updates the object properties that have changed. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +To get the **ADAuthenticationPolicySilo** object to use to update the **ADAuthenticationPolicySilo** on which the cmdlet runs, use the Get-ADAuthenticationPolicySilo cmdlet. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Indicates whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove the values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must specify the LDAP display name. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies a list of values for an object property that replaces the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must specify the LDAP display name. + +Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. + +To specify multiple values for an attribute, specify a comma separated list the values for the display name. +You can specify values for more than one attribute by using semicolons to separate attribute value pairs. + +When specifying the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAuthenticationPolicy +Specifies the authentication policy that applies to managed service accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserAuthenticationPolicy +Specifies the authentication policy that applies to user accounts. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADAccount +This cmdlet accepts an account object. + +## OUTPUTS + +### System.Object +Returns one or more objects. + +## NOTES + +## RELATED LINKS + +[Get-ADAuthenticationPolicySilo](./Get-ADAuthenticationPolicySilo.md) + +[New-ADAuthenticationPolicySilo](./New-ADAuthenticationPolicySilo.md) + +[Remove-ADAuthenticationPolicySilo](./Remove-ADAuthenticationPolicySilo.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessPolicy.md b/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessPolicy.md new file mode 100644 index 0000000000..0e5fd496fe --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessPolicy.md @@ -0,0 +1,400 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adcentralaccesspolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADCentralAccessPolicy +--- + +# Set-ADCentralAccessPolicy + +## SYNOPSIS +Modifies a central access policy in Active Directory. + +## SYNTAX + +### Identity +``` +Set-ADCentralAccessPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] [-Server ] + [] +``` + +### Instance +``` +Set-ADCentralAccessPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADCentralAccessPolicy** cmdlet can be used to modify a central access policy in Active Directory. + +## EXAMPLES + +### Example 1: Update a specified central access policy's description +``` +PS C:\> Set-ADCentralAccessPolicy "Finance Policy" -Description "For the Finance Department." +``` + +This command updates the central access policy named Finance Policy to include the description For the Finance Department. + +### Example 2: Get an existing central access policy and then update its description +``` +PS C:\> Get-ADCentralAccessPolicy "Finance Policy" | Set-ADCentralAccessPolicy -Description "For the Finance Department." +``` + +This command gets the central access policy named Finance Policy, and then sets its description to For the Finance Department. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations is performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADCentralAccessPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a central access policy object to use to update the actual central access policy object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access policy object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update central access policy objects that have been retrieved by using the **Get-ADCentralAccessPolicy** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADCentralAccessPolicy +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +An **ADCentralAccessPolicy** object is received by the *Identity* parameter. + +An **ADCentralAccessPolicy** object that was retrieved by using the **Get-ADCentralAccessPolicy** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy +Returns the modified **ADCentralAccessPolicy** object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADCentralAccessPolicy](./Get-ADCentralAccessPolicy.md) + +[New-ADCentralAccessPolicy](./New-ADCentralAccessPolicy.md) + +[Remove-ADCentralAccessPolicy](./Remove-ADCentralAccessPolicy.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessRule.md b/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessRule.md new file mode 100644 index 0000000000..586efa6f7e --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADCentralAccessRule.md @@ -0,0 +1,491 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adcentralaccessrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADCentralAccessRule +--- + +# Set-ADCentralAccessRule + +## SYNOPSIS +Modifies a central access rule in Active Directory. + +## SYNTAX + +### Identity +``` +Set-ADCentralAccessRule [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-CurrentAcl ] [-Description ] [-Identity] + [-PassThru] [-ProposedAcl ] [-ProtectedFromAccidentalDeletion ] [-Remove ] + [-Replace ] [-ResourceCondition ] [-Server ] [] +``` + +### Instance +``` +Set-ADCentralAccessRule [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADCentralAccessRule** cmdlet can be used to modify a central access rule in a central access policy that is stored in Active Directory. + +## EXAMPLES + +### Example 1: Set a condition on a central access rule +``` +PS C:\> $departmentResourceProperty = Get-ADResourceProperty -Identity Department +PS C:\> $resourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})" +PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $resourceCondition +``` + +This command sets the central access rule named Finance Documents Rule with a new resource condition. +The resource condition scopes the resources to ones containing the value Finance in their Department resource property. + +### Example 2: Set a resource condition and new permissions on a central access rule +``` +PS C:\> $CountryClaimType = Get-ADClaimType -Identity Country +PS C:\> $DepartmentClaimType = Get-ADClaimType -Identity Department +PS C:\> $CountryResourceProperty = Get-ADResourceProperty -Identity Country +PS C:\> $DepartmentResourceProperty = Get-ADResourceProperty -Identity Department +PS C:\> $FinanceException = Get-ADGroup -Identity FinanceException +PS C:\> $FinanceAdmin = Get-ADGroup -Identity FinanceAdmin +PS C:\> $ResourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})" +PS C:\> $CurrentAcl = "O:SYG:SYD:AR(A;;FA;;;OW)(A;;FA;;;BA)(A;;0x1200a9;;;" + $financeException.SID.Value + ")(A;;0x1301bf;;;" + $FinanceAdmin.SID.Value + ")(A;;FA;;;SY)(XA;;0x1200a9;;;AU;((@USER." + $CountryClaimType.Name + " Any_of @RESOURCE." + $CountryResourceProperty.Name + ") && (@USER." + $DepartmentClaimType.Name + " Any_of @RESOURCE." + $DepartmentResourceProperty.Name + ")))" +PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $ResourceCondition -CurrentAcl $currentAcl +``` + +This example sets the central access rule named Finance Documents Rule with a new resource condition and new permissions. + +The new rule specifies that documents should only be read by members of the Finance department. +Members of the Finance department should only be able to access documents in their own country/region. +Only Finance Administrators should have write access. +The rule allows an exception for members of the FinanceException group. +This group will have read access. + +Targeting: + +- Resource.Department Contains Finance +- Allow Full control User.MemberOf(FinanceAdmin) + +Access rules: + +- Allow Read User.Country=Resource.Country AND User.department = Resource.Department +- Allow Full control User.MemberOf(FinanceAdmin) +- Allow Read User.Country=Resource.Country AND User.department = Resource.Department +- Allow Read User.MemberOf(FinanceException) + +### Example 3: Set a description on a central access rule +``` +PS C:\> Get-ADCentralAccessRule -Identity "Finance Documents Rule" | Set-ADCentralAccessRule -Description "For finance documents." +``` + +This command gets the central access rule named Finance Documents Rule, and set the description to For finance documents. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +You can use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CurrentAcl +Specifies the currently effective access control list (ACL) of the rule. +The current ACL grants access to target resources once the central access policy containing this rule is published. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADCentralAccessRule +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of an central access rule object to use to update the actual central access rule object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access rule object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update central access rule objects that have been retrieved by using the **Get-ADCentralAccessRule** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADCentralAccessRule +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProposedAcl +Specifies the proposed ACL of the central access rule. +The proposed ACL allows an administrator to audit the results of access requests to target resources specified in the resource condition without affecting the current system. +To view the logs, go to Event Viewer or other audit tools to view the logs. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceCondition +Specifies the resource condition of the central access rule. +The resource condition specifies a list of criteria to scope the resources. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry +An **ADCentralAccessPolicyEntry** object is received by the *Identity* parameter. + +An **ADCentralAccessPolicyEntry** object that was retrieved by using the **Get-ADCentralAccessPolicyEntry** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry +Returns the modified **ADCentralAccessPolicyEntry** object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADCentralAccessRule](./Get-ADCentralAccessRule.md) + +[New-ADCentralAccessRule](./New-ADCentralAccessRule.md) + +[Remove-ADCentralAccessRule](./Remove-ADCentralAccessRule.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformLink.md b/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformLink.md new file mode 100644 index 0000000000..30b3e0e0a8 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformLink.md @@ -0,0 +1,277 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adclaimtransformlink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADClaimTransformLink +--- + +# Set-ADClaimTransformLink + +## SYNOPSIS +Applies a claims transformation to one or more cross-forest trust relationships in Active Directory. + +## SYNTAX + +``` +Set-ADClaimTransformLink [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-PassThru] [-Policy] [-Server ] + -TrustRole [] +``` + +## DESCRIPTION +The **Set-ADClaimTransformLink** cmdlet can be used to apply a claims transformation to one or more cross-forest trust relationships in Active Directory. + +## EXAMPLES + +### Example 1: Set a claims transformation policy to a cross-forest trusted relationship in Active Directory +``` +PS C:\> New-ADClaimTransformPolicy -Identity DenyAllPolicy -DenyAll +PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusted +PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusting +``` + +This command applies the claims transformation policy DenyAllPolicy to the trust corp.contoso.com. +The rule is applied to where this domain acts as both the trusted and trusting domain in the trust. +Effectively, the rule is applied to both claims coming in to this domain from its trust partner, and claims flowing out of this domain towards its trust partner. + +Since the specified transformation rule denies all claims to be sent or received, this domain will now deny all claims from being sent to or received from the other domain, the trust partner. + +### Example 2: Set a claims transformation policy to a cross-forest trusted relationship in Active Directory +``` +PS C:\> New-ADClaimTransformPolicy -Identity AllowAllExceptCompanyAndDepartmentPolicy -AllowAllExcept Company,Department +PS C:\> Get-ADTrust "corp.contoso.com" | Set-ADClaimTransformLink -Policy AllowAllExceptCompanyAndDepartmentPolicy -TrustRole Trusted +``` + +This command applies the claims transformation policy AllowAllExceptCompanyAndDepartmentPolicy to the trust corp.contoso.com. +The rule is applied to where this domain acts as the trusted domain in the trust. +Effectively, the rule is applied to claims flowing out of this domain towards its trust partner. + +Since the specified transformation rule allows all claims to be sent or received except Company and Department, this domain will now allow all claims except the two from being sent to the other domain, the trust partner. + +### Example 3: Set a claims transformation policy to a cross-forest trusted relationship in Active Directory +``` +PS C:\> New-ADClaimTransformPolicy -Identity HumanResourcesToHrPolicy -Rule 'C1:[Type=="ad://ext/Department:88ce6e1cc00e9524", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);'; +PS C:\> Set-ADClaimTransformLink -Identity "corp.contoso.com" -Policy HumanResourcesToHrPolicy -TrustRole Trusting +``` + +This command applies the claims transformation policy HumanResourcesToHrPolicy to the trust corp.contoso.com. +The rule is applied to where this domain acts as the trusting domain in the trust. +Effectively, the rule is applied to claims coming in to this domain from its trust partner. + +Since the specified transformation rule transforms the value Human Resources into HR in the claim ad://ext/Department:88ce6e1cc00e9524, this domain will now transform the claim value received from the other domain, the trust partner, from Human Resources to HR. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADTrust +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Policy +Specifies the claims transformation policy to apply to the cross-forest trust relationship. +This parameter does not receive pipeline input. + +```yaml +Type: ADClaimTransformPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustRole +Specifies a trust role, as an enumeration of the link types. +Used to specify which links on the trust relationships that the claims transformation apply to. +The acceptable values for this parameter are: + +- Trusted +- Trusting + +```yaml +Type: ADTrustRole +Parameter Sets: (All) +Aliases: +Accepted values: Trusted, Trusting + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADTrust +A trust object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADTrust + +## NOTES + +## RELATED LINKS + +[Clear-ADClaimTransformLink](./Clear-ADClaimTransformLink.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformPolicy.md b/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformPolicy.md new file mode 100644 index 0000000000..63eec48450 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADClaimTransformPolicy.md @@ -0,0 +1,536 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adclaimtransformpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADClaimTransformPolicy +--- + +# Set-ADClaimTransformPolicy + +## SYNOPSIS +Sets the properties of a claims transformation policy in Active Directory. + +## SYNTAX + +### DenyAllExcept +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] -DenyAllExcept [-Description ] + [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-Server ] [] +``` + +### DenyAll +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-DenyAll] [-Description ] [-Identity] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] + [-Server ] [] +``` + +### Identity +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] [-Rule ] + [-Server ] [] +``` + +### AllowAll +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-Add ] [-AllowAll] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] [-Identity] + [-PassThru] [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] + [-Server ] [] +``` + +### AllowAllExcept +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-Add ] -AllowAllExcept + [-AuthType ] [-Clear ] [-Credential ] [-Description ] + [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-Server ] [] +``` + +### Instance +``` +Set-ADClaimTransformPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADClaimTransformPolicy** cmdlet can be used to set the properties of a claims transformation policy in Active Directory. +A claims transformation policy object contains a set of rules authored in the transformation rule language. + +## EXAMPLES + +### Example 1: Set the transformation rule on a specified claims transformation policy +``` +PS C:\> Set-ADClaimTransformPolicy -Identity DenyAllPolicy -DenyAll +``` + +This command sets the transformation rule on the claims transformation policy named DenyAllPolicy to deny all claims, both those that are sent as well as those that are received. + +### Example 2: Set the transformation rule on a specified claims transformation policy with exceptions +``` +PS C:\> Set-ADClaimTransformPolicy -Identity AllowAllExceptCompanyAndDepartmentPolicy -AllowAllExcept Company,Department +``` + +This command sets the transformation rule on the claims transformation policy named AllowAllExceptCompanyAndDepartmentPolicy to allow all claims to be sent or received except for the claims Company and Department. + +### Example 3: Set the transformation rule on an existing claims transformation policy +``` +PS C:\> Set-ADClaimTransformPolicy -Identity HumanResourcesToHrPolicy -Rule 'C1:[Type=="ad://ext/Department:88ce6e1cc00e9524", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);' +``` + +This command sets the transformation rule on the claims transformation policy named HumanResourcesToHrPolicy to transform the value Human Resources to HR in the claim ad://ext/Department:88ce6e1cc00e9524. + +### Example 4: Set the transformation rule on an claims transformation policy specified in a file +``` +PS C:\> $Rule = Get-Content -Path C:\rule.txt +PS C:\> Set-ADClaimTransformPolicy MyRule -Rule $Rule +``` + +This command sets the transformation rule on the claims transformation policy named MyRule with the rule specified in C:\rule.txt. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowAll +Indicates whether the policy sets a claims transformation rule that allows all claims to be sent or received. + +```yaml +Type: SwitchParameter +Parameter Sets: AllowAll +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowAllExcept +Specifies an array of claim types. +When this parameter is specified, the policy sets a claims transformation rule that allows all claims to be sent or received except for the specified claim types. + +```yaml +Type: ADClaimType[] +Parameter Sets: AllowAllExcept +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01" or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you are prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyAll +Indicates that the policy sets a claims transformation rule that denies all claims to be sent or received. + +```yaml +Type: SwitchParameter +Parameter Sets: DenyAll +Aliases: +Accepted values: true + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyAllExcept +Specifies an array of claim types. +When this parameter is specified, the claims transformation policy sets a claims transformation rule that denies all claims to be sent or received except for the specified claim types. + +```yaml +Type: ADClaimType[] +Parameter Sets: DenyAllExcept +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies one of the following as valid identities for the ADClaimTransformPolicy object: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADClaimTransformPolicy +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object. + +You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing claims transformation policy object as a template for a new object. +To retrieve an instance of an existing claims transformation policy object, use a cmdlet such as **Get-ADClaimTransformPolicy**. +Then provide this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create a new claims transformation policy object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADClaimTransformPolicy** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADClaimTransformPolicy** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADClaimTransformPolicy +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: DenyAllExcept, DenyAll, Identity, AllowAll, AllowAllExcept +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Rule +Specifies the claims transformation rule. +To specify the rule, you can either type the rule in a text file, and then pass the file to the cmdlet (recommended), or type the rule inline. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +A claim transform policy object is received by the *Identity* parameter. + +A claim transform policy object that was retrieved by using the Get-ADClaimTransformPolicy cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy +Returns the modified claim transform policy object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADClaimTransformPolicy](./Get-ADClaimTransformPolicy.md) + +[New-ADClaimTransformPolicy](./New-ADClaimTransformPolicy.md) + +[Remove-ADClaimTransformPolicy](./Remove-ADClaimTransformPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADClaimType.md b/docset/winserver2025-ps/activedirectory/Set-ADClaimType.md new file mode 100644 index 0000000000..19b4d9830b --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADClaimType.md @@ -0,0 +1,596 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adclaimtype?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADClaimType +--- + +# Set-ADClaimType + +## SYNOPSIS +Modify a claim type in Active Directory. + +## SYNTAX + +### Identity (Default) +``` +Set-ADClaimType [-WhatIf] [-Confirm] [-Add ] [-AppliesToClasses ] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] [-DisplayName ] + [-Enabled ] [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-RestrictValues ] [-Server ] + [-SuggestedValues ] [] +``` + +### SourceTransformPolicy +``` +Set-ADClaimType [-WhatIf] [-Confirm] [-Add ] [-AppliesToClasses ] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] [-DisplayName ] + [-Enabled ] [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-RestrictValues ] [-Server ] + [-SourceTransformPolicy] [-SuggestedValues ] [] +``` + +### SourceAttribute +``` +Set-ADClaimType [-WhatIf] [-Confirm] [-Add ] [-AppliesToClasses ] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] [-DisplayName ] + [-Enabled ] [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-RestrictValues ] [-Server ] + -SourceAttribute [-SuggestedValues ] [] +``` + +### SourceOID +``` +Set-ADClaimType [-WhatIf] [-Confirm] [-Add ] [-AppliesToClasses ] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] [-DisplayName ] + [-Enabled ] [-Identity] [-PassThru] [-ProtectedFromAccidentalDeletion ] + [-Remove ] [-Replace ] [-RestrictValues ] [-Server ] + -SourceOID [] +``` + +### Instance +``` +Set-ADClaimType [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADClaimType** cmdlet can be used to modify a claim type in Active Directory. + +## EXAMPLES + +### Example 1: Set a user claim display name to a source from an Active Directory source +``` +PS C:\> Set-ADClaimType -Identity Title -SourceAttribute "title" +``` + +This command sets the user claim type with display name Title to source from the Active Directory attribute **title**. + +### Example 2: Set the suggested values of a user claim +``` +PS C:\> $FullTime = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("FTE", "Full-Time", "Full-time employee") +PS C:\> $Intern = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Intern", "Intern", "Student employee") +PS C:\> $Contractor = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Contractor", "Contractor", "Contract employee") +PS C:\> Set-ADClaimType -Identity "Employee Type" -SuggestedValues $FullTime,$Intern,$Contractor +``` + +This command sets the suggested values of the user claim type with display name Employee Type to FTE, Intern, and Contractor. +Applications using this claim type would allow their users to specify one of the suggested values as this claim type's value. + +### Example 3: Set the source OID of a claim type and then disable it +``` +PS C:\> Set-ADclaimType -Identity "Bitlocker Enabled" -SourceOID "1.3.6.1.4.1.311.67.1.1" -Enabled $False +``` + +This example sets the source OID of the claim type with display name Bitlocker Enabled to 1.3.6.1.4.1.311.67.1.1, and disables the claim type. + +### Example 4: Set a named claim type to source from the claims transformation policy engine +``` +PS C:\> Set-ADClaimType -Identity SourceForest -SourceTransformPolicy +``` + +This command sets the claim type named SourceForest to source from the claims transformation policy engine. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AppliesToClasses +Specifies the names, GUIDs, or distinguished names of the schema classes to which this claim type is applied. + +```yaml +Type: String[] +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the claim type. +The display name of the claim type must be unique. +The display name of a claim type can be used as an identity in other Active Directory cmdlets. + +```yaml +Type: String +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Specifies if the claim type is enabled. + +```yaml +Type: Boolean +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADClaimType +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a claim type object to use as a template for a new claim type object. + +You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing claim type object as a template for a new object. +To retrieve an instance of an existing claim type object, use a cmdlet such as **Get-ADClaimType**. +Then provide this object to the *Instance* parameter of the **New-ADClaimType** cmdlet to create a new claim type object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the New-ADClaimType cmdlet to create the new claim type object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADClaimType +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RestrictValues +This parameter is used to specify whether the claim type may have values outside of the *SuggestedValues* parameter. +If this is set to $True, then the claim should only have values specified in the *SuggestedValues* parameter. +Note that Active Directory does not enforce this restriction. +It is up to the applications that use these claims to enforce the restriction. + +```yaml +Type: Boolean +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute, SourceOID +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceAttribute +Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. +The input must be the distinguished name, Name, or GUID of the attribute definition in the schema. + +Acceptable values include attributes of the following schema class objects: **User**, **InetOrgPerson**, **Computer**, **ManagedServiceAccount**, **GroupManagedServiceAccount**, and **Auxiliary**, except for the following attributes: + + Attributes marked as defunct in the schema- Blocked attributes such as **dBCSPwd**, **lmPwdHistory**, and **unicodePwd** + Attributes that are not replicated + Attributes that are not available on read-only domain controllers + Attributes with syntaxes not based on the following: + +- String Object (DS-DN) +- String (Unicode) +- Boolean +- Integer +- Large Integer +- String (OID) +- String (SD) + +```yaml +Type: String +Parameter Sets: SourceAttribute +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceOID +Specifies a string to use to configure a certificate-based claim type source. +For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. +This parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. +An example of an OID is 1.3.6.1.4.1.311.47.2.5. + +```yaml +Type: String +Parameter Sets: SourceOID +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceTransformPolicy +Indicates that the claim type is sourced from the claims transformation policy engine. + +```yaml +Type: SwitchParameter +Parameter Sets: SourceTransformPolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SuggestedValues +Specifies one or more suggested values for the claim type. +An application may choose to present this list of suggested values for the user to choose from. +When *RestrictValues* is set to $True, the application should restrict the user to pick values from this list only. + +```yaml +Type: ADSuggestedValueEntry[] +Parameter Sets: Identity, SourceTransformPolicy, SourceAttribute +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimType + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADClaimType](./Get-ADClaimType.md) + +[New-ADClaimType](./New-ADClaimType.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADComputer.md b/docset/winserver2025-ps/activedirectory/Set-ADComputer.md new file mode 100644 index 0000000000..7ab7c4c450 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADComputer.md @@ -0,0 +1,1091 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adcomputer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADComputer +--- + +# Set-ADComputer + +## SYNOPSIS +Modifies an Active Directory computer object. + +## SYNTAX + +### Identity +``` +Set-ADComputer [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-Add ] [-AllowReversiblePasswordEncryption ] + [-AuthenticationPolicy ] [-AuthenticationPolicySilo ] + [-AuthType ] [-CannotChangePassword ] [-Certificates ] + [-ChangePasswordAtLogon ] [-Clear ] [-CompoundIdentitySupported ] + [-Credential ] [-Description ] [-DisplayName ] [-DNSHostName ] + [-Enabled ] [-HomePage ] [-Identity] + [-KerberosEncryptionType ] [-Location ] [-ManagedBy ] + [-OperatingSystem ] [-OperatingSystemHotfix ] [-OperatingSystemServicePack ] + [-OperatingSystemVersion ] [-Partition ] [-PassThru] [-PasswordNeverExpires ] + [-PasswordNotRequired ] [-PrincipalsAllowedToDelegateToAccount ] [-Remove ] + [-Replace ] [-SAMAccountName ] [-Server ] [-ServicePrincipalNames ] + [-TrustedForDelegation ] [-UserPrincipalName ] [] +``` + +### Instance +``` +Set-ADComputer [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADComputer** cmdlet modifies the properties of an Active Directory computer object. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory computer to modify. +You can identify a computer by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADComputer** cmdlet to retrieve a computer object and then pass the object through the pipeline to Set-ADComputer. + +The *Instance* parameter provides a way to update a computer by applying the changes made to a copy of the computer object. +When you set the *Instance* parameter to a copy of an Active Directory computer object that has been modified, the **Set-ADComputer** cmdlet makes the same changes to the original computer object. +To get a copy of the object to modify, use the Get-ADComputer object. +When you specify the *Instance* parameter you should not pass the *Identity* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Modify the SPN value for a specified Active Directory computer +``` +PS C:\> Set-ADComputer -Identity "USER01-SRV1" -ServicePrincipalName @{Replace="MSSQLSVC/USER01-SRV1.USER01.COM:1456","MSOLAPSVC.3/USER01-SRV1.USER01.COM:analyze"} +``` + +This command modifies the service principal name (SPN) value for the computer specified by the *Identity* parameter. + +### Example 2: Set the location for a specified Active Directory computer +``` +PS C:\> Set-ADComputer -Identity "USER02-SRV1" -Location "NA/HQ/Building A" +``` + +This command sets the location for the computer specified by the *Identity* parameter. + +### Example 3: Set an attribute for a specified Active Directory computer using a SAM account name +``` +PS C:\> Set-ADComputer -Identity "USER03-SRV1" -ManagedBy "CN=SQL Administrator 01,OU=UserAccounts,OU=Managed,DC=USER03,DC=COM" +``` + +This command sets the **ManagedBy** attribute value for the computer specified by the *Identity* parameter using the SAM account name of the user. + +### Example 4: Set multiple attributes of an Active Directory computer +``` +PS C:\> $Comp = Get-ADComputer -Identity "USER04-SRV1" +PS C:\> $Comp.Location = "NA/HQ/Building A" +PS C:\> $Comp.ManagedBy = "CN=SQL Administrator 01,OU=UserAccounts,OU=Managed,DC=USER04,DC=COM" +PS C:\> Set-ADComputer -Instance $Comp +``` + +This command sets the **Location** and **ManagedBy** attributes of a computer. + +## PARAMETERS + +### -AccountExpirationDate +Specifies the expiration date for an account. +This parameter sets the **AccountExpirationDate** property of an account object. +The Active Directory Lightweight Directory Services (LDAP) display name (**ldapDisplayName**) for this property is accountExpires. + +Use the **DateTime** syntax when you specify this parameter. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountNotDelegated +Specifies whether the security context of the user is delegated to a service. +When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowReversiblePasswordEncryption +Specifies whether reversible password encryption is allowed for the account. +This parameter sets the **AllowReversiblePasswordEncryption** property of the account. +This parameter also sets the **ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + + +### -AuthenticationPolicy +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- Distinguished Name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CannotChangePassword +Specifies whether the account password can be changed. +This parameter sets the **CannotChangePassword** property of an account. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Certificates +Modifies the DER-encoded X.509v3 certificates of the account. +These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. +This parameter sets the **Certificates** property of the account object. +The LDAP Display Name (**ldapDisplayName**) for this property is userCertificate. + +Syntax: + +To add values: + +`-Certificates @{Add=value1,value2,...}` + +To remove values: + +`-Certificates @{Remove=value3,value4,...}` + +To replace values: + +`-Certificates @{Replace=value1,value2,...}` + +To clear all values: + +`-Certificates $null` + +You can specify more than one operation by using a list separated by semicolons. +For example, use the following syntax to add and remove Certificate values + +`-Certificates @{Add=value1,value2,...;Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +..Remove + +..Add + +..Replace + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ChangePasswordAtLogon +Specifies whether a password must be changed during the next logon attempt. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +This parameter cannot be set to $True or 1 for an account that also has the **PasswordNeverExpires** property set to $True. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported +Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. +This value sets the compound identity supported flag of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute is overwritten by the service or system which manages the setting. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DNSHostName +Specifies the fully qualified domain name (FQDN) of the computer. +This parameter sets the **DNSHostName** property for a computer object. +The LDAP display name for this property is dNSHostName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Specifies if an account is enabled. +An enabled account requires a password. +This parameter sets the **Enabled** property for an account object. +This parameter also sets the **ADS_UF_ACCOUNTDISABLE** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory computer object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished Name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A Security Accounts Manager Account Name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If the identifier given is a distinguished name, the partition to search is computed from that distinguished name. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. + +```yaml +Type: ADComputer +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a computer object to use to update the actual Active Directory computer object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update computer objects that have been retrieved by using the **Get-ADComputer** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADComputer +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType +Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. +This value sets the encryption types supported flags of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- None +- DES +- RC4 +- AES128 +- AES256 + +None will remove all encryption types from the account which may result in the Key Distribution Center (KDC) being unable to issue service tickets for services using the account. + +Data Encryption Standard (DES) is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2. + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute is overwritten by the service or system which manages the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: Identity +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Location +Specifies the location of the computer, such as an office number. +This parameter sets the **Location** property of a computer. +The LDAP display name (**ldapDisplayName**) of this property is location. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A Distinguished Name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A SAM Account Name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OperatingSystem +Specifies an operating system name. +This parameter sets the **OperatingSystem** property of the computer object. +The LDAP display name (**ldapDisplayName**) for this property is operatingSystem. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OperatingSystemHotfix +Specifies an operating system hotfix name. +This parameter sets the **operatingSystemHotfix** property of the computer object. +The LDAP display name for this property is operatingSystemHotfix. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OperatingSystemServicePack +Specifies the name of an operating system service pack. +This parameter sets the **OperatingSystemServicePack** property of the computer object. +The LDAP display name (**ldapDisplayName**) for this property is operatingSystemServicePack. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OperatingSystemVersion +Specifies an operating system version. +This parameter sets the **OperatingSystemVersion** property of the computer object. +The LDAP display name (**ldapDisplayName**) for this property is operatingSystemVersion. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires +Specifies whether the password of an account can expire. +This parameter sets the **PasswordNeverExpires** property of an account object. +This parameter also sets the **ADS_UF_DONT_EXPIRE_PASSWD** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +Note: This parameter cannot be set to $True or 1 for an account that also has the **ChangePasswordAtLogon** property set to &True. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNotRequired +Specifies whether the account requires a password. +This parameter sets the **PasswordNotRequired** property of an account, such as a user or computer account. +This parameter also sets the **ADS_UF_PASSWD_NOTREQD** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount +Specifies the accounts which can act on the behalf of users to services running as this computer account. +This parameter sets the **msDS-AllowedToActOnBehalfOfOtherIdentity** attribute of a computer account object. + +`Running Set-ADComputer without specifying the first principal will cause it to get overridden` + +```yaml +Type: ADPrincipal[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SAMAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 20 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the string value provided is not terminated with a $ character, the system adds one if needed. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames +Specifies the service principal names for the account. +This parameter sets the **ServicePrincipalNames** property of the account. +The LDAP display name (**ldapDisplayName**) for this property is servicePrincipalName. +This parameter uses the following syntax to add remove, replace or clear service principal name values: + +Syntax: + +To add values: + +`-ServicePrincipalNames @{Add=value1,value2,...}` + +To remove values: + +`-ServicePrincipalNames @{Remove=value3,value4,...}` + +To replace values: + +`-ServicePrincipalNames @{Replace=value1,value2,...}` + +To clear all values: + +`-ServicePrincipalNames $null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove service principal names. + +`@{Add=value1,value2,...;Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +..Remove + +..Add + +..Replace + +The following example shows how to add and remove service principal names. + +`-ServicePrincipalNames @{Add="SQLservice/accounting.corp.contoso.com:1456";Remove="SQLservice/finance.corp.contoso.com:1456"}` + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustedForDelegation +Specifies whether an account is trusted for Kerberos delegation. +A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. +This parameter sets the **TrustedForDelegation** property of an account object. +This value also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserPrincipalName +Specifies a user principal name (UPN) in the format `@`. +A user principal name (UPN) is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. +The UPN is independent of the user object's distinguished name, so a user object can be moved or renamed without affecting the user logon name. +When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADComputer +A computer object is received by the *Identity* parameter. + +A computer object that was retrieved by using the **Get-ADComputer** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADComputer +Returns the modified computer object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work when connected to Global Catalog port. + +## RELATED LINKS + +[Add-ADComputerServiceAccount](./Add-ADComputerServiceAccount.md) + +[Get-ADComputer](./Get-ADComputer.md) + +[Get-ADComputerServiceAccount](./Get-ADComputerServiceAccount.md) + +[New-ADComputer](./New-ADComputer.md) + +[Remove-ADComputer](./Remove-ADComputer.md) + +[Remove-ADComputerServiceAccount](./Remove-ADComputerServiceAccount.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADDefaultDomainPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Set-ADDefaultDomainPasswordPolicy.md new file mode 100644 index 0000000000..f5a19acd71 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADDefaultDomainPasswordPolicy.md @@ -0,0 +1,484 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-addefaultdomainpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADDefaultDomainPasswordPolicy +--- + +# Set-ADDefaultDomainPasswordPolicy + +## SYNOPSIS +Modifies the default password policy for an Active Directory domain. + +## SYNTAX + +``` +Set-ADDefaultDomainPasswordPolicy [-WhatIf] [-Confirm] [-AuthType ] [-ComplexityEnabled ] + [-Credential ] [-Identity] [-LockoutDuration ] + [-LockoutObservationWindow ] [-LockoutThreshold ] [-MaxPasswordAge ] + [-MinPasswordAge ] [-MinPasswordLength ] [-PassThru] [-PasswordHistoryCount ] + [-ReversibleEncryptionEnabled ] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADDefaultDomainPasswordPolicy** cmdlet modifies the properties of the default password policy for a domain. +You can modify property values by using the cmdlet parameters. + +The *Identity* parameter specifies the domain whose default password policy you want modify. +You can identify a domain by its distinguished name, GUID, Security Identifier (SID), DNS domain name, or NETBIOS name. +You can also set the parameter to an **ADDomain** object variable, or pass an **ADDomain** object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADDomain** cmdlet to retrieve a domain object and then pass the object through the pipeline to the **Set-ADDefaultDomainPasswordPolicy** cmdlet. + +## EXAMPLES + +### Example 1: Set the default password policy for a specified domain +```powershell +PS C:\> Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True -ReversibleEncryptionEnabled $False -MaxPasswordAge 10.00:00:00 +``` + +This command sets the default domain password policy for a domain specified by using the *Identity* parameter. +Note: setting **MaxPwdAge** to 0 will convert it to never, which is Int64.MinValue or -9223372036854775808 in the directory. + +### Example 2: Set the default domain policy for the current logged on user domain +```powershell +PS C:\> Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser | Set-ADDefaultDomainPasswordPolicy -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $true -ReversibleEncryptionEnabled $false -MinPasswordLength 12 +``` + +This command sets the default domain password policy for the current logged on user domain. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComplexityEnabled +Specifies whether password complexity is enabled for the password policy. +If enabled, the password must contain three of the following four character types: + +- Uppercase characters (A, B, C, D, E, ...) +- Lowercase characters (a, b, c, d, e, ...) +- Numerals (0, 1, 2, 3, ...) +- Special characters (#, $, *, %, ...) + +This parameter sets the **ComplexityEnabled** property of a password policy. +The acceptable values for this parameter are: + +- $False or 0. +Disables password complexity. +- $True or 1. +Enables password complexity. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +All values are for the **domainDNS** object that represents the domain. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A DNS domain name +- A NetBIOS domain name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. + +```yaml +Type: ADDefaultDomainPasswordPolicy +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -LockoutDuration +Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. +You cannot login to an account that is locked until the lockout duration time period has expired. +This parameter sets the **lockoutDuration** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is lockoutDuration. + +The lockout duration must be greater than or equal to the lockout observation time for a password policy. +Use the *LockOutObservationWindow* parameter to set the lockout observation time. + +Specify the lockout duration time interval in the following format: + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F = Fractions of a second (0 to 9999999) + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutObservationWindow +Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. +An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. +This parameter sets the **lockoutObservationWindow** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is lockoutObservationWindow. + +The lockout observation window must be smaller than or equal to the lockout duration for a password policy. +Use the *LockoutDuration* parameter to set the lockout duration time. + +Specify the time interval in the following format: + +D:H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F = Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutThreshold +Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. +This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. +This parameter sets the **LockoutThreshold** property of a password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaxPasswordAge +Specifies the maximum length of time that you can have the same password. +After this time period, the password expires and you must create a new one. + +This parameter sets the **maxPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is maxPwdAge. + +Specify the time interval in the following format: + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F = Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MinPasswordAge +Specifies the minimum length of time before you can change a password. + +This parameter sets the **minPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is minPwdAge. + +Specify the time interval in the following format. + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F = Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MinPasswordLength +Specifies the minimum number of characters that a password must contain. +This parameter sets the **MinPasswordLength** property of the password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordHistoryCount +Specifies the number of previous passwords to save. +A user cannot reuse a password in the list of saved passwords. +This parameter sets the **PasswordHistoryCount** property for a password policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReversibleEncryptionEnabled +Specifies whether the directory must store passwords using reversible encryption. +This parameter sets the **ReversibleEncryption** property for a password policy. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomain +A domain object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADDefaultDomainPasswordPolicy](./Get-ADDefaultDomainPasswordPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADDomain.md b/docset/winserver2025-ps/activedirectory/Set-ADDomain.md new file mode 100644 index 0000000000..31dd98fb29 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADDomain.md @@ -0,0 +1,522 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-addomain?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADDomain +--- + +# Set-ADDomain + +## SYNOPSIS +Modifies an Active Directory domain. + +## SYNTAX + +### Identity +``` +Set-ADDomain [-WhatIf] [-Confirm] [-Add ] [-AllowedDNSSuffixes ] [-AuthType ] + [-Clear ] [-Credential ] [-Identity] + [-LastLogonReplicationInterval ] [-ManagedBy ] [-PassThru] + [-PublicKeyRequiredPasswordRolling ] [-Remove ] [-Replace ] [-Server ] + [] +``` + +### Instance +``` +Set-ADDomain [-WhatIf] [-Confirm] [-AllowedDNSSuffixes ] [-AuthType ] + [-Credential ] -Instance [-LastLogonReplicationInterval ] + [-ManagedBy ] [-PassThru] [-PublicKeyRequiredPasswordRolling ] [-Server ] + [] +``` + +## DESCRIPTION +The **Set-ADDomain** cmdlet modifies the properties of an Active Directory domain. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the domain to modify. +You can identify a domain by its distinguished name, GUID, security identifier (SID), DNS domain name, or NetBIOS name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline to the **Set-ADDomain** cmdlet. + +The *Instance* parameter provides a way to update a domain object by applying the changes made to a copy of the domain object. +When you set the *Instance* parameter to a copy of an Active Directory domain object that has been modified, the **Set-ADDomain** cmdlet makes the same changes to the original domain object. +To get a copy of the object to modify, use the Get-ADDomain object. +When you specify the *Instance* parameter you should not pass the *Identity* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Set the value of a property in a domain +``` +PS C:\> Set-ADDomain -Identity USER01 -AllowedDNSSuffixes @{Replace="USER01.com","corp.USER01.com"} +``` + +This command sets the value of **AllowedDNSSuffixes** to {"USER01.com","corp.USER01.com"} in domain USER01. + +### Example 2: Set the value of a property in a domain +``` +PS C:\> Set-ADDomain -Identity USER01 -AllowedDNSSuffixes @{Add="corp.USER01.com"} +``` + +This command adds the value corp.USER01.com to the **AllowedDNSSuffixes** in domain USER01. + +### Example 3: Set the ManagedBy property in a domain +``` +PS C:\> Set-ADDomain -Identity USER01 -ManagedBy 'CN=Domain Admins,CN=Users,DC=USER01,DC=COM' +``` + +This command sets the **ManagedBy** property in domain USER01 to CN=Domain Admins,CN=Users,DC=USER01,DC=COM. + +### Example 4: Set the time in days for replication for the current logged on user +``` +PS C:\> Get-ADDomain | Set-ADDomain -LastLogonReplicationInterval "10" +``` + +This command sets the **LastLogonReplicationInterval** of the current logged on user domain to 10. + +### Example 5: Set the ManagedBy property for a domain +``` +PS C:\> $Domain = Get-ADDomain -Identity London +PS C:\> $Domain.ManagedBy = PattiFuller +PS C:\> Set-ADDomain -Instance $Domain +``` + +This command modifies the **ManagedBy** property for the London domain. +The example modifies a local instance of the London domain, and then specifies the *Instance* parameter for the current cmdlet as the local instance. + +### Example 6: Enable password expiration and rolling for public key to sign in +``` +PS C:\> Set-ADDomain -Identity FABRIKAM -PublicKeyRequiredPasswordRolling $True +``` + +This command sets the **msDS-ExpirePasswordsOnSmartCardOnlyAccounts** attribute for the FABRIKAM domain to $True. +This setting enables password expiration and rolling for user accounts that require a public key to sign in. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedDNSSuffixes +Modifies the list of domain name server (DNS) suffixes that are allowed in a domain. +This parameter sets the value of the **msDS-AllowedDNSSuffixes** attribute of the **domainDNS** object. +This parameter uses the following syntax to add, remove, replace, or clear DNS suffix values. + +To add values: + +`-AllowedDNSSuffixes @{Add=value1,value2,...}` + +To remove values: + +``-AllowedDNSSuffixes @{Remove=value3,value4,...} + +To replace values: + +`-AllowedDNSSuffixes @{Replace=value1,value2,...}` + +To clear all values: + +`-AllowedDNSSuffixes $Null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove DNS suffix values: + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +All values are for the **domainDNS** object that represents the domain. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A DNS domain name +- A NetBIOS domain name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. + +```yaml +Type: ADDomain +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a domain object to use to update the actual Active Directory domain object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update domain objects that have been retrieved by using the Get-ADDomain cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADDomain +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LastLogonReplicationInterval +Specifies the time, in days, within which the last logon time of an account must be replicated across all domain controllers in the domain. +This parameter sets the **LastLogonReplicationInterval** property for a domain. +The LDAP display name (**ldapDisplayName**) for this property is **msDS-LogonTimeSyncInterval**. +The last logon replication interval must be at least one day. +Setting the last logon replication interval to a low value can significantly increase domain-wide replication. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PublicKeyRequiredPasswordRolling +Specifies whether the domain enables password expiration and rolling for user account that require a smart card for interactive sign in. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomain +A domain object is received by the *Identity* parameter. + +A domain object that was retrieved by using the Get-ADDomain cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomain +This cmdlet returns the modified domain object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADDomain](./Get-ADDomain.md) + +[Get-ADDomainController](./Get-ADDomainController.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADDomainMode.md b/docset/winserver2025-ps/activedirectory/Set-ADDomainMode.md new file mode 100644 index 0000000000..7edb9f28ca --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADDomainMode.md @@ -0,0 +1,272 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-addomainmode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADDomainMode +--- + +# Set-ADDomainMode + +## SYNOPSIS +Sets the domain mode for an Active Directory domain. + +## SYNTAX + +``` +Set-ADDomainMode [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-DomainMode] [-Identity] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADDomainMode** cmdlet sets the domain mode for a domain. +You specify the domain mode by setting the *DomainMode* parameter. + +The *Identity* parameter specifies the Active Directory domain to modify. +You can identify a domain by its distinguished name, GUID, security identifier (SID), DNS domain name, or NetBIOS name. +You can also set the *Identity* parameter to a domain object variable such as `$`, or you can pass a domain object through the pipeline to the *Identity* parameter. +For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline operator to the **Set-ADDomainMode** cmdlet. + +The **Set-ADDomainMode** cmdlet always prompts for permission unless you specify *Confirm:$False*. + +## EXAMPLES + +### Example 1: Set the domain mode of a specified user to Windows2003Domain +``` +PS C:\> Set-ADDomainMode -Identity user01.com -DomainMode Windows2003Domain +``` + +This command sets the **DomainMode** property of the user01.com domain to Windows2003Domain. + +### Example 2: Set the domain mode of the current user's domain to Windows2003Domain +``` +PS C:\> $PDC = Get-ADDomainController -Discover -Service PrimaryDC +PS C:\> Set-ADDomainMode -Identity $PDC.Domain -Server $PDC.HostName[0] -DomainMode Windows2003Domain +``` + +This example sets the **DomainMode** of the current logged on user's domain to Windows2003Domain. +The set operation targets the PrimaryDC FSMO to apply the update. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainMode +Specifies the domain functional level of the first domain in the creation of a new forest. +Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. +For example, to set the domain mode level to Windows Server 2008 R2, you can specify either a value of **4** or **Windows2008R2Domain**. + +The following are the currently supported values: + +- Windows Server 2000: **0** or **Windows2000Domain** +- Windows Server 2003 Interim Domain: **1** or **Windows2003InterimDomain** +- Windows Server 2003: **2** or **Windows2003Domain** +- Windows Server 2008: **3** or **Windows2008Domain** +- Windows Server 2008 R2: **4** or **Windows2008R2Domain** +- Windows Server 2012: **5** or **Windows2012Domain** +- Windows Server 2012 R2: **6** or **Windows2012R2Domain** +- Windows Server 2016: **7** or **WinThreshold** + +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The functional level can be increased, and also decreased as long as no feature that requires that functional level is in use, such as the Active Directory Recycle Bin. +The default is automatically computed and set. + +```yaml +Type: ADDomainMode +Parameter Sets: (All) +Aliases: +Accepted values: Windows2000Domain, Windows2003InterimDomain, Windows2003Domain, Windows2008Domain, Windows2008R2Domain, Windows2012Domain, Windows2012R2Domain, Windows2016Domain, UnknownDomain + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory domain object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +All values are for the domainDNS object that represents the domain. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A DNS domain name +- A NetBIOS domain name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. + +```yaml +Type: ADDomain +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADDomain +A domain object is received by the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADDomain +This cmdlet returns the modified domain object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. +* This cmdlet does not work when connected to Global Catalog port. + +## RELATED LINKS + +[Get-ADDomain](./Get-ADDomain.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADFineGrainedPasswordPolicy.md b/docset/winserver2025-ps/activedirectory/Set-ADFineGrainedPasswordPolicy.md new file mode 100644 index 0000000000..fb83bcc36f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADFineGrainedPasswordPolicy.md @@ -0,0 +1,736 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adfinegrainedpasswordpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADFineGrainedPasswordPolicy +--- + +# Set-ADFineGrainedPasswordPolicy + +## SYNOPSIS +Modifies an Active Directory fine-grained password policy. + +## SYNTAX + +### Identity +``` +Set-ADFineGrainedPasswordPolicy [-WhatIf] [-Confirm] [-Add ] [-AuthType ] + [-Clear ] [-ComplexityEnabled ] [-Credential ] [-Description ] + [-DisplayName ] [-Identity] [-LockoutDuration ] + [-LockoutObservationWindow ] [-LockoutThreshold ] [-MaxPasswordAge ] + [-MinPasswordAge ] [-MinPasswordLength ] [-PassThru] [-PasswordHistoryCount ] + [-Precedence ] [-ProtectedFromAccidentalDeletion ] [-Remove ] + [-Replace ] [-ReversibleEncryptionEnabled ] [-Server ] [] +``` + +### Instance +``` +Set-ADFineGrainedPasswordPolicy [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADFineGrainedPasswordPolicy** cmdlet modifies the properties of an Active Directory fine-grained password policy. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory fine-grained password policy to modify. +You can identify a fine-grained password policy by its distinguished name, GUID or name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADFineGrainedPasswordPolicy** cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the **Set-ADFineGrainedPasswordPolicy** cmdlet. + +The *Instance* parameter provides a way to update a fine-grained password policy object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory fine-grained password policy object that has been modified, the **Set-ADFineGrainedPasswordPolicy** cmdlet makes the same changes to the original fine-grained password policy object. +To get a copy of the object to modify, use the Get-ADFineGrainedPasswordPolicy object. +The *Identity* parameter is not allowed when you use the *Instance* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Update properties on a fine-grained password policy object +``` +PS C:\> Set-ADFineGrainedPasswordPolicy -Identity MyPolicy -Precedence 100 -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True -ReversibleEncryptionEnabled $false -MinPasswordLength 12 +``` + +This command updates the **Precedence**, **LockoutDuration**, **LockoutObservationWindow**, **ComplexityEnabled**, **ReversibleEncryptionEnabled**, and **MinPasswordLength** properties on the **FineGrainedPasswordPolicy** object with name MyPolicy. + +### Example 2: Set a property on a fine-grained password policy using distinguished name +``` +PS C:\> Set-ADFineGrainedPasswordPolicy -Identity 'CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' -MinPasswordLength 12 +``` + +This command sets the **MinPasswordLength** property on the **FineGrainedPasswordPolicy** object with distinguished name CN=MyPolicy,CN=Password Settings Container,CN=System,DC=USER01,DC=COM. + +### Example 3: Get a fine-grained password policy then update a set of properties +``` +PS C:\> $FGPP = Get-ADFineGrainedPasswordPolicy -Identity MyPolicy +PS C:\> $FGPP.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") +PS C:\> $FGPP.LockoutThreshold = 10 +PS C:\> $FGPP.MinPasswordLength = 8 +PS C:\> $FGPP.PasswordHistoryCount = 24 +PS C:\> Set-ADFineGrainedPasswordPolicy -Instance $FGPP +``` + +This example gets the **FineGrainedPasswordPolicy** object with name MyPolicy, updates a set of properties on the object, and then writes the modifications back to the directory using the *Instance* parameter. + +### Example 4: Update a property for a specific fine-grained password policy +``` +PS C:\> Get-ADFineGrainedPasswordPolicy -Identity "Level3Policy" | Set-ADFineGrainedPasswordPolicy -Precedence 150 +``` + +This command modifies the **Precedence** property for the fine-grained password policy named Level3Policy. +The command uses the **Get-ADFineGrainedPasswordPolicy** cmdlet to get the fine-grained password policy, and then passes the policy to the current cmdlet by using the pipeline operator. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComplexityEnabled +Specifies whether password complexity is enabled for the password policy. +If enabled, the password must contain three of the following four character types: + +- Uppercase characters (A, B, C, D, E, ...) +- Lowercase characters (a, b, c, d, e, ...) +- Numerals (0, 1, 2, 3, ...) +- Special characters (#, $, *, %, ...) + +This parameter sets the **ComplexityEnabled** property of a password policy. +The acceptable values for this parameter are: + +- $False or 0. +Disables password complexity. +- $True or 1. +Enables password complexity. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory fine-grained password policy object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished Name (distinguishedName) +- A GUID (objectGUID) +- A Name (name) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a fine-grained password policy object to use to update the actual Active Directory fine-grained password policy object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update fine-grained password policy objects that have been retrieved by using the **Get-ADFineGrainedPasswordPolicy** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADFineGrainedPasswordPolicy +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutDuration +Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. +You cannot login to an account that is locked until the lockout duration time period has expired. +This parameter sets the **lockoutDuration** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is msDS-LockoutDuration. + +The lockout duration must be greater than or equal to the lockout observation time for a password policy. +Use the *LockOutObservationWindow* parameter to set the lockout observation time. + +Specify the lockout duration time interval in the following format: + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F= Fractions of a second (0 to 9999999) + +```yaml +Type: TimeSpan +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutObservationWindow +Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. +An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. +This parameter sets the **lockoutObservationWindow** property of a password policy object. +The LDAP display name (**ldapDisplayName**) of this property is msDS-lockoutObservationWindow. + +The lockout observation window must be smaller than or equal to the lockout duration for a password policy. +Use the *LockoutDuration* parameter to set the lockout duration time. + +Specify the time interval in the following format: + +D:H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LockoutThreshold +Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. +This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. +This parameter sets the **LockoutThreshold** property of a password policy. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaxPasswordAge +Specifies the maximum length of time that you can have the same password. +After this time period, the password expires and you must create a new one. + +This parameter sets the **maxPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is maxPwdAge. + +Specify the time interval in the following format: + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MinPasswordAge +Specifies the minimum length of time before you can change a password. + +This parameter sets the **minPasswordAge** property of a password policy. +The LDAP display name (**ldapDisplayName**) for this property is minPwdAge. + +Specify the time interval in the following format: + +D.H:M:S.F + +where: + +D = Days (0 to 10675199) + +H = Hours (0 to 23) + +M = Minutes (0 to 59) + +S = Seconds (0 to 59) + +F= Fractions of a second (0 to 9999999) + +Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. + +```yaml +Type: TimeSpan +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MinPasswordLength +Specifies the minimum number of characters that a password must contain. +This parameter sets the **MinPasswordLength** property of the password policy. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordHistoryCount +Specifies the number of previous passwords to save. +A user cannot reuse a password in the list of saved passwords. +This parameter sets the **PasswordHistoryCount** property for a password policy. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Precedence +Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. +This parameter sets the **Precedence** property for a fine-grained password policy. +The LDAP display name (**ldapDisplayName**) for this property is msDS-PasswordSettingsPrecedence. + +This value determines which password policy to use when more than one password policy applies to a user or group. +When there is a conflict, the password policy that has the lower **Precedence** property value has higher priority. +For example, if PasswordPolicy1 has a **Precedence** property value of 200 and PasswordPolicy2 has a **Precedence** property value of 100, PasswordPolicy2 is used. + +Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. +For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. + +If the specified *Precedence* parameter is already assigned to another password policy object, the cmdlet returns a terminating error. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReversibleEncryptionEnabled +Specifies whether the directory must store passwords using reversible encryption. +This parameter sets the **ReversibleEncryption** property for a password policy. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +A fine-grained password policy object is received by the *Identity* parameter. + +A fine-grained password policy object that was retrieved by using the **Get-ADFineGrainedPasswordPolicy** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy +This cmdlet returns the modified fine-grained password policy object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with Active Directory Lightweight Directory Services (AD LDS). +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADFineGrainedPasswordPolicy](./Get-ADFineGrainedPasswordPolicy.md) + +[New-ADFineGrainedPasswordPolicy](./New-ADFineGrainedPasswordPolicy.md) + +[Remove-ADFineGrainedPasswordPolicy](./Remove-ADFineGrainedPasswordPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADForest.md b/docset/winserver2025-ps/activedirectory/Set-ADForest.md new file mode 100644 index 0000000000..d29f9d9054 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADForest.md @@ -0,0 +1,351 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adforest?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADForest +--- + +# Set-ADForest + +## SYNOPSIS +Modifies an Active Directory forest. + +## SYNTAX + +``` +Set-ADForest [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] [-Identity] + [-PassThru] [-Server ] [-SPNSuffixes ] [-UPNSuffixes ] [] +``` + +## DESCRIPTION +The **Set-ADForest** cmdlet modifies the properties of an Active Directory forest. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory forest to modify. +You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADForest** cmdlet to retrieve a forest object and then pass the object through the pipeline to the **Set-ADForest** cmdlet. + +The *Instance* parameter provides a way to update a forest object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory forest object that has been modified, the **Set-ADForest** cmdlet makes the same changes to the original forest object. +To get a copy of the object to modify, use the **Get-ADForest** object. +The *Identity* parameter is not allowed when you use the *Instance* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Update a property for a forest +``` +PS C:\> Set-ADForest -Identity fabrikam.com -UPNSuffixes @{replace="fabrikam.com","fabrikam","corp.fabrikam.com"} +``` + +This command sets the **UPNSuffixes** property for the fabrikam.com forest. + +### Example 2: Add a value to a forest property +``` +PS C:\> Set-ADForest -Identity fabrikam.com -SPNSuffixes @{add="corp.fabrikam.com"} +``` + +This command adds corp.fabrikam.com to the **SPNSuffixes** property on the forest fabrikam.com. + +### Example 3: Update a property for a forest +``` +PS C:\> Get-ADForest | Set-ADForest -SPNSuffixes @{Add="corp.fabrikam.com";Remove="fabrikam"} +``` + +This command gets the forest of the current logged on user and updates the **SPNSuffixes** property. + +### Example 4: Clear a property for a forest +``` +PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes $Null +``` + +This command gets the forest of the current logged on user and clears the **UPNSuffixes** property. + +### Example 5: Update a property for a local forest +``` +PS C:\> $Forest = Get-ADForest -Identity fabrikam.com +PS C:\> $Forest.UPNSuffixes = "fabrikam.com","fabrikam","corp.fabrikam.com" +PS C:\> Set-ADForest -Instance $Forest +``` + +This example modifies the **UPNSuffixes** property for the fabrikam.com forest. +The example modifies a local instance of the fabrikam.com forest, and then specifies the *Instance* parameter for the current cmdlet as the local instance. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name such as User1 or Domain01\User01, or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory forest object by providing one of the following attribute values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A fully qualified domain name +- A GUID (objectGUID) +- A DNS host name +- A NetBIOS name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. + +```yaml +Type: ADForest +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` +### -SPNSuffixes +Modifies the list of service principal name (SPN) suffixes of the forest. +This parameter sets the multi-valued **msDS-SPNSuffixes** property of the cross-reference container. +This parameter uses the following syntax to add remove, replace, or clear SPN suffix values. + +To add values: + +`-SPNSuffixes @{Add=value1,value2,...}` + +To remove values: + +`-SPNSuffixes @{Remove=value3,value4,...}` + +To replace values: + +`-SPNSuffixes @{Replace=value1,value2,...}` + +To clear all values: + +`-SPNSuffixes $Null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove SPN suffix values: + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -UPNSuffixes +Modifies the list of user principal name (UPN) suffixes of the forest. +This parameter sets the multi-valued **msDS-UPNSuffixes** property of the cross-reference container. +This parameter uses the following syntax to add remove, replace, or clear UPN suffix values. + +To add values: + +`-UPNSuffixes @{Add=value1,value2,...}` + +To remove values: + +`-UPNSuffixes @{Remove=value3,value4,...}` + +To replace values: + +`-UPNSuffixes @{Replace=value1,value2,...}` + +To clear all values: + +`-UPNSuffixes $Null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove UPN suffix values: + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADForest +A forest object is received by the *Identity* parameter. + +A forest object that was retrieved by using the **Get-ADForest** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADForest +Returns the modified forest object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADForest](./Get-ADForest.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADForestMode.md b/docset/winserver2025-ps/activedirectory/Set-ADForestMode.md new file mode 100644 index 0000000000..367939a541 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADForestMode.md @@ -0,0 +1,263 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adforestmode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADForestMode +--- + +# Set-ADForestMode + +## SYNOPSIS +Sets the forest mode for an Active Directory forest. + +## SYNTAX + +``` +Set-ADForestMode [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-ForestMode] [-Identity] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADForestMode** cmdlet sets the forest mode for an Active Directory forest. +You specify the forest mode by setting the *ForestMode* parameter. + +The *Identity* parameter specifies the Active Directory forest to modify. +You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. +You can also specify the forest by passing a forest object through the pipeline. +For example, you can use the **Get-ADForest** cmdlet to retrieve a forest object and then pass the object through the pipeline to the Set-ADForestMode cmdlet. + +**Set-ADForestMode** prompts for confirmation by default. + +## EXAMPLES + +### Example 1: Set the forest mode for a forest +``` +PS C:\> Set-ADForestMode -Identity fabrikam.com -ForestMode Windows2003Forest +``` + +This command sets the *ForestMode* to Windows2003Forest in the forest fabrikam.com. + +### Example 2: Set the forest mode for the current user +``` +PS C:\> $CurrentForest = Get-ADForest +PS C:\> Set-ADForestMode -Identity $CurrentForest -Server $CurrentForest.SchemaMaster -ForestMode Windows2008R2Forest +``` + +This example sets the forest mode of the current user's forest. +The set operation targets the schema master flexible single master operation (FSMO) role to apply the update. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. +Lin + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForestMode +Specifies the forest mode for an Active Directory forest. +The acceptable values for this parameter are: + +- Windows2000Forest or 0 +- Windows2003InterimForest or 1 +- Windows2003Forest or 2 +- Windows2008Forest or 3 +- Windows2008R2Forest or 4 +- Windows2012Forest or 5 +- Windows2012R2Forest or 6 +- Windows2016Forest or 7 + +The values are listed in order of functionality from least to most. + +```yaml +Type: ADForestMode +Parameter Sets: (All) +Aliases: +Accepted values: Windows2000Forest, Windows2003InterimForest, Windows2003Forest, Windows2008Forest, Windows2008R2Forest, Windows2012Forest, Windows2012R2Forest, Windows2016Forest, UnknownForest + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory forest object by providing one of the following attribute values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A fully qualified domain name +- A GUID (objectGUID) +- A DNS host name +- A NetBIOS name + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. + +```yaml +Type: ADForest +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADForest +You can pipe a forest object to the *Identity* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADForest +This cmdlet returns the modified forest object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADForest](./Get-ADForest.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADGroup.md b/docset/winserver2025-ps/activedirectory/Set-ADGroup.md new file mode 100644 index 0000000000..7caa36038d --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADGroup.md @@ -0,0 +1,599 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADGroup +--- + +# Set-ADGroup + +## SYNOPSIS +Modifies an Active Directory group. + +## SYNTAX + +### Identity +``` +Set-ADGroup [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-DisplayName ] + [-GroupCategory ] [-GroupScope ] [-HomePage ] [-Identity] + [-ManagedBy ] [-Partition ] [-PassThru] [-Remove ] [-Replace ] + [-SamAccountName ] [-Server ] [] +``` + +### Instance +``` +Set-ADGroup [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] -Instance + [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADGroup** cmdlet modifies the properties of an Active Directory group. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory group to modify. +You can identify a group by its distinguished name, GUID, security identifier, or Security Account Manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass a group object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADGroup** cmdlet to get a group object and then pass the object through the pipeline to the **Set-ADGroup** cmdlet. + +The *Instance* parameter provides a way to update a group object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory group object that has been modified, the **Set-ADGroup** cmdlet makes the same changes to the original group object. +To get a copy of the object to modify, use the **Get-ADGroup** cmdlet. +The *Identity* parameter is not allowed when you use the *Instance* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Set a property for a group +``` +PS C:\> Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru + +DistinguishedName : CN=AccessControl,DC=AppNC +GroupCategory : Security +GroupScope : DomainLocal +Name : AccessControl +ObjectClass : group +ObjectGUID : d65f5e8f-36da-4390-9840-8b9fde6282fc +SID : S-1-510474493-936115905-2782881406-1264922549-3814061485-1557022459 +``` + +This command sets the **Description** property of the group named AccessControl to Access Group on an Active Directory Application Mode (ADAM) instance. + +### Example 2: Set the description for filtered groups +``` +PS C:\> Get-ADGroup -Filter 'name -like "Access*"' | Set-ADGroup -Description "Access Group" +``` + +This command modifies the **Description** property on all groups that have a name that starts with Access by using the pipeline operator. + +### Example 3: Set a property by specifying an instance +``` +PS C:\> $Group = Get-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" +PS C:\> $Group.Description = "Access Group" +PS C:\> Set-ADGroup -Instance $Group -Passthru + +DistinguishedName : CN=AccessControl,DC=AppNC +GroupCategory : Security +GroupScope : DomainLocal +Name : AccessControl +ObjectClass : group +ObjectGUID : d65f5e8f-36da-4390-9840-8b9fde6282fc +SID : S-1-510474493-936115905-2782881406-1264922549-3814061485-1557022459 +``` + +This example sets the **Description** property on the AccessControl group by using the *Instance* parameter. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupCategory +Specifies the category of the group. +The acceptable values for this parameter are: + +- Distribution or 0 +- Security or 1 + +This parameter sets the **GroupCategory** property of the group. +This parameter value combined with other group values sets the LDAP display name (**ldapDisplayName**) attribute named groupType. + +```yaml +Type: ADGroupCategory +Parameter Sets: Identity +Aliases: +Accepted values: Distribution, Security + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupScope +Specifies the group scope of the group. +The acceptable values for this parameter are: + +- DomainLocal or 0 +- Global or 1 +- Universal or 2 + +This parameter sets the **GroupScope** property of a group object to the specified value. +The LDAP display name of this property is groupType. + +```yaml +Type: ADGroupScope +Parameter Sets: Identity +Aliases: +Accepted values: DomainLocal, Global, Universal + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory group object by providing one of the following values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADGroup +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a group object to use to update the actual Active Directory group object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update group objects that have been retrieved by using the **Get-ADGroup** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADGroup +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- SAM account name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In Active Directory Lightweight Directory Services (AD LDS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take a default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 20 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the string value provided is not terminated with a $ (dollar sign) character, the system adds one if necessary. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +A group object is received by the *Identity* parameter. + +A group object that was retrieved by using the **Get-ADGroup** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADGroup +Returns the modified group object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Add-ADGroupMember](./Add-ADGroupMember.md) + +[Add-ADPrincipalGroupMembership](./Add-ADPrincipalGroupMembership.md) + +[Get-ADGroup](./Get-ADGroup.md) + +[Get-ADGroupMember](./Get-ADGroupMember.md) + +[Get-ADPrincipalGroupMembership](./Get-ADPrincipalGroupMembership.md) + +[New-ADGroup](./New-ADGroup.md) + +[Remove-ADGroup](./Remove-ADGroup.md) + +[Remove-ADGroupMember](./Remove-ADGroupMember.md) + +[Remove-ADPrincipalGroupMembership](./Remove-ADPrincipalGroupMembership.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADObject.md b/docset/winserver2025-ps/activedirectory/Set-ADObject.md new file mode 100644 index 0000000000..c0e60118e7 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADObject.md @@ -0,0 +1,603 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADObject +--- + +# Set-ADObject + +## SYNOPSIS +Modifies an Active Directory object. + +## SYNTAX + +### Identity +``` +Set-ADObject [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-DisplayName ] [-Identity] + [-Partition ] [-PassThru] [-ProtectedFromAccidentalDeletion ] [-Remove ] + [-Replace ] [-Server ] [] +``` + +### Instance +``` +Set-ADObject [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] -Instance + [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADObject** cmdlet modifies the properties of an Active Directory object. +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Replace*, *Clear*, and *Remove* parameters. + +The *Identity* parameter specifies the Active Directory object to modify. +You can identify an object by its distinguished name or GUID. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADObject** cmdlet to retrieve an object and then pass the object through the pipeline to the **Set-ADObject** cmdlet. + +The *Instance* parameter provides a way to update an object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory object that has been modified, the **Set-ADObject** cmdlet makes the same changes to the original object. +To get a copy of the object to modify, use the **Get-ADObject** object. +The *Identity* parameter is not allowed when you use the *Instance* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Set a property on an object by distinguished name +``` +PS C:\> Set-ADObject -Identity 'CN=PattiFu Direct Reports,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM' -Description "Distribution List of Patti Fuller Direct Reports" +``` + +This command sets the **Description** property on the object with the distinguished name CN=PattiFu Direct Reports,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 2: Add a site to a property for an object +``` +PS C:\> Set-ADObject -Identity 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM' -Add @{siteList='CN=BO3,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM'} -Partition 'CN=Configuration,DC=FABRIKAM,DC=COM' +``` + +This command adds the site CN=BO3,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM to the property **siteList** on the object with the distinguished name CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM. + +### Example 3: Add URLs to an object property +``` +PS C:\> $UrlValues = @() +PS C:\> $UrlValues += "www.contoso.com" +PS C:\> $UrlValues += "www.fabrikam.com" +PS C:\> Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Add @{url=$UrlValues} +``` + +This command adds two new URLs to the **urlValues** property in the object with the GUID cdadd380-d3a8-4fd1-9d30-5cf72d94a056. + +### Example 4: Set values for a multi-valued attribute +``` +PS C:\> $UrlValues = @() +PS C:\> $UrlValues += "www.contoso.com" +PS C:\> $UrlValues += "www.fabrikam.com" +PS C:\> Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Replace @{url=$UrlValues;description="Patti Fuller"} +``` + +This command replaces the old values of the multi-valued attribute **url** with the new values and sets the value of the attribute **description**. + +### Example 5: Remove a value from an attribute +``` +PS C:\> Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Remove @{url="www.contoso.com"} -Replace @{description="Patti Fuller (European Manager)"} +``` + +This command removes the specified value from the **url** attribute and sets the value of the **description** attribute. + +### Example 6: Set a UAC bit on an object +``` +PS C:\> $MyComp = Get-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Properties "userAccountControl","description" +PS C:\> $MyComp.userAccountControl = $MyComp.userAccountControl -bor 50 +PS C:\> $MyComp.description = "Setting a new UAC on the object" +PS C:\> Set-ADObject -Instance $MyComp +``` + +This command sets a new User Access Control (UAC) bit on an object by updating the **userAccountControl** attribute, and sets the value of the **description** attribute. + +### Example 7: Protect an object from accidental deletion +``` +PS C:\> Set-ADObject -Identity "CN=InternalApps,DC=AppNC" -protectedFromAccidentalDeletion $True -Server "FABRIKAM-SRV1:60000" +``` + +This command sets container CN=InternalApps,DC=AppNC in an AD LDS instance to be protected from accidental deletion. + +### Example 8: Get an object and modify a property +``` +PS C:\> Get-ADObject -Identity "SecurityLevel2AccessGroup" | Set-ADObject -DisplayName "Security Level 2" +``` + +This command modifies the **DisplayName** property for the **SecurityLevel2AccessGroup** object. +The command uses the **Get-ADObject** cmdlet to get the object, and then passes the object to the current cmdlet by using the pipeline operator. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +For example, if you want to remove the value 555-222-2222 and add the values 555-222-1111 and 555-222-3333 to Phone-Office-Other attribute (LDAP display name otherTelephone), and add the value 555-222-9999 to Phone-Mobile-Other (LDAP display name otherMobile), set the *Add* and *Remove* parameters as follows: + +`-Add @{otherTelephone='555-222-1111', '555-222-3333'; otherMobile='555-222-9999' } -Remove @{otherTelephone='555-222-2222'}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +For example, if you want to clear the value for the Phone-Office-Other attribute (LDAP display name otherTelephone) set the *Clear* parameter as follows: + +`-Clear otherTelephone` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +The following example shows how to set this parameter to a sample description. + +`-Description "Description of the object"` + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +The following example shows how to set this parameter: + +`-DisplayName "Patti Fuller Laptop"` + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- Distinguished name +- GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +This example shows how to set this parameter to an **ADObject** object instance named ADObjectInstance: + +`-Identity $ADObjectInstance` + +```yaml +Type: ADObject +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of an Active Directory object to use to update the actual Active Directory object. +When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update Active Directory objects that have been retrieved by using the **Get-ADObject** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +The following is an example of how to use the **Get-ADObject** cmdlet to retrieve an instance of the object. +The object is modified by using the PowerShell command line. +Then the **Set-ADObject** cmdlet saves the changes to the Active Directory object. + +Step 1: Get a local instance of the object: + +`$ObjectInstance = Get-ADObject -Identity "CN=someObject, DC=contoso,DC=com"` + +Step 2: Modify one or more properties of the object instance: + +`$ObjectInstance.Description = "New Description"` + +Step3: Save your changes to the object: + +`Set-ADObject -Instance $ObjectInstance` + +```yaml +Type: ADObject +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +The following two examples show how to specify a value for this parameter. + +`-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM"` + +`-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM"` + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +The following example shows how to set this parameter to $True. + +`-ProtectedFromAccidentalDeletion $True` + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +For example, if you want to add the values blue and green and remove the value pink from a property with a LDAP display name of FavColors, set the *Add* and *Remove* parameters as follows: + +`-Add @{FavColors=Blue,Green} -Remove {FavColors=Pink}` + +When you use the *Add*, *Replace*, *Clear*, and *Remove* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- A NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +The following example shows how to specify a FQDN as the parameter value. + +`-Server "corp.contoso.com"` + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +An Active Directory object is received by the *Identity* parameter. +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +An object that was retrieved by using the **Get-ADObject** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADObject +Returns the modified object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADOrganizationalUnit.md b/docset/winserver2025-ps/activedirectory/Set-ADOrganizationalUnit.md new file mode 100644 index 0000000000..1fe4788240 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADOrganizationalUnit.md @@ -0,0 +1,629 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adorganizationalunit?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADOrganizationalUnit +--- + +# Set-ADOrganizationalUnit + +## SYNOPSIS +Modifies an Active Directory organizational unit. + +## SYNTAX + +### Identity +``` +Set-ADOrganizationalUnit [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-City ] + [-Clear ] [-Country ] [-Credential ] [-Description ] + [-DisplayName ] [-Identity] [-ManagedBy ] [-Partition ] + [-PassThru] [-PostalCode ] [-ProtectedFromAccidentalDeletion ] [-Remove ] + [-Replace ] [-Server ] [-State ] [-StreetAddress ] [] +``` + +### Instance +``` +Set-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADOrganizationalUnit** cmdlet modifies the properties of an Active Directory organizational unit (OU). +You can modify commonly used property values by using the cmdlet parameters. +**Property** values that are not associated with cmdlet parameters can be modified by using the *Add*, *Remove*, *Replace*, and *Clear* parameters. + +The *Identity* parameter specifies the Active Directory organizational unit to modify. +You can identify an organizational unit by its distinguished name or GUID. + +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADOrganizationalUnit** cmdlet to retrieve an organizational unit object and then pass the object through the pipeline to the **Set-ADOrganizationalUnit** cmdlet. + +The *Instance* parameter provides a way to update an organizational unit object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory organizational unit object that has been modified, the **Set-ADOrganizationalUnit** cmdlet makes the same changes to the original organizational unit object. +To get a copy of the object to modify, use the **Get-ADOrganizationalUnit** object. +When you specify the *Instance* parameter you should not pass the *Identity* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Set a description for an OU +``` +PS C:\> Set-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=FABRIKAM,DC=COM" -Description "This Organizational Unit holds all of the users accounts of FABRIKAM.COM" +``` + +This command sets the description of the OU with the distinguished name OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 2: Set the ProtectedFromAccidentalDeletion property for an OU +``` +PS C:\> Set-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $false +``` + +This command sets the **ProtectedFromAccidentalDeletion** property to $False on the OU with distinguished name OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 3: Set location properties for an OU +``` +PS C:\> Set-ADOrganizationalUnit -Identity "OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM" -Country "AU" -StreetAddress "45 Martens Place" -City Balmoral -State QLD -PostalCode 4171 -Replace @{co="Australia"} +``` + +This command sets the **Country**, **City**, **State**, **PostalCode**, and **Country** properties on the OU OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +### Example 4: Set a property for an OU in an AD LDS instance +``` +PS C:\> Set-ADOrganizationalUnit -Identity "OU=Managed,DC=AppNC" -Server "FABRIKAM-SRV1:60000" -Country "UK" +``` + +This command sets the **Country** property of the OU OU=Managed,DC=AppNC in an AD LDS instance. + +### Example 5: Set a property for a piped OU +``` +PS C:\> Get-ADOrganizationalUnit -Identity "AccountingDepartment" | Set-ADOrganizationalUnit -ManagedBy "PattiFullerGroup" +``` + +This command modifies the **ManagedBy** property for the AccountingDepartment OU. +The command uses the **Get-ADOrganizationalUnit** cmdlet to get the AccountingDepartment OU, and then passes the object to the current cmdlet by using the pipeline operator. + +### Example 6: Set a property for a local OU to modify an Active Directory OU +``` +PS C:\> $OrganizationalUnit = Get-ADOrganizationalUnit -Identity "AccountingDepartment" +PS C:\> $OrganizationalUnit.ManagedBy = "PattiFullerGroup" +PS C:\> Set-ADOrganizationalUnit -Instance $OrganizationalUnit +``` + +This example modifies the **ManagedBy** property for the AccountingDepartment OU. +The example modifies a local instance of the AccountingDepartment OU and then specifies the *Instance* parameter for the **Set-ADOrganizationalUnit** cmdlet as the local instance. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -City +Specifies the town or city. +This parameter sets the **City** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is l. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Country +Specifies the country or region code. +This parameter sets the **Country** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is c. +This value is not used by Windows 2000. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the OU object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the OU object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADOrganizationalUnit +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of an OU object to use to update the actual Active Directory OU object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update organizational unit objects that have been retrieved by using the **Get-ADOrganizationalUnit** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADOrganizationalUnit +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for *Partition* are set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* will be set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PostalCode +Specifies the postal code or zip code. +This parameter sets the **PostalCode** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is postalCode. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -State +Specifies the state or province. +This parameter sets the **State** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is st. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StreetAddress +Specifies the street address. +This parameter sets the **StreetAddress** property of an OU object. +The LDAP display name (**ldapDisplayName**) of this property is street. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit +An OU object is received by the *Identity* parameter. + +An organizational unit object that was retrieved by using the **Get-ADOrganizationalUnit** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit +Returns the modified OU object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADOrganizationalUnit](./Get-ADOrganizationalUnit.md) + +[New-ADOrganizationalUnit](./New-ADOrganizationalUnit.md) + +[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADReplicationConnection.md b/docset/winserver2025-ps/activedirectory/Set-ADReplicationConnection.md new file mode 100644 index 0000000000..94a9ba20e0 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADReplicationConnection.md @@ -0,0 +1,433 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adreplicationconnection?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADReplicationConnection +--- + +# Set-ADReplicationConnection + +## SYNOPSIS +Sets properties on Active Directory replication connections. + +## SYNTAX + +### Identity +``` +Set-ADReplicationConnection [-WhatIf] [-Confirm] [-Add ] [-AuthType ] + [-Clear ] [-Credential ] [-Identity] [-PassThru] + [-Remove ] [-Replace ] [-ReplicateFromDirectoryServer ] + [-ReplicationSchedule ] [-Server ] [] +``` + +### Instance +``` +Set-ADReplicationConnection [-WhatIf] [-Confirm] [-AuthType ] [-Clear ] + [-Credential ] -Instance [-PassThru] [-Server ] + [] +``` + +## DESCRIPTION +The **Set-ADReplicationConnection** cmdlet sets properties on Active Directory replication connections. +Connections are used to enable domain controllers to replicate with each other. +A connection defines a one-way, inbound route from one domain controller, the source, to another domain controller, the destination. +The Kerberos consistency checker (KCC) reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. + +## EXAMPLES + +### Example 1: Set a replication connection to a specified domain controller +``` +PS C:\> Set-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" -ReplicateFromDirectoryServer corp-DC01 +``` + +This command sets the replication connection with GUID 5f98e288-19e0-47a0-9677-57f05ed54f6b to replicate from corp-DC01. + +### Example 2: Set a daily replication schedule +``` +PS C:\> $Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule +PS C:\> $Schedule.ResetSchedule() +PS C:\> $Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") +PS C:\> Get-ADReplicationConnection -Filter "ReplicateFromDirectoryServer -eq 'corp-DC01'" -Properties ReplicationSchedule | % {Set-ADReplicationConnection $_ - ReplicationSchedule $Schedule} +``` + +This command gets all of the replication connections in the directory that replicates from corp-DC01, and then sets the daily replication schedule on these connection objects. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you are prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADReplicationConnection +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. + +You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing Active Directory object as a template for a new object. +To retrieve an instance of an existing Active Directory object, use a cmdlet such as **Get-ADObject**. +Then provide this object to the *Instance* parameter of the New-ADObject cmdlet to create a new Active Directory object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADObject** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADObject** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationConnection +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicateFromDirectoryServer +Specifies the domain controller to use as a source for this replication connection. + +```yaml +Type: ADDirectoryServer +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSchedule +Specifies the schedule on which the source server is available for replication. + +Replication occurs at intervals that administrators can schedule so that use of expensive WAN links is managed. +Use this parameter to specify the replication intervals. +For more information on how replication topology works, see [How Active Directory Replication Topology Works](https://go.microsoft.com/fwlink/?LinkId=223932) on TechNet. + +To specify the replication schedule: + +1. Create a new Active Directory schedule object. + For example: + + `$Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule;` + +2. Edit the schedule on the Active Directory schedule object. + For example: + + `$Schedule.ResetSchedule();` + + `$Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty");` + +3. Using the Active Directory schedule object, set the replication schedule of the connection. + + `Set-ADReplicationConnection "5f98e288-19e0-47a0-9677-57f05ed54f6b" -ReplicationSchedule $Schedule.` + +For more information on the **ActiveDirectorySchedule** class, see [ActiveDirectorySchedule Class](https://go.microsoft.com/fwlink/?LinkId=223933) on the Microsoft Developer Network. + +```yaml +Type: ActiveDirectorySchedule +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Directory Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationConnection +A connection object is received by the *Identity* parameter. + +A connection object that was retrieved by using the Get-ADReplicationConnection cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationConnection + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationConnection](./Get-ADReplicationConnection.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADReplicationSite.md b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSite.md new file mode 100644 index 0000000000..b303061980 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSite.md @@ -0,0 +1,709 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adreplicationsite?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADReplicationSite +--- + +# Set-ADReplicationSite + +## SYNOPSIS +Sets the replication properties for an Active Directory site. + +## SYNTAX + +### Identity +``` +Set-ADReplicationSite [-WhatIf] [-Confirm] [-Add ] [-AuthType ] + [-AutomaticInterSiteTopologyGenerationEnabled ] [-AutomaticTopologyGenerationEnabled ] + [-Clear ] [-Credential ] [-Description ] [-Identity] + [-InterSiteTopologyGenerator ] [-ManagedBy ] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-RedundantServerTopologyEnabled ] [-Remove ] + [-Replace ] [-ReplicationSchedule ] [-ScheduleHashingEnabled ] + [-Server ] [-TopologyCleanupEnabled ] [-TopologyDetectStaleEnabled ] + [-TopologyMinimumHopsEnabled ] [-UniversalGroupCachingEnabled ] + [-UniversalGroupCachingRefreshSite ] + [-WindowsServer2000BridgeheadSelectionMethodEnabled ] + [-WindowsServer2000KCCISTGSelectionBehaviorEnabled ] [-WindowsServer2003KCCBehaviorEnabled ] + [-WindowsServer2003KCCIgnoreScheduleEnabled ] + [-WindowsServer2003KCCSiteLinkBridgingEnabled ] [] +``` + +### Instance +``` +Set-ADReplicationSite [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADReplicationSite** cmdlet is used to set the properties for an Active Directory site that is being used for replication. +Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. +Sites can also be used to optimize replication between domain controllers. + +## EXAMPLES + +### Example 1: Set the replication site to prevent connections +``` +PS C:\> Set-ADReplicationSite -Identity NorthAmerica -InterSiteTopologyGenerator corp-DC02 -AutomaticInterSiteTopologyGenerationEnabled $False +``` + +The command sets the properties of the site with name NorthAmerica to prevent its intersite topology generator (ISTG) at corp-DC02 from generating connections for intersite replication. + +### Example 2: Set replication start times for a filtered list of sites +``` +PS C:\> Get-ADReplicationSite -Filter * | % {Set-ADReplicationSite $_ -ScheduleHashingEnabled $True} +``` + +This command returns all the sites in the directory and sets the **ScheduleHashingEnabled** property to spread replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. + +### Example 3: Set the replication schedule for a site +``` +PS C:\> $Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule +PS C:\> $Schedule.ResetSchedule() +PS C:\> $Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") +PS C:\> Set-ADReplicationSite -Identity "Asia" -ReplicationSchedule $Schedule +``` + +This example sets the daily replication schedule of the site with name Asia. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutomaticInterSiteTopologyGenerationEnabled +Indicates whether the cmdlet prevents the Knowledge Consistency Checker (KCC) that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. +Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutomaticTopologyGenerationEnabled +Indicates whether to enable automatic topology generation. +When enabled, prevents the KCC from generating intrasite connections on all servers in the site. +Disable this option if you use manual connections and do not want the KCC to build connections automatically. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the **Get-Credential** cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A connection name +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSite +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site object to use as a template for a new site object. + +You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site object as a template for a new object. +To retrieve an instance of an existing site object, use a cmdlet such as **Get-ADReplicationSite**. +Then provide this object to the Instance parameter of the **New-ADReplicationSite** cmdlet to create a new site object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSite** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSite** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationSite +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InterSiteTopologyGenerator +Specifies the server acting as the inter-site topology generator for this site. + +```yaml +Type: ADDirectoryServer +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ManagedBy +Specifies the user or group that manages the object by providing one of the following property values: + +- Distinguished name +- GUID (objectGUID) +- Security identifier (objectSid) +- SAM account name (sAMAccountName) + + Note: The identifier in parentheses is the LDAP display name for the property. + +This parameter sets the Active Directory attribute with an LDAP display name of managedBy. + +```yaml +Type: ADPrincipal +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedundantServerTopologyEnabled +Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. +When enabled, disables KCC failover. +Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED). + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSchedule +Specifies the default replication schedule for connections within this site (intra-site replication). + +```yaml +Type: ActiveDirectorySchedule +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ScheduleHashingEnabled +Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services (AD DS) instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services (AD LDS), AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TopologyCleanupEnabled +Indicates whether the cmdlet enables topology cleanup. +When enabled, this optional parameter prevents the Knowledge Consistency Checker(KCC) from removing connection objects that it does not need. +Disable this option if you want to take responsibility for removing old redundant connections. +Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TopologyDetectStaleEnabled +Indicates whether the cmdlet enables topology detect stale. +This parameter option prevents the Knowledge Consistency Checker (KCC) from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. +Use this option only if network communication is very unstable and brief outages are expected. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TopologyMinimumHopsEnabled +Indicates whether the cmdlet enables topology minimum hops. +When enabled, this parameter prevents the Knowledge Consistency Checker (KCC) from generating optimizing connections in the ring topology of intrasite replication. +Optimizing connections reduce the replication latency in the site and disabling them is not recommended. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UniversalGroupCachingEnabled +Indicates whether the cmdlet enables universal group caching. +If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. +It can be useful in sites with no GC servers available locally. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UniversalGroupCachingRefreshSite +Specifies the name of a site. +If universal group caching is enabled, this parameter sets the name of the site from which the cache is pulled. + +```yaml +Type: ADReplicationSite +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2000BridgeheadSelectionMethodEnabled +Indicates whether the cmdlet implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2000KCCISTGSelectionBehaviorEnabled +Indicates whether the cmdlet implements the Windows 2000 Server method of Intersite Topology Generator (ISTG) selection. +By default, it is disabled. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCBehaviorEnabled +Indicates whether the cmdlet implements Knowledge Consistency Checker (KCC) operation that is consistent with Windows Server 2003 forest functional level. +This option can be set if all domain controllers in the site are running Windows Server 2003. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCIgnoreScheduleEnabled +Indicates whether to ignore schedules. +When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsServer2003KCCSiteLinkBridgingEnabled +Indicates whether the cmdlet enables site link bridging. +When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides Knowledge Consistency Checker (KCC) control of the ability to enable or disable site link bridging. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite +A site object is received by the *Identity* parameter. + +A site object that was retrieved by using the **Get-ADReplicationSite** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSite + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSite](./Get-ADReplicationSite.md) + +[New-ADReplicationSite](./New-ADReplicationSite.md) + +[Remove-ADReplicationSite](./Remove-ADReplicationSite.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLink.md b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLink.md new file mode 100644 index 0000000000..dd44561919 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLink.md @@ -0,0 +1,478 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adreplicationsitelink?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADReplicationSiteLink +--- + +# Set-ADReplicationSiteLink + +## SYNOPSIS +Sets the properties for an Active Directory site link. + +## SYNTAX + +### Identity +``` +Set-ADReplicationSiteLink [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Cost ] [-Credential ] [-Description ] [-Identity] + [-PassThru] [-Remove ] [-Replace ] [-ReplicationFrequencyInMinutes ] + [-ReplicationSchedule ] [-Server ] [-SitesIncluded ] + [] +``` + +### Instance +``` +Set-ADReplicationSiteLink [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Instance ] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADReplicationSiteLink** cmdlet sets properties on an Active Directory site link. +A site link connects two or more sites. +Replication site links reflect the administrative policy for how sites interconnect and the methods used to transfer replication traffic. +You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. + +## EXAMPLES + +### Example 1: Add and remove sites from a replication site link +``` +PS C:\> Set-ADReplicationSiteLink -Identity "Europe-Asia" -SitesIncluded @{Add="Asia2";Remove="Asia"} +``` + +This command adds the site Asia2 to the replication site link Europe-Asia, and removes the site Asia. + +### Example 2: Set a property on filtered sites +``` +PS C:\> Get-ADReplicationSiteLink -Filter "ReplicationFrequencyInMinutes -ge 60" -Properties Cost | % {Set-ADReplicationSiteLink $_ -Cost 200} +``` + +This command gets all the site links in the directory with replication frequency greater than or equal to 60 minutes, and then sets the **Cost** property on these site link objects to 200. + +### Example 3: Set the daily replication schedule for a replication site link +``` +PS C:\> $Schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule +PS C:\> $Schedule.ResetSchedule() +PS C:\> $Schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") +PS C:\> Set-ADReplicationSiteLink -Identity "NorthAmerica-SouthAmerica" -ReplicationSchedule $Schedule +``` + +This command sets the daily replication schedule of the site link with name NorthAmerica-SouthAmerica. + +### Example 4: Enable change notification for a replication site link +``` +PS C:\> Set-ADReplicationSiteLink -Identity "Europe-Asia" -Replace @{'options'=1} +``` + +This command enables change notification on the site link with the name Europe-Asia. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that will be cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Cost +Specifies the cost to be placed on the site link. +For more information on determining the cost, see [Determining the Cost](https://go.microsoft.com/fwlink/?LinkId=221871) in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLink +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site link object to use as a template for a new site link object. + +You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site link object as a template for a new object. +To retrieve an instance of an existing site link object, use a cmdlet such as **Get-ADReplicationSiteLink**. +Then provide this object to the *Instance* parameter of the **New-ADReplicationSiteLink** cmdlet to create a new site link object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSiteLink** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSiteLink** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationSiteLink +Parameter Sets: Instance +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationFrequencyInMinutes +Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. +Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. +By default, intersite replication across each site link occurs every 180 minutes (3 hours). +You can adjust this frequency to match your specific needs. +Be aware that increasing this frequency increases the amount of bandwidth used by replication. + +```yaml +Type: Int32 +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSchedule +Specifies the default replication schedule for any connections within this site link (intra-site replication). +This allows you to schedule the availability of site links for use by replication. +By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. +You can limit this schedule to specific days of the week and times of day. +You can, for example, schedule intersite replication so that it only occurs after normal business hours. + +```yaml +Type: ActiveDirectorySchedule +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SitesIncluded +Specifies the list of sites included in the site link. +For **Set-ADReplicationSiteLink** operations, you can add or include new sites within an existing site link by specifying them using this parameter. +You do not have to specify all previously listed sites already within this link. + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink +A site link object is received by the *Identity* parameter. + +A site link object that was retrieved by using the **Get-ADReplicationSiteLink** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSiteLink](./Get-ADReplicationSiteLink.md) + +[New-ADReplicationSiteLink](./New-ADReplicationSiteLink.md) + +[Remove-ADReplicationSiteLink](./Remove-ADReplicationSiteLink.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLinkBridge.md b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLinkBridge.md new file mode 100644 index 0000000000..5a6830bf54 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSiteLinkBridge.md @@ -0,0 +1,406 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adreplicationsitelinkbridge?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADReplicationSiteLinkBridge +--- + +# Set-ADReplicationSiteLinkBridge + +## SYNOPSIS +Sets the properties of a replication site link bridge in Active Directory. + +## SYNTAX + +### Identity +``` +Set-ADReplicationSiteLinkBridge [-WhatIf] [-Confirm] [-Add ] [-AuthType ] + [-Clear ] [-Credential ] [-Description ] + [-Identity] [-PassThru] [-Remove ] [-Replace ] + [-Server ] [-SiteLinksIncluded ] [] +``` + +### Instance +``` +Set-ADReplicationSiteLinkBridge [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Instance ] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADReplicationSiteLinkBridge** cmdlet sets the properties for a replication site link bridge in Active Directory. +A site link bridge connects two or more site links and enables transitivity between site links. +Each site link in a bridge must have a site in common with another site link in the bridge. + +## EXAMPLES + +### Example 1: Configure a site link in a site link bridge +``` +PS C:\> Set-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" -SiteLinksIncluded @{Add='NorthAmerica-Europe2','Europe2-Asia';Remove='NorthAmerica-Europe','Europe-Asia'} +``` + +This command updates the site link bridge NorthAmerica-Asia to use Europe2 instead of Europe. + +### Example 2: Configure a filtered list of site link bridges +``` +PS C:\> Get-ADReplicationSiteLinkBridge -Filter "SiteLinksIncluded -eq 'NorthAmerica-Europe' -and SiteLinksIncluded -eq 'Europe-Asia'" -Properties SiteLinksIncluded | % {Set-ADReplicationSiteLinkBridge $_ -SiteLinksIncluded @{Add='NorthAmerica-Europe2','Europe2-Asia';Remove='NorthAmerica-Europe','Europe-Asia'}} +``` + +This command gets all the site link bridges in the directory that includes site links NorthAmerica-Europe and Europe-Asia, and then updates the site link bridge objects to use Europe2 instead of Europe. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that will be cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSiteLinkBridge +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. + +You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing site link bridge object as a template for a new object. +To retrieve an instance of an existing site link bridge object, use a cmdlet such as **Get-ADReplicationSiteLinkBridge**. +Then provide this object to the *Instance* parameter of the New-ADReplicationSiteLinkBridge cmdlet to create a new site link bridge object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSiteLinkBridge** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADReplicationSiteLinkBridge** cmdlet to create the new Active Directory object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationSiteLinkBridge +Parameter Sets: Instance +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the *Server* value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteLinksIncluded +Specifies the list of site links that are included in this site link bridge. +Accepted values for this parameter are the distinguished name (DN), a GUID, or the name of a site link. + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge +A site link bridge object is received by the *Identity* parameter. + +A site link bridge object that was retrieved by using the **Get-ADReplicationSiteLinkBridge** cmdlet and then modified is received by the **Instance** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSiteLinkBridge](./Get-ADReplicationSiteLinkBridge.md) + +[New-ADReplicationSiteLinkBridge](./New-ADReplicationSiteLinkBridge.md) + +[Remove-ADReplicationSiteLinkBridge](./Remove-ADReplicationSiteLinkBridge.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADReplicationSubnet.md b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSubnet.md new file mode 100644 index 0000000000..e6b5bc4a18 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADReplicationSubnet.md @@ -0,0 +1,406 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adreplicationsubnet?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADReplicationSubnet +--- + +# Set-ADReplicationSubnet + +## SYNOPSIS +Sets the properties of an Active Directory replication subnet object. + +## SYNTAX + +### Identity +``` +Set-ADReplicationSubnet [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-Identity] [-Location ] + [-PassThru] [-Remove ] [-Replace ] [-Server ] [-Site ] + [] +``` + +### Instance +``` +Set-ADReplicationSubnet [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Instance ] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADReplicationSubnet** cmdlet sets the properties of an Active Directory replication subnet object. +Subnet objects (class subnet) define network subnets in Active Directory. +A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. +Subnets group computers in a way that identifies their physical proximity on the network. +Subnet objects in Active Directory are used to map computers to sites. + +## EXAMPLES + +### Example 1: Set a specified replication subnet +``` +PS C:\> Set-ADReplicationSubnet -Identity "10.0.0.12/22" -Site Asia -Location "Tokyo,Japan" +``` + +This command sets the properties of the replication subnet identified as 10.0.0.12/22. + +### Example 2: Set a filtered list of replication subnets +``` +PS C:\> Get-ADReplicationSubnet -Filter "Location -like '*Japan'" -Properties Site | % {Set-ADReplicationSubnet $_ -Site Asia} +``` + +This command gets all of the replication subnets that are in Japan, and sets Asia as their associated site. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the **Add**, **Remove**, **Replace** and **Clear** parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that will be cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the [Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADReplicationSubnet +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a subnet object to use as a template for a new subnet object. + +You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing subnet object as a template for a new object. +To retrieve an instance of an existing subnet object, use a cmdlet such as **Get-ADReplicationSubnet**. +Then provide this object to the **Instance** parameter of the **New-ADReplicationSubnet** cmdlet to create a new subnet object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADReplicationSubnet** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the **Instance** parameter of the **New-ADReplicationSubnet** cmdlet to create the new subnet object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADReplicationSubnet +Parameter Sets: Instance +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Location +Specifies a string that can be used to describe the physical location of this subnet. +This value may be displayed or made visible when the subnet object appears in other Active Directory administrative tools. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the **Add**, **Remove**, **Replace** and **Clear** parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Site +Specifies the site associated with this subnet. + +```yaml +Type: ADReplicationSite +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet +A subnet object is received by the *Identity* parameter. + +A subnet object that was retrieved by using the **Get-ADReplicationSubnet** cmdlet and then modified is received by the **Instance** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet + +## NOTES + +## RELATED LINKS + +[Get-ADReplicationSubnet](./Get-ADReplicationSubnet.md) + +[New-ADReplicationSubnet](./New-ADReplicationSubnet.md) + +[Remove-ADReplicationSubnet](./Remove-ADReplicationSubnet.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADResourceProperty.md b/docset/winserver2025-ps/activedirectory/Set-ADResourceProperty.md new file mode 100644 index 0000000000..9f252b700c --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADResourceProperty.md @@ -0,0 +1,478 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adresourceproperty?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADResourceProperty +--- + +# Set-ADResourceProperty + +## SYNOPSIS +Modifies a resource property in Active Directory. + +## SYNTAX + +### Identity +``` +Set-ADResourceProperty [-WhatIf] [-Confirm] [-Add ] [-AppliesToResourceTypes ] + [-AuthType ] [-Clear ] [-Credential ] [-Description ] + [-DisplayName ] [-Enabled ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] [-Server ] + [-SharesValuesWith ] [-SuggestedValues ] [] +``` + +### Instance +``` +Set-ADResourceProperty [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADResourceProperty** cmdlet can be used to modify a resource property in Active Directory. + +## EXAMPLES + +### Example 1: Set the suggested values for a resource property +``` +PS C:\> $US = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("US", "United States of America", "United States of America") +PS C:\> $JP = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("JP", "Japan", "Japan") +PS C:\> Set-ADResourceProperty -Identity Country -SuggestedValues $US,$JP +``` + +This command sets the suggested values of the resource property with display name Country to US and JP. +Applications using this resource property would allow their users to specify one of the suggested values as this resource property's value. + +### Example 2: Set a reference property to use shared values +``` +PS C:\> Set-ADResourceProperty -Identity Country -SharesValuesWith Country +``` + +This command sets the resource property with display name Country to reference an existing claim type named **Country** for its suggested values. +This enables the resource property to be always valid for comparisons with the referenced claim type in a central access rule. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AppliesToResourceTypes +Specifies the list of resource types that this property applies to. +For Set-ADResourceProperty operations, you can add or include new resource types within an existing property by specifying them using this parameter. +You do not have to specify all previously listed resource types already within this property. + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that will be cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Displays the name of the resource property. +The display name of the resource property must be unique. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Specifies whether the resource property is enabled. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourceProperty +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a resource property object to use as a template for a new resource property object. + +You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing resource property object as a template for a new object. +To retrieve an instance of an existing resource property object, use a cmdlet such as **Get-ADResourceProperty**. +Then provide this object to the *Instance* parameter of the **New-ADResourceProperty** cmdlet to create a new resource property object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADResourceProperty** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the *Instance* parameter of the **New-ADResourceProperty** cmdlet to create the new resource property object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error. + +```yaml +Type: ADResourceProperty +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SharesValuesWith +Specifies a reference resource property. +Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. +This enables the resource property to be always valid for comparisons with the referred claim type in a central access rule. + +```yaml +Type: ADClaimType +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SuggestedValues +Specifies one or more suggested values for the resource property. +An application may choose to present this list of suggested values for the user to choose from. +When **RestrictValues** is set to $True, the application should restrict the user to pick values from this list only. + +```yaml +Type: ADSuggestedValueEntry[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADResourceProperty + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADResourceProperty](./Get-ADResourceProperty.md) + +[New-ADResourceProperty](./New-ADResourceProperty.md) + +[Remove-ADResourceProperty](./Remove-ADResourceProperty.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADResourcePropertyList.md b/docset/winserver2025-ps/activedirectory/Set-ADResourcePropertyList.md new file mode 100644 index 0000000000..f9c652c318 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADResourcePropertyList.md @@ -0,0 +1,391 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adresourcepropertylist?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADResourcePropertyList +--- + +# Set-ADResourcePropertyList + +## SYNOPSIS +Modifies a resource property list in Active Directory. + +## SYNTAX + +### Identity +``` +Set-ADResourcePropertyList [-WhatIf] [-Confirm] [-Add ] [-AuthType ] [-Clear ] + [-Credential ] [-Description ] [-Identity] [-PassThru] + [-ProtectedFromAccidentalDeletion ] [-Remove ] [-Replace ] [-Server ] + [] +``` + +### Instance +``` +Set-ADResourcePropertyList [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADResourcePropertyList** cmdlet can be used to modify a resource property list in Active Directory. + +## EXAMPLES + +### Example 1: Modify a resource property list +``` +PS C:\> Set-ADResourcePropertyList -Identity "Corporate Resource Property List" -Description "For corporate documents." +``` + +This command sets the resource property list named Corporate Resource Property List with the description For corporate documents. + +### Example 2: Get a resource property list and modify it +``` +PS C:\> Get-ADResourcePropertyList -Name "Corporate Resource Property List" | Set-ADResourcePropertyList -Description "For corporate documents." +``` + +This command gets the resource property list named Corporate Resource Property List and then sets its description. + +## PARAMETERS + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the Lightweight Directory Access Protocol (LDAP) display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that will be cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP Display Name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies an instance of a resource property list object to use as a template for a new resource property list object. + +You can use an instance of an existing resource property list object as a template or you can construct a resource property list object by using the Windows PowerShell command line or by using a script. + +Method 1: Use an existing resource property list object as a template for a new object. +To retrieve an instance of an existing resource property list object, use a cmdlet such as **Get-ADResourcePropertyList**. +Then provide this object to the Instance parameter of the **New-ADResourcePropertyList** cmdlet to create a new resource property list object. +You can override property values of the new object by setting the appropriate parameters. + +Method 2: Create a new **ADResourcePropertyList** and set the property values by using the Windows PowerShell command line interface. +Then pass this object to the Instance parameter of the **New-ADResourcePropertyList** cmdlet to create the new resource property list object. + +Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. + +```yaml +Type: ADResourcePropertyList +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtectedFromAccidentalDeletion +Specifies whether to prevent the object from being deleted. +When this property is set to true, you cannot delete the corresponding object without changing the value of the property. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTypeList + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADClaimTypeList + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADResourcePropertyList](./Get-ADResourcePropertyList.md) + +[New-ADResourcePropertyList](./New-ADResourcePropertyList.md) + +[Remove-ADResourcePropertyList](./Remove-ADResourcePropertyList.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Set-ADServiceAccount.md new file mode 100644 index 0000000000..70d18e4513 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADServiceAccount.md @@ -0,0 +1,859 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADServiceAccount +--- + +# Set-ADServiceAccount + +## SYNOPSIS +Modifies an Active Directory managed service account or group managed service account object. + +## SYNTAX + +### Identity +``` +Set-ADServiceAccount [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-Add ] [-AuthenticationPolicy ] + [-AuthenticationPolicySilo ] [-AuthType ] [-Certificates ] + [-Clear ] [-CompoundIdentitySupported ] [-Credential ] + [-Description ] [-DisplayName ] [-DNSHostName ] [-Enabled ] + [-HomePage ] [-Identity] [-KerberosEncryptionType ] + [-Partition ] [-PassThru] [-PrincipalsAllowedToDelegateToAccount ] + [-PrincipalsAllowedToRetrieveManagedPassword ] [-Remove ] [-Replace ] + [-SamAccountName ] [-Server ] [-ServicePrincipalNames ] + [-TrustedForDelegation ] [] +``` + +### Instance +``` +Set-ADServiceAccount [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + -Instance [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Set-ADServiceAccount** cmdlet modifies the properties of an Active Directory managed service account (MSA). +You can modify commonly used property values by using the cmdlet parameters. +Property values that are not associated with cmdlet parameters can be modified by using the *Add*, *Remove*, *Replace*, and *Clear* parameters. + +The *Identity* parameter specifies the Active Directory MSA to modify. +You can identify an MSA by its distinguished name, GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADServiceAccount** cmdlet to retrieve a MSA object and then pass the object through the pipeline to the **Set-ADServiceAccount** cmdlet. + +The *Instance* parameter provides a way to update an MSA object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory MSA object that has been modified, the **Set-ADServiceAccount** cmdlet makes the same changes to the original MSA object. +To get a copy of the object to modify, use the **Get-ADServiceAccount** object. +When you specify the *Instance* parameter you should not pass the *Identity* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +## EXAMPLES + +### Example 1: Set the description for an MSA +``` +PS C:\> Set-ADServiceAccount -Identity Service1 -Description "Secretive Data Server" +``` + +This command sets the description of the MSA identified as Service1 to Secretive Data Server. + +### Example 2: Replace the value of a property for an MSA +``` +PS C:\> Set-ADServiceAccount -Identity Mongol01ADAM -ServicePrincipalNames @{replace="ADAMwdb/a.contoso.com", "ADAMbdb/a.contoso.com"} +``` + +This command replaces the value of property **ServicePrincipalNames** with ADAMwdb/a.contoso.com, ADAMbdb/a.contoso.com. + +### Example 3: Set the principals allowed to retrieve the password for an MSA +``` +PS C:\> Set-ADServiceAccount -Identity Service1 -PrincipalsAllowedToRetrieveManagedPassword "MsaAdmins.corp.contoso.com" +``` + +This command sets the principals allowed to retrieve the password for this MSA to be limited to members of the specified Active Directory group account. + +### Example 4: Set the ServicePrincipalNames property +``` +PS C:\> Set-ADServiceAccount -Identity AccessTSQA -ServicePrincipalNames @{Add=ACCESSAPP/TSQA.contoso.com} +``` + +This command modifies the **ServicePrincipalNames** property for the AccessTSQA MSA by specifying the *Identity* and *ServicePrincipalNames* parameters. + +### Example 5: Get a specified MSA and modify its ServicePrincipalNames property +``` +PS C:\> Get-ADServiceAccount -Identity "AccessTSQA" | Set-ADServiceAccount -ServicePrincipalNames @{Add=ACCESSAPP/TSQA.contoso.com} +``` + +This command modifies the **ServicePrincipalNames** property for the AccessTSQA MSA. +The command uses the **Get-ADServiceAccount** cmdlet to get the AccessTSQA MSA, and then passes the AccessTSQA MSA to the current cmdlet by using the pipeline operator. + +### Example 6: Set an MSA from a local instance +``` +PS C:\> $ServiceAccount = Get-ADServiceAccount -Identity "AccessTSQA" +PS C:\> $ServiceAccount.ServicePrincipalNames = @{Add=ACCESSAPP/TSQA.contoso.com} +PS C:\> Set-ADServiceAccount -Instance $ServiceAccount +``` + +This example modifies the **ServicePrincipalNames** property for the AccessTSQA MSA. +The example modifies a local instance of the AccessTSQA MSA, and then specifies the *Instance* parameter for the current cmdlet as the local instance. + +## PARAMETERS + +### -AccountExpirationDate +Specifies the expiration date for an account. +This parameter sets the **AccountExpirationDate** property of an account object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is accountExpires. + +Use the **DateTime** syntax when you specify this parameter. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountNotDelegated +Indicates whether the security context of the user is delegated to a service. +When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Add +Specifies values to add to an object property. +Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -AuthenticationPolicy +Specifies an Active Directory Domain Services (AD DS) authentication policy object. +Specify the authentication policy object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo +Specifies an AD DS authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Certificates +Specifies an array of certificates. +The cmdlet modifies the DER-encoded X.509v3 certificates of the account. +These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. +This parameter sets the **Certificates** property of the account object. +The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this property is userCertificate. + +To add values: + +`-Certificates @{Add=value1,value2,...}` + +To remove values: + +`-Certificates @{Remove=value3,value4,...}` + +To replace values: + +`-Certificates @{Replace=value1,value2,...}` + +To clear all values: + +`-Certificates $Null` + +You can specify more than one operation by using a list separated by semicolons. +For example, use the following syntax to add and remove **Certificates** values: + +`-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear +Specifies an array of object properties that are cleared in the directory. +Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can modify more than one property by specifying a comma-separated list. +The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported +Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. +This value sets the compound identity supported flag of the Active Directory **msDS-SupportedEncryptionTypes** attribute. + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute will be overwritten by the service or system which manages the setting. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet. +You can then set the *Credential* parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -Description +Specifies a description of the object. +This parameter sets the value of the **Description** property for the object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DNSHostName +Specifies the DNS host name. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Specifies if an account is enabled. +An enabled account requires a password. +This parameter sets the **Enabled** property for an account object. +This parameter also sets the **ADS_UF_ACCOUNTDISABLE** flag of the Active Directory User Account Control (UAC) attribute. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomePage +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Instance +Specifies a modified copy of a service account object to use to update the actual Active Directory service account object. +When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. +The cmdlet only updates the object properties that have changed. + +The *Instance* parameter can only update service account objects that have been retrieved by using the **Get-ADServiceAccount** cmdlet. +When you specify the *Instance* parameter, you cannot specify other parameters that set properties on the object. + +```yaml +Type: ADServiceAccount +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType +Specifies whether an account supports Kerberos encryption types that are used when creating service tickets. +This value sets the encryption types supported flags of the Active Directory **msDS-SupportedEncryptionTypes** attribute. +The acceptable values for this parameter are: + +- None +- DES +- RC4 +- AES128 +- AES256 + +None removes all encryption types from the account, which may result in the KDC being unable to issue service tickets for services using the account. + +DES is a weak encryption type that is not supported by default since Windows 7 and Windows Server 2008 R2. + +Warning: Domain-joined Windows systems and services such as clustering manage their own **msDS-SupportedEncryptionTypes** attribute. +Therefore any changes to the flag on the **msDS-SupportedEncryptionTypes** attribute are overwritten by the service or system that manages the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: Identity +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In Active Directory Domain Services (AD DS) environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of *Partition* is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for *Partition* is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of *Partition* is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of *Partition* is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of *Partition* will be set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent (DSA) object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount +Specifies the accounts which can act on the behalf of users to services running as this Managed Service Account or Group Managed Service Account. +This parameter sets the **msDS-AllowedToActOnBehalfOfOtherIdentity** attribute of the object. + +```yaml +Type: ADPrincipal[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToRetrieveManagedPassword +Specifies the membership policy for systems which can use a group managed service account. +For a service to run under a group managed service account, the system must be in the membership policy of the account. +This parameter sets the **msDS-GroupMSAMembership** attribute of a group managed service account object. +This parameter should be set to the principals allowed to use this group managed service account. + +```yaml +Type: ADPrincipal[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove +Specifies that the cmdlet remove values of an object property. +Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. +To remove an object property, you must use the LDAP display name. +You can remove more than one property by specifying a semicolon-separated list. +The format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the parameters will be applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace +Specifies values for an object property that will replace the current values. +Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. +To modify an object property, you must use the LDAP display name. +You can specify multiple values to a property by specifying a comma-separated list of values, and more than one property by separating them using a semicolon. +The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamAccountName +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. +The maximum length of the description is 256 characters. +To be compatible with older operating systems, create a SAM account name that is 20 characters or less. +This parameter sets the **SAMAccountName** for an account object. +The LDAP display name (**ldapDisplayName**) for this property is sAMAccountName. + +Note: If the string value provided is not terminated with a $ character, the system adds one if needed. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. + +Domain name values: + +- Fully qualified domain name (FQDN) +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for the *Server* parameter is determined by one of the following methods in the order that they are listed: + +- By using *Server* value from objects passed through the pipeline. +- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. +- By using the domain of the computer running PowerShell. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames +Specifies the service principal names for the account. +This parameter sets the **ServicePrincipalNames** property of the account. +The LDAP display name (**ldapDisplayName**) for this property is servicePrincipalName. +This parameter uses the following syntax to add, remove, replace, or clear service principal name values. + +To add values: + +`-ServicePrincipalNames @{Add=value1,value2,...}` + +To remove values: + +`-ServicePrincipalNames @{Remove=value3,value4,...}` + +To replace values: + +`-ServicePrincipalNames @{Replace=value1,value2,...}` + +To clear all values: + +`-ServicePrincipalNames $Null` + +You can specify more than one change by using a list separated by semicolons. +For example, use the following syntax to add and remove service principal names. + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +The following example shows how to add and remove service principal names: + +```powershell + -ServicePrincipalNames @{Add="SQLservice\accounting.corp.contoso.com:1456"};{Remove="SQLservice\finance.corp.contoso.com:1456"} +``` + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustedForDelegation +Indicates whether an account is trusted for Kerberos delegation. +A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. +This parameter sets the **TrustedForDelegation** property of an account object. +This value also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. + +A managed service account object that was retrieved by using the **Get-ADServiceAccount** cmdlet and then modified is received by the *Instance* parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +Returns the modified managed service account object when the *PassThru* parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Set-ADUser.md b/docset/winserver2025-ps/activedirectory/Set-ADUser.md new file mode 100644 index 0000000000..39fa62da04 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Set-ADUser.md @@ -0,0 +1,1649 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/set-aduser?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-ADUser +--- + +# Set-ADUser + +## SYNOPSIS + +Modifies an Active Directory user. + +## SYNTAX + +### Identity + +``` +Set-ADUser [-WhatIf] [-Confirm] [-AccountExpirationDate ] [-AccountNotDelegated ] + [-Add ] [-AllowReversiblePasswordEncryption ] + [-AuthenticationPolicy ] [-AuthenticationPolicySilo ] + [-AuthType ] [-CannotChangePassword ] [-Certificates ] + [-ChangePasswordAtLogon ] [-City ] [-Clear ] [-Company ] + [-CompoundIdentitySupported ] [-Country ] [-Credential ] [-Department ] + [-Description ] [-DisplayName ] [-Division ] [-EmailAddress ] + [-EmployeeID ] [-EmployeeNumber ] [-Enabled ] [-Fax ] [-GivenName ] + [-HomeDirectory ] [-HomeDrive ] [-HomePage ] [-HomePhone ] + [-Identity] [-Initials ] [-KerberosEncryptionType ] + [-LogonWorkstations ] [-Manager ] [-MobilePhone ] [-Office ] + [-OfficePhone ] [-Organization ] [-OtherName ] [-Partition ] [-PassThru] + [-PasswordNeverExpires ] [-PasswordNotRequired ] [-POBox ] [-PostalCode ] + [-PrincipalsAllowedToDelegateToAccount ] [-ProfilePath ] [-Remove ] + [-Replace ] [-SamAccountName ] [-ScriptPath ] [-Server ] + [-ServicePrincipalNames ] [-SmartcardLogonRequired ] [-State ] + [-StreetAddress ] [-Surname ] [-Title ] [-TrustedForDelegation ] + [-UserPrincipalName ] [] +``` + +### Instance + +``` +Set-ADUser [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] -Instance + [-PassThru] [-SamAccountName ] [-Server ] [] +``` + +## DESCRIPTION + +The `Set-ADUser` cmdlet modifies the properties of an Active Directory user. You can modify +commonly used property values by using the cmdlet parameters. You can set property values that are +not associated with cmdlet parameters by using the **Add**, **Remove**, **Replace**, and **Clear** +parameters. + +The *Identity* parameter specifies the Active Directory user to modify. +You can identify a user by its distinguished name, GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the *Identity* parameter to an object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADUser** cmdlet to retrieve a user object and then pass the object through the pipeline to the **Set-ADUser** cmdlet. + +The *Instance* parameter provides a way to update a user object by applying the changes made to a copy of the object. +When you set the *Instance* parameter to a copy of an Active Directory user object that has been modified, the **Set-ADUser** cmdlet makes the same changes to the original user object. +To get a copy of the object to modify, use the **Get-ADUser** object. +The *Identity* parameter is not allowed when you use the *Instance* parameter. +For more information about the *Instance* parameter, see the *Instance* parameter description. + +Accounts created with the **New-ADUser** cmdlet are disabled if no password is provided. + +For AD LDS environments, the *Partition* parameter must be specified except in the following two conditions: + +- The cmdlet is run from an Active Directory provider drive. +- A default naming context or partition is defined for the AD LDS environment. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Set properties for a user + +```powershell +$params = @{ + Identity = 'ChewDavid' + HomePage = 'http://fabrikam.com/employees/ChewDavid' + LogonWorkstations = 'ChewDavid-DSKTOP,ChewDavid-LPTOP' +} +Set-ADUser @params +``` + +This command sets the specified user's **homepage** property to http://fabrikam.com/employees/ChewDavid and the **LogonWorkstations** property to ChewDavid-DSKTOP,ChewDavid-LPTOP. + +### Example 2: Set properties for multiple users + +```powershell +PS C:\> Get-ADUser -Filter 'Name -like "*"' -SearchBase 'OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -Properties DisplayName | % {Set-ADUser $_ -DisplayName ($_.Surname + ' ' + $_.GivenName)} +``` + +This command gets all the users in the directory that are located in the OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM organizational unit. +The command sets the **DisplayName** property on these user objects to the concatenation of the **Surname** property and the **GivenName** property. + +### Example 3: Set properties + +```powershell +PS C:\> Set-ADUser -Identity GlenJohn -Replace @{title="director";mail="glenjohn@fabrikam.com"} +``` + +This command sets the specified user's **title** property to director and the **mail** property to glenjohn@fabrikam.com. + +### Example 4: Modify a user otherMailbox property + +```powershell +PS C:\> Set-ADUser -Identity GlenJohn -Remove @{otherMailbox="glen.john"} -Add @{url="fabrikam.com"} -Replace @{title="manager"} -Clear description +``` + +This command modifies the user with the SAM account name GlenJohn's object by removing glen.john from the **otherMailbox** property, adding fabrikam.com to the **url** property, replacing the **title** property with manager, and clearing the **description** property. + +### Example 5: Set user properties to a local instance + +```powershell +PS C:\> $User = Get-ADUser -Identity GlenJohn -Properties mail,department +PS C:\> $User.mail = "glen@fabrikam.com" +PS C:\> $User.department = "Accounting" +PS C:\> Set-ADUser -Instance $User +``` + +This example sets the **mail** and **department** properties on the user object with the SAM account name GlenJohn by using the *Instance* parameter. + +### Example 6: Set attributes for a user + +```powershell +PS C:\> $Hours = New-Object byte[] 21 +PS C:\> $Hours[5] = 255; $Hours[8] = 255; $Hours[11] = 255; $Hours[14] = 255; $Hours[17] = 255; +PS C:\> $Hours[6] = 1; $Hours[9] = 1; $Hours[12] = 1; $Hours[15] = 1; $Hours[18] = 1; +PS C:\> $ReplaceHashTable = New-Object HashTable +PS C:\> $ReplaceHashTable.Add("logonHours", $Hours) +PS C:\> $ReplaceHashTable.Add("description", "Sarah Davis can only logon from Monday through Friday from 8:00 AM to 5:00 PM") +PS C:\> Set-ADUser -Identity "SarahDavis" -Replace $ReplaceHashTable +``` + +This example sets the user logon hours to Monday through Friday from 8:00 AM to 5:00 PM and adds a description. +It updates the **logonHours** attribute with the specified byte array and the **description** attribute with the specified string. + +### Example 7: Set a property for a user + +```powershell +PS C:\> $Manager = Get-ADUser -Identity GlenJohn -Server Corp-DC01 +PS C:\> Set-ADUser -Identity ChewDavid -Manager $Manager -Server Branch-DC02 +``` + +This example sets the **Manager** property for the user with the SAM account name of ChewDavid where the manager, GlenJohn, is a user in another domain. + +### Example 8: Get a user and set a property + +```powershell +PS C:\> Get-ADUser -Identity "DavidChew" | Set-ADUser -Manager "ElisaDaugherty" +``` + +This command modifies the **Manager** property for the DavidChew user. +The command uses the **Get-ADUser** cmdlet to get the user DavidChew, and then passes the object to the current cmdlet by using the pipeline operator. + +## PARAMETERS + +### -AccountExpirationDate + +Specifies the expiration date for an account. +This parameter sets the AccountExpirationDate property of an account object. +The LDAP display name (ldapDisplayName) for this property is accountExpires. + +Use the **DateTime** syntax when you specify this parameter. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +```yaml +Type: DateTime +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AccountNotDelegated + +Indicates whether the security context of the user is delegated to a service. +When this parameter is set to $True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. +This parameter sets the **AccountNotDelegated** property for an Active Directory account. +This parameter also sets the **ADS_UF_NOT_DELEGATED** flag of the Active Directory User Account Control (UAC) attribute. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Add + +Specifies values to add to an object property. Use this parameter to add one or more values to a +property that cannot be modified using a cmdlet parameter. To modify an object property, you must +use the LDAP display name. You can specify multiple values to a property by specifying a +comma-separated list of values, and more than one property by separating them using a semicolon. If +any of the properties have a null or empty value the cmdlet will return an error. The format for +this parameter is: + +`-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the *Add*, *Remove*, *Replace*, and *Clear* parameters together, the operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowReversiblePasswordEncryption + +Indicates whether reversible password encryption is allowed for the account. This parameter sets the +**AllowReversiblePasswordEncryption** property of the account. This parameter also sets the +**ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED** flag of the Active Directory User Account Control (UAC) +attribute. The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationPolicy + +Specifies an Active Directory Domain Services authentication policy object. +Specify the authentication policy object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicy +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationPolicySilo + +Specifies an Active Directory Domain Services authentication policy silo object. +Specify the authentication policy silo object in one of the following formats: + +- Distinguished name +- GUID +- Name + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +The cmdlet searches the default naming context or partition to find the object. +If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. + +```yaml +Type: ADAuthenticationPolicySilo +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType + +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CannotChangePassword + +Indicates whether the account password can be changed. +This parameter sets the **CannotChangePassword** property of an account. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Certificates + +Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the +account. These certificates include the public key certificates issued to this account by the +Microsoft Certificate Service. This parameter sets the **Certificates** property of the account +object. The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) for this +property is userCertificate. + +To add values: + +`-Certificates @{Add=value1,value2,...}` + +To remove values: + +`-Certificates @{Remove=value3,value4,...}` + +To replace values: + +`-Certificates @{Replace=value1,value2,...}` + +To clear all values: + +`-Certificates $Null` + +You can specify more than one operation by using a list separated by semicolons. +For example, use the following syntax to add and remove **Certificates** values: + +`-Certificates @{Add=value1;Remove=value3}` + +The operators are applied in the following sequence: + +- Remove +- Add +- Replace + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ChangePasswordAtLogon + +Indicates whether a password must be changed during the next logon attempt. +The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -City + +Specifies the user's town or city. +This parameter sets the **City** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is l. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Clear + +Specifies an array of object properties that are cleared in the directory. Use this parameter to +clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify +an object property, you must use the LDAP display name. You can modify more than one property by +specifying a comma-separated list. The format for this parameter is: + +`-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the +operations are performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: String[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Company + +Specifies the user's company. +This parameter sets the **Company** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is company. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CompoundIdentitySupported + +Indicates whether an account supports Kerberos service tickets which includes the authorization data +for the user's device. This value sets the compound identity supported flag of the Active Directory +**msDS-SupportedEncryptionTypes** attribute. The acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +> [!WARNING] +> Domain-joined Windows systems and services such as clustering manage their own +> **msDS-SupportedEncryptionTypes** attribute. Therefore any changes to the flag on the +> **msDS-SupportedEncryptionTypes** attribute are overwritten by the service or system that manages +> the setting. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Country + +Specifies the country or region code for the user's language of choice. +This parameter sets the **Country** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is c. +This value is not used by Windows 2000. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user account credentials to use to perform this task. The default credentials are the +credentials of the currently logged on user unless the cmdlet is run from an Active Directory +PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated +with the drive is the default. + +To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the `Get-Credential` +cmdlet. You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active +Directory PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Department + +Specifies the user's department. +This parameter sets the **Department** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is department. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description + +Specifies a description of the object. +This parameter sets the value of the **Description** property for the user object. +The LDAP display name (**ldapDisplayName**) for this property is description. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName + +Specifies the display name of the object. +This parameter sets the **DisplayName** property of the user object. +The LDAP display name (**ldapDisplayName**) for this property is displayName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Division + +Specifies the user's division. +This parameter sets the **Division** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is division. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EmailAddress + +Specifies the user's e-mail address. +This parameter sets the **EmailAddress** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is mail. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EmployeeID + +Specifies the user's employee ID. +This parameter sets the **EmployeeID** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is employeeID. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EmployeeNumber + +Specifies the user's employee number. +This parameter sets the **EmployeeNumber** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is employeeNumber. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled + +Indicates whether an account is enabled. An enabled account requires a password. This parameter sets +the **Enabled** property for an account object. This parameter also sets the +**ADS_UF_ACCOUNTDISABLE** flag of the Active Directory User Account Control (UAC) attribute. The +acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Fax + +Specifies the user's fax phone number. +This parameter sets the **Fax** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is facsimileTelephoneNumber. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GivenName + +Specifies the user's given name. +This parameter sets the **GivenName** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is givenName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeDirectory + +Specifies a user's home directory. +This parameter sets the **HomeDirectory** property of a user object. +The LDAP display name (**ldapDisplayName**) for this property is homeDirectory. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeDrive + +Specifies a drive that is associated with the UNC path defined by the **HomeDirectory** property. +The drive letter is specified as ``: where `` indicates the letter of the +drive to associate. The `` must be a single, uppercase letter and the colon is +required. This parameter sets the **HomeDrive** property of the user object. The LDAP display name +(**ldapDisplayName**) for this property is homeDrive. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomePage + +Specifies the URL of the home page of the object. +This parameter sets the **homePage** property of an Active Directory object. +The LDAP display name (**ldapDisplayName**) for this property is wWWHomePage. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomePhone + +Specifies the user's home telephone number. +This parameter sets the **HomePhone** property of a user. +The LDAP display name (**ldapDisplayName**) of this property is homePhone. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity + +Specifies an Active Directory user object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an +object instance. + +```yaml +Type: ADUser +Parameter Sets: Identity +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Initials + +Specifies the initials that represent part of a user's name. +You can use this value for the user's middle initial. +This parameter sets the **Initials** property of a user. +The LDAP display name (**ldapDisplayName**) of this property is initials. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Instance + +Specifies an **ADUser** object that identifies the Active Directory user object that should be +modified and the set of changes that should be made to that object. When this parameter is +specified, any modifications made to the **ADUser** object are also made to the corresponding Active +Directory object. The cmdlet only updates the object properties that have changed. + +The **ADUser** object specified as the value of the **Instance** parameter must have been retrieved +by using the `Get-ADUser` cmdlet. When you specify the **Instance** parameter, you cannot specify +other parameters that set individual properties on the object. + +```yaml +Type: ADUser +Parameter Sets: Instance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KerberosEncryptionType + +Specifies whether an account supports Kerberos encryption types which are used during creation of +service tickets. This value sets the encryption types supported flags of the Active Directory +**msDS-SupportedEncryptionTypes** attribute. The acceptable values for this parameter are: + +- `None` +- `DES` +- `RC4` +- `AES128` +- `AES256` + +`None` removes all encryption types from the account, resulting in the KDC being unable to issue +service tickets for services using the account. + +DES is a weak encryption type that is not supported by default since Windows 7 and Windows Server +2008 R2. + +> [!WARNING] +> Domain-joined Windows systems and services such as clustering manage their own +> **msDS-SupportedEncryptionTypes** attribute. Therefore any changes to the flag on the +> **msDS-SupportedEncryptionTypes** attribute are overwritten by the service or system that manages +> the setting. + +```yaml +Type: ADKerberosEncryptionType +Parameter Sets: Identity +Aliases: +Accepted values: None, DES, RC4, AES128, AES256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogonWorkstations + +Specifies the computers that the user can access. To specify more than one computer, create a +single comma-separated list. You can identify a computer by using the Security Account Manager +(SAM) account name (**sAMAccountName**) or the DNS host name of the computer. The SAM account name +is the same as the NetBIOS name of the computer. + +The LDAP display name (**ldapDisplayName**) for this property is userWorkStations. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Manager + +Specifies the user's manager. +This parameter sets the **Manager** property of a user object. +This parameter is set by providing one of the following property values. +Note: The identifier in parentheses is the LDAP display name for the property. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (**objectGUID**) +- A security identifier (**objectSid**) +- A SAM account name (**sAMAccountName**) + +The LDAP display name (**ldapDisplayName**) of this property is manager. + +```yaml +Type: ADUser +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MobilePhone + +Specifies the user's mobile phone number. +This parameter sets the **MobilePhone** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is mobile. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Office + +Specifies the location of the user's office or place of business. +This parameter sets the **Office** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is physicalDeliveryOfficeName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OfficePhone + +Specifies the user's office telephone number. +This parameter sets the **OfficePhone** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is telephoneNumber. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Organization + +Specifies the user's organization. +This parameter sets the **Organization** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is o. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OtherName + +Specifies a name in addition to a user's given name and surname, such as the user's middle name. +This parameter sets the **OtherName** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is middleName. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Partition + +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the **Identity** parameter. + +In many cases, a default value is used for the **Partition** parameter if no value is specified. +The rules for determining the default value are given below. Note that rules listed first are +evaluated first and when a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for **Partition** are set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default + partition or naming context of the target domain. + +In AD LDS environments, a default value for **Partition** will be set in the following cases: + +- If the **Identity** parameter is set to a distinguished name, the default value of **Partition** + is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is + automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is + set to the default naming context. To specify a default naming context for an AD LDS environment, + set the **msDS-defaultNamingContext** property of the Active Directory directory service agent + object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the **Partition** parameter does not take any default value. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru + +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNeverExpires + +Specifies whether the password of an account can expire. This parameter sets the +**PasswordNeverExpires** property of an account object. This parameter also sets the +**ADS_UF_DONT_EXPIRE_PASSWD** flag of the Active Directory User Account Control attribute. The +acceptable values for this parameter are: + +- `$False` or `0` +- `$True` or `1` + +> [!NOTE] +> This parameter cannot be set to `$True` or `1` for an account that also has the +> **ChangePasswordAtLogon** property set to `$True`. + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordNotRequired + +Specifies whether the account requires a password. This parameter sets the **PasswordNotRequired** +property of an account, such as a user or computer account. This parameter also sets the +**ADS_UF_PASSWD_NOTREQD** flag of the Active Directory User Account Control attribute. The +acceptable values for this parameter are: + +- `$False` or `0` +- `$True` or `1` + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -POBox + +Specifies the user's post office box number. +This parameter sets the **POBox** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is postOfficeBox. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PostalCode + +Specifies the postal code or zip code. This parameter sets the **PostalCode** property of a user +object. The LDAP display name (**ldapDisplayName**) of this property is `postalCode`. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrincipalsAllowedToDelegateToAccount + +Specifies an array of principal objects. This parameter sets the +**msDS-AllowedToActOnBehalfOfOtherIdentity** attribute of a computer account object. + +```yaml +Type: ADPrincipal[] +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProfilePath + +Specifies a path to the user's profile. +This value can be a local absolute path or a Universal Naming Convention (UNC) path. +This parameter sets the **ProfilePath** property of the user object. +The LDAP display name (**ldapDisplayName**) for this property is profilePath. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Remove + +Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or +more values of a property that cannot be modified using a cmdlet parameter. To remove an object +property, you must use the LDAP display name. You can specify multiple values to a property by +specifying a comma-separated list of values, and more than one property by separating them using a +semicolon. If any of the properties have a null or empty value the cmdlet will return an error. The +format for this parameter is: + +`-Remove @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the +parameters are applied in the following sequence: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Replace + +Specifies values for an object property that will replace the current values. Use this parameter to +replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify +an object property, you must use the LDAP display name. You can specify multiple values to a +property by specifying a comma-separated list of values, and more than one property by separating +them using a semicolon. If any of the properties have a null or empty value the cmdlet will return +an error. The format for this parameter is: + +`-Replace @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}` + +When you use the **Add**, **Remove**, **Replace**, and **Clear** parameters together, the +operations will be performed in the following order: + +- **Remove** +- **Add** +- **Replace** +- **Clear** + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamAccountName + +Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service +account. The maximum length of the description is 256 characters. To be compatible with older +operating systems, create a SAM account name that is 20 characters or less. This parameter sets the +**SAMAccountName** for an account object. The LDAP display name (**ldapDisplayName**) for this +property is `sAMAccountName`. + +> [!NOTE] +> If the string value provided is not terminated with a `$` character, the system adds one if +> needed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ScriptPath + +Specifies a path to the user's log on script. +This value can be a local absolute path or a Universal Naming Convention (UNC) path. +This parameter sets the **ScriptPath** property of the user. +The LDAP display name (**ldapDisplayName**) for this property is scriptPath. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server + +Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance. + +Specify the AD DS instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that +they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the AD DS Windows PowerShell provider drive, when + the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalNames + +Specifies the service principal names for the account. This parameter sets the +**ServicePrincipalNames** property of the account. The LDAP display name (**ldapDisplayName**) for +this property is `servicePrincipalName`. This parameter uses the following syntax to add, remove, +replace or clear service principal name values. + +Syntax: + +To add values: + +`-ServicePrincipalNames @{Add=value1,value2,...}` + +To remove values: + +`-ServicePrincipalNames @{Remove=value3,value4,...}` + +To replace values: + +`-ServicePrincipalNames @{Replace=value1,value2,...}` + +To clear all values: + +`-ServicePrincipalNames $null` + +You can specify more than one change by using a list separated by semicolons. For example, use the +following syntax to add and remove service principal names. + +`@{Add=value1,value2,...};@{Remove=value3,value4,...}` + +The operators will be applied in the following sequence: + +- Remove +- Add +- Replace + +The following example shows how to add and remove service principal names. + +`-ServicePrincipalNames-@{Add="SQLservice\accounting.corp.contoso.com:1456"};{Remove="SQLservice\finance.corp.contoso.com:1456"}` + +```yaml +Type: Hashtable +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SmartcardLogonRequired + +Indicates whether a smart card is required to logon. This parameter sets the +**SmartCardLoginRequired** property for a user. This parameter also sets the +**ADS_UF_SMARTCARD_REQUIRED** flag of the Active Directory User Account Control attribute. The +acceptable values for this parameter are: + +- $False or 0 +- $True or 1 + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -State + +Specifies the user's state or province. +This parameter sets the **State** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is st. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StreetAddress + +Specifies the user's street address. +This parameter sets the **StreetAddress** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is streetAddress. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Surname + +Specifies the user's last name or surname. +This parameter sets the **Surname** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is sn. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Title + +Specifies the user's title. +This parameter sets the **Title** property of a user object. +The LDAP display name (**ldapDisplayName**) of this property is title. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TrustedForDelegation + +Specifies whether an account is trusted for Kerberos delegation. A service that runs under an +account that is trusted for Kerberos delegation can assume the identity of a client requesting the +service. This parameter sets the **TrustedForDelegation** property of an account object. This value +also sets the **ADS_UF_TRUSTED_FOR_DELEGATION** flag of the Active Directory User Account Control +attribute. The acceptable values for this parameter are: + +- `$False` or `0` +- `$True` or `1` + +```yaml +Type: Boolean +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserPrincipalName + +Specifies a user principal name (UPN) in the format `@`. A UPN is a friendly +name assigned by an administrator that is shorter than the LDAP distinguished name used by the +system and easier to remember. The UPN is independent of the user object's distinguished name, so a +user object can be moved or renamed without affecting the user logon name. When logging on using a +UPN, users don't have to choose a domain from a list on the logon dialog box. + +```yaml +Type: String +Parameter Sets: Identity +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADUser + +A user object is received by the **Identity** parameter. + +A user object that was retrieved by using the `Get-ADUser` cmdlet and then modified is received by +the **Instance** parameter. + +## OUTPUTS + +### None or Microsoft.ActiveDirectory.Management.ADUser + +Returns the modified user object when the **PassThru** parameter is specified. +By default, this cmdlet does not generate any output. + +## NOTES + +- This cmdlet does not work with an Active Directory snapshot. +- This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADUser](./Get-ADUser.md) + +[New-ADUser](./New-ADUser.md) + +[Remove-ADUser](./Remove-ADUser.md) + +[Set-ADAccountControl](./Set-ADAccountControl.md) diff --git a/docset/winserver2025-ps/activedirectory/Show-ADAuthenticationPolicyExpression.md b/docset/winserver2025-ps/activedirectory/Show-ADAuthenticationPolicyExpression.md new file mode 100644 index 0000000000..bc38ae874e --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Show-ADAuthenticationPolicyExpression.md @@ -0,0 +1,245 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/show-adauthenticationpolicyexpression?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Show-ADAuthenticationPolicyExpression +--- + +# Show-ADAuthenticationPolicyExpression + +## SYNOPSIS +Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors. + +## SYNTAX + +### AllowedToAuthenticateFrom +``` +Show-ADAuthenticationPolicyExpression [-WhatIf] [-Confirm] [-AllowedToAuthenticateFrom] + [-AuthType ] [-Credential ] [[-SDDL] ] [-Server ] + [[-Title] ] [] +``` + +### AllowedToAuthenticateTo +``` +Show-ADAuthenticationPolicyExpression [-WhatIf] [-Confirm] [-AllowedToAuthenticateTo] [-AuthType ] + [-Credential ] [[-SDDL] ] [-Server ] [[-Title] ] [] +``` + +## DESCRIPTION +The **Show-ADAuthenticationPolicyExpression** cmdlet creates or modifies an SDDL security descriptor using the **Edit Access Control Conditions** window. + +## EXAMPLES + +### Example 1: Retrieve the AllowedToAuthenticateFrom settings and store in a file +``` +PS C:\> Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom > someFile.txt +PS C:\> New-ADAuthenticationPolicy -Name "TestAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\AuthSettings.txt).sddl +``` + +This command retrieves the AllowedToAuthenticateFrom access control list (ACL) by opening the **Edit Access Control Conditions** window and stores the ACL in a file named AuthSettings.txt. +The file is then used to apply a new authentication policy to the retrieved ACL. + +### Example 2: Set the UserAllowedToAuthenticateFrom property +``` +PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom) +``` + +This example uses the New-ADAuthenticationPolicy cmdlet to create an authentication policy, and then sets the **UserAllowedToAuthenticateFrom** property by specifying the **Show-ADAuthenticationPolicyExpression** cmdlet as the value for the parameter. + +## PARAMETERS + +### -AllowedToAuthenticateFrom +Indicates that the AllowedToAuthenticateFrom listings for an object are displayed in the **Edit Access Control Conditions** window. + +```yaml +Type: SwitchParameter +Parameter Sets: AllowedToAuthenticateFrom +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedToAuthenticateTo +Indicates that the **AllowedToAuthenticateTo** listings for an object are displayed in the **Edit Access Control Conditions** window. + +```yaml +Type: SwitchParameter +Parameter Sets: AllowedToAuthenticateTo +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform the task. +The default is the current user. +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the [Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) cmdlet. + +By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain Services Windows PowerShell provider drive. +If you run the cmdlet in an Active Directory provider drive, the account associated with the drive is the default. + +If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SDDL +Specifies the SDDL of the security descriptor. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- A fully qualified domain name +- A NetBIOS name + +Directory server values: + +- A fully qualified directory server name +- A NetBIOS name +- A fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Title +Specifies a title for the SDDL security descriptor. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or System.String +This cmdlet accepts a SDDL security descriptor. + +## OUTPUTS + +### System.Object +This cmdlet outputs a SDDL security descriptor. + +## NOTES + +## RELATED LINKS + +[New-ADAuthenticationPolicy](./New-ADAuthenticationPolicy.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/activedirectory/Sync-ADObject.md b/docset/winserver2025-ps/activedirectory/Sync-ADObject.md new file mode 100644 index 0000000000..a2abb07e8f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Sync-ADObject.md @@ -0,0 +1,242 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/sync-adobject?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Sync-ADObject +--- + +# Sync-ADObject + +## SYNOPSIS +Replicates a single object between any two domain controllers that have partitions in common. + +## SYNTAX + +``` +Sync-ADObject [-AuthType ] [-Credential ] [-Destination] + [-Object] [-PassThru] [-PasswordOnly] [[-Source] ] [] +``` + +## DESCRIPTION +The **Sync-ADObject** cmdlet replicates a single object between any two domain controllers that have partitions in common. +The two domain controllers do not need to be direct replication partners. +You can also use this cmdlet to populate passwords in a read-only domain controller (RODC) cache. + +## EXAMPLES + +### Example 1: Replicate an object to another location +``` +PS C:\> Sync-ADObject -Object "CN=AccountManagers,OU=AccountDeptOU,DC=corp,DC=contoso,DC=com" -Source "corp-DC01" -Destination "corp-DC02" +``` + +This command replicates an object with the distinguished name CN=AccountManagers,OU=AccountDeptOU,DC=corp,DC=contoso,DC=com from corp-DC01 to corp-DC02. + +### Example 2: Pre-cache a password to a domain controller +``` +PS C:\> Get-ADUser -Identity pattifuller | Sync-ADObject -Destination "corp-RODC01" -PasswordOnly +``` + +This command pre-caches the password of Patti Fuller to the read-only domain controller corp-RODC01 using the SAM account name of the user. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +Type a user name, such as User01 or Domain01\User01, or enter a **PSCredential** object, such as one generated by the [Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) cmdlet. +If you type a user name, you will be prompted for a password. + +This parameter is not supported by any providers installed with Windows PowerShell. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Destination +Specifies the identity of the Active Directory server that acts as the destination for synchronizing this data. +This parameter works similarly to the **Server** parameter as used on the **Set-ADObject** cmdlet with some restrictions. +It does not allow domain or forest names to be used. +Valid formats for specifying the destination server are: + +- Host name +- Host name and port +- Fully qualified directory server name and port +- IP address +- IP address and port + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Server, HostName, IPv4Address + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Object +Specifies an Active Directory object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +```yaml +Type: ADObject +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordOnly +Indicates that this cmdlet populates a read-only domain controller (RODC) password cache with the password of the account specified in the **Object** parameter. +If specified, no data other than the password is replicated. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Source +Specifies the identity of the Active Directory server that acts as the source for synchronizing this data. +This parameter works similarly to the **Server** parameter as used on the **Set-ADObject** cmdlet with some restrictions. +You cannot use domain or forest names. + +Valid formats for specifying the destination server are the following: + +- Host name +- Host name and port +- Fully qualified directory server name and port +- IP address +- IP address and port + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.ActiveDirectory.Management.ADObject +Derived types, such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADGroup** +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADOrganizationalUnit** +- **Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy** +- **Microsoft.ActiveDirectory.Management.ADDomain** + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-ADObject](./Get-ADObject.md) + +[Move-ADObject](./Move-ADObject.md) + +[New-ADObject](./New-ADObject.md) + +[Remove-ADObject](./Remove-ADObject.md) + +[Rename-ADObject](./Rename-ADObject.md) + +[Restore-ADObject](./Restore-ADObject.md) + +[Set-ADObject](./Set-ADObject.md) + diff --git a/docset/winserver2025-ps/activedirectory/Test-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Test-ADServiceAccount.md new file mode 100644 index 0000000000..6d107a0d26 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Test-ADServiceAccount.md @@ -0,0 +1,121 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/test-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADServiceAccount +--- + +# Test-ADServiceAccount + +## SYNOPSIS +Tests a managed service account from a computer. + +## SYNTAX + +``` +Test-ADServiceAccount [-AuthType ] [-Identity] [] +``` + +## DESCRIPTION +The **Test-ADServiceAccount** cmdlet tests a managed service account (MSA) from a local computer. + +the *Identity* parameter specifies the Active Directory MSA account to test. +You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the parameter to a MSA object variable, such as `$` or pass a MSA object through the pipeline to the *Identity* parameter. +For example, you can use the Get-ADServiceAccount to get a MSA object and then pass that object through the pipeline to the **Test-ADServiceAccount** cmdlet. + +## EXAMPLES + +### Example 1: Test an MSA +``` +PS C:\> Test-ADServiceAccount -Identity MSA1 +True +``` + +This command tests the specified service account, MSA1, from the local computer. +The test indicates whether the account is ready for use, which means it can be authenticated and that it can access the domain using its current credentials. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory managed service account object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + +[Uninstall-ADServiceAccount](./Uninstall-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Uninstall-ADServiceAccount.md b/docset/winserver2025-ps/activedirectory/Uninstall-ADServiceAccount.md new file mode 100644 index 0000000000..c5eecc7218 --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Uninstall-ADServiceAccount.md @@ -0,0 +1,180 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/uninstall-adserviceaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-ADServiceAccount +--- + +# Uninstall-ADServiceAccount + +## SYNOPSIS +Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer. + +## SYNTAX + +``` +Uninstall-ADServiceAccount [-WhatIf] [-Confirm] [-AuthType ] [-ForceRemoveLocal] + [-Identity] [] +``` + +## DESCRIPTION +The **Uninstall-ADServiceAccount** cmdlet removes an Active Directory standalone managed service account (MSA) on the computer on which the cmdlet is run. +For group MSAs, the cmdlet removes the group MSA from the cache. +However, if a service is still using the group MSA and the host has permission to retrieve the password, then a new cache entry is created. +The specified MSA must be installed on the computer. + +the *Identity* parameter specifies the Active Directory MSA to uninstall. +You can identify an MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name. +You can also set the parameter to an MSA object variable, such as `$` or pass an MSA object through the pipeline to the *Identity* parameter. +For example, you can use the **Get-ADServiceAccount** cmdlet to get an MSA object and then pass that object through the pipeline to the **Uninstall-ADServiceAccount** cmdlet. + +## EXAMPLES + +### Example 1: Uninstall a specified MSA +``` +PS C:\> Uninstall-ADServiceAccount -Identity SQL-SRV1 +``` + +This command uninstalls the MSA identified as SQL-SRV1 from the local machine. + +### Example 2: Uninstall an MSA from a server in a read-only domain controller site +``` +PS C:\> Uninstall-ADServiceAccount -Identity sql-hr-01 -ForceRemoveLocal +``` + +This command uninstalls the specified standalone MSA from a server located in a read-only domain controller site such as a perimeter network. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceRemoveLocal +Indicates that you can remove the account from the local security authority (LSA) if there is no access to a writable domain controller. +This is required if you are uninstalling the MSA from a server that is placed in a segmented network such as a perimeter network with access only to a read-only domain controller. +If you specify this parameter and the server has access to a writable domain controller, the account is also un-linked from the computer account in the directory. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the LDAP display name for the attribute. +The acceptable values for this parameter are: + +- A Distinguished Name +- A GUID (objectGUID) +- A Security Identifier (objectSid) +- A SAM Account Name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an object instance. + +```yaml +Type: ADServiceAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADServiceAccount +A managed service account object is received by the *Identity* parameter. +A parameter with name **ForceRemoveLocal** is provided to un-install standalone MSAs on a read-only domain controller site. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with AD LDS. +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Get-ADServiceAccount](./Get-ADServiceAccount.md) + +[Install-ADServiceAccount](./Install-ADServiceAccount.md) + +[New-ADServiceAccount](./New-ADServiceAccount.md) + +[Remove-ADServiceAccount](./Remove-ADServiceAccount.md) + +[Set-ADServiceAccount](./Set-ADServiceAccount.md) + diff --git a/docset/winserver2025-ps/activedirectory/Unlock-ADAccount.md b/docset/winserver2025-ps/activedirectory/Unlock-ADAccount.md new file mode 100644 index 0000000000..c38cf0a10f --- /dev/null +++ b/docset/winserver2025-ps/activedirectory/Unlock-ADAccount.md @@ -0,0 +1,299 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.ActiveDirectory.Management.dll-Help.xml +Module Name: ActiveDirectory +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/activedirectory/unlock-adaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Unlock-ADAccount +--- + +# Unlock-ADAccount + +## SYNOPSIS +Unlocks an Active Directory account. + +## SYNTAX + +``` +Unlock-ADAccount [-WhatIf] [-Confirm] [-AuthType ] [-Credential ] + [-Identity] [-Partition ] [-PassThru] [-Server ] [] +``` + +## DESCRIPTION +The **Unlock-ADAccount** cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked. +AD DS access is suspended or locked for an account when the number of incorrect password entries exceeds the maximum number allowed by the account password policy. + +the *Identity* parameter specifies the Active Directory account to unlock. +You can identify an account by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. +You can also set the *Identity* parameter to an account object variable such as `$`, or you can pass an object through the pipeline to the *Identity* parameter. +For example, you can use the **Search-ADAccount** cmdlet to get an account object and then pass the object through the pipeline to the Unlock-ADAccount cmdlet to unlock the account. +Similarly, you can use **Get-ADUser** and **Get-ADComputer** to get objects to pass through the pipeline. + +For Active Directory Lightweight Directory Services (AD LDS) environments, the *Partition* parameter must be specified except when: + +- Using a distinguished name to identify objects: the partition is auto-generated from the distinguished name. +- Running cmdlets from an Active Directory provider drive: the current path is used to set the partition. +- A default naming context or partition is specified. + +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. + +## EXAMPLES + +### Example 1: Unlock an Active Directory account +``` +PS C:\> Unlock-ADAccount -Identity PattiFu +``` + +This command unlocks the account with the SAM account name PattiFu. + +### Example 2: Unlock an Active Directory account using a distinguished name +``` +PS C:\> Unlock-ADAccount -Identity "CN=Patti Fuller,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" +``` + +This command unlocks the account with the distinguished name CN=Patti Fuller,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. + +## PARAMETERS + +### -AuthType +Specifies the authentication method to use. +The acceptable values for this parameter are: + +- Negotiate or 0 +- Basic or 1 + +The default authentication method is Negotiate. + +A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. + +```yaml +Type: ADAuthType +Parameter Sets: (All) +Aliases: +Accepted values: Negotiate, Basic + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the user account credentials to use to perform this task. +The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. +If the cmdlet is run from such a provider drive, the account associated with the drive is the default. + +To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object. +If you specify a user name for this parameter, the cmdlet prompts for a password. + +You can also create a **PSCredential** object by using a script or by using the [Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) cmdlet. +You can then set the **Credential** parameter to the **PSCredential** object. + +If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identity +Specifies an Active Directory account object by providing one of the following property values. +The identifier in parentheses is the Lightweight Directory Access Protocol (LDAP) display name for the attribute. +The acceptable values for this parameter are: + +- A distinguished name +- A GUID (objectGUID) +- A security identifier (objectSid) +- A SAM account name (sAMAccountName) + +The cmdlet searches the default naming context or partition to find the object. +If two or more objects are found, the cmdlet returns a non-terminating error. + +This parameter can also get this object through the pipeline or you can set this parameter to an account object instance. + +Derived types such as the following are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADUser** + +```yaml +Type: ADAccount +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Partition +Specifies the distinguished name of an Active Directory partition. +The distinguished name must be one of the naming contexts on the current directory server. +The cmdlet searches this partition to find the object defined by the *Identity* parameter. + +In many cases, a default value is used for the *Partition* parameter if no value is specified. +The rules for determining the default value are given below. +Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. + +In AD DS environments, a default value for **Partition** is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If none of the previous cases apply, the default value of **Partition** is set to the default partition or naming context of the target domain. + +In AD LDS environments, a default value for **Partition** is set in the following cases: + +- If the *Identity* parameter is set to a distinguished name, the default value of **Partition** is automatically generated from this distinguished name. +- If running cmdlets from an Active Directory provider drive, the default value of **Partition** is automatically generated from the current path in the drive. +- If the target AD LDS instance has a default naming context, the default value of **Partition** is set to the default naming context. +To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance. +- If none of the previous cases apply, the *Partition* parameter will not take any default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. +The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance. + +Specify the Active Directory Domain Services instance in one of the following ways: + +Domain name values: + +- Fully qualified domain name +- NetBIOS name + +Directory server values: + +- Fully qualified directory server name +- NetBIOS name +- Fully qualified directory server name and port + +The default value for this parameter is determined by one of the following methods in the order that they are listed: + +- By using the **Server** value from objects passed through the pipeline +- By using the server information associated with the Active Directory Domain Services Windows PowerShell provider drive, when the cmdlet runs in that drive +- By using the domain of the computer running Windows PowerShell + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None or Microsoft.ActiveDirectory.Management.ADAccount +An account object is received by the *Identity* parameter. + +Derived types, such as the following, are also accepted: + +- **Microsoft.ActiveDirectory.Management.ADUser** +- **Microsoft.ActiveDirectory.Management.ADComputer** +- **Microsoft.ActiveDirectory.Management.ADServiceAccount** + +## OUTPUTS + +### None + +## NOTES +* This cmdlet does not work with an Active Directory snapshot. +* This cmdlet does not work with a read-only domain controller. + +## RELATED LINKS + +[Clear-ADAccountExpiration](./Clear-ADAccountExpiration.md) + +[Disable-ADAccount](./Disable-ADAccount.md) + +[Enable-ADAccount](./Enable-ADAccount.md) + +[Get-ADAccountAuthorizationGroup](./Get-ADAccountAuthorizationGroup.md) + +[Search-ADAccount](./Search-ADAccount.md) + +[Set-ADAccountControl](./Set-ADAccountControl.md) + +[Set-ADAccountExpiration](./Set-ADAccountExpiration.md) + +[Set-ADAccountPassword](./Set-ADAccountPassword.md) + +[AD DS Administration Cmdlets in Windows PowerShell](./activedirectory.md) + diff --git a/docset/winserver2025-ps/adcsadministration/ADCSAdministration.md b/docset/winserver2025-ps/adcsadministration/ADCSAdministration.md new file mode 100644 index 0000000000..4722a6e3c2 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/ADCSAdministration.md @@ -0,0 +1,56 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 4.0.3.1 +Locale: en-US +Module Guid: bcc14c75-ede8-486e-97a5-5bf775c4a221 +Module Name: ADCSAdministration +ms.date: 12/27/2016 +title: ADCSAdministration +--- + +# ADCSAdministration Module +## Description +This topic contains the brief descriptions of the Windows PowerShell® cmdlets that are for use in administering the Active Directory Certificate Services (AD CS) certification authority (CA) role service. Each cmdlet in the table is linked to additional information about that cmdlet. + +## ADCSAdministration Cmdlets +### [Add-CAAuthorityInformationAccess](./Add-CAAuthorityInformationAccess.md) +Configures the AIA or OCSP for a certification authority. + +### [Add-CACrlDistributionPoint](./Add-CACrlDistributionPoint.md) +Adds a CRL distribution point URI where AD CS publishes certification revocations. + +### [Add-CATemplate](./Add-CATemplate.md) +Adds a certificate template to the CA. + +### [Backup-CARoleService](./Backup-CARoleService.md) +Backs up the CA database and private key information. + +### [Confirm-CAAttestationIdentityKeyInfo](Confirm-CAAttestationIdentityKeyInfo.md) +Checks whether the local CA trusts secure hardware for identity key attestation. + +### [Confirm-CAEndorsementKeyInfo](Confirm-CAEndorsementKeyInfo.md) +Checks whether the local CA trusts secure hardware for key attestation. + +### [Get-CAAuthorityInformationAccess](./Get-CAAuthorityInformationAccess.md) +Gets the AIA and OCSP URI information set on the AIA extension of the CA properties. + +### [Get-CACrlDistributionPoint](./Get-CACrlDistributionPoint.md) +Gets all the locations set on the CDP extension of the CA properties. + +### [Get-CATemplate](./Get-CATemplate.md) +Gets the list of templates set on the CA for issuance of certificates. + +### [Remove-CAAuthorityInformationAccess](./Remove-CAAuthorityInformationAccess.md) +Removes AIA or OCSP URI from the AIA extension set on the certification authority. + +### [Remove-CACrlDistributionPoint](./Remove-CACrlDistributionPoint.md) +Removes the URI for the CRL distribution point (CDP) from the CA. + +### [Remove-CATemplate](./Remove-CATemplate.md) +Removes the templates from the CA which were set for issuance of certificates. + +### [Restore-CARoleService](./Restore-CARoleService.md) +Restores the CA database and private key information. + + diff --git a/docset/winserver2025-ps/adcsadministration/Add-CAAuthorityInformationAccess.md b/docset/winserver2025-ps/adcsadministration/Add-CAAuthorityInformationAccess.md new file mode 100644 index 0000000000..a05568c191 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Add-CAAuthorityInformationAccess.md @@ -0,0 +1,189 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/add-caauthorityinformationaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-CAAuthorityInformationAccess +--- + +# Add-CAAuthorityInformationAccess + +## SYNOPSIS +Configures the AIA or OCSP for a certification authority. + +## SYNTAX + +### AddAsInputObject +``` +Add-CAAuthorityInformationAccess [-InputObject] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### AddAsOCSP +``` +Add-CAAuthorityInformationAccess [-Uri] [-AddToCertificateOcsp] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### AddAsAIA +``` +Add-CAAuthorityInformationAccess [-Uri] [-AddToCertificateAia] [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-CAAuthorityInformationAccess** cmdlet configures the uniform resource identifier (URI) for the Authority Information Access (AIA) or Online Certificate Status Protocol (OCSP) for a certification authority (CA). +An AIA URI should specify either an AIA extension or an OCSP extension, but not both. + +## EXAMPLES + +### Example 1: Add AIA to the specified authority + +```powershell +Add-CAAuthorityInformationAccess -AddToCertificateAia -Uri http://ca1.corp.contoso.com/pki +``` + +This command adds Authority Information Access (AIA) for the specified certification authority to 'http://ca1.corp.contoso.com/pki'. + +### Example 2: Add AIA for OCSP + +```powershell +Add-CAAuthorityInformationAccess -AddToCertificateOcsp -Uri http://www.corp.contoso.com/ocsp. +``` + +This command adds AIA for OCSP pointing to `http://www.corp.contoso.com/ocsp`. + +## PARAMETERS + +### -AddToCertificateAia +Indicates the cmdlet adds the URI to the AIA extension of the issued certificate. + +```yaml +Type: SwitchParameter +Parameter Sets: AddAsAIA +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCertificateOcsp +Indicates that the cmdlet adds the URI to the Online Responder OCSP extension of the issued certificate. + +```yaml +Type: SwitchParameter +Parameter Sets: AddAsOCSP +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Specifies the input object that is used in a pipeline command. + +```yaml +Type: AuthorityInformationAccess +Parameter Sets: AddAsInputObject +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Uri +Specifies a link, as a URI, for the AIA or Online Responder OCSP location. + +```yaml +Type: String +Parameter Sets: AddAsOCSP, AddAsAIA +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.AuthorityInformationAccess + +### System.String + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.AuthorityInformationAccessResult +The cmdlet returns a Boolean type property named Restart, which, by default, is set to $True. + +## NOTES + +## RELATED LINKS + +[Get-CAAuthorityInformationAccess](./Get-CAAuthorityInformationAccess.md) + +[Remove-CAAuthorityInformationAccess](./Remove-CAAuthorityInformationAccess.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Add-CACrlDistributionPoint.md b/docset/winserver2025-ps/adcsadministration/Add-CACrlDistributionPoint.md new file mode 100644 index 0000000000..33ee92f692 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Add-CACrlDistributionPoint.md @@ -0,0 +1,249 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/add-cacrldistributionpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-CACrlDistributionPoint +--- + +# Add-CACrlDistributionPoint + +## SYNOPSIS +Adds a CRL distribution point URI where AD CS publishes certification revocations. + +## SYNTAX + +``` +Add-CACrlDistributionPoint [-Uri] [-AddToCertificateCdp] [-AddToFreshestCrl] [-AddToCrlCdp] + [-AddToCrlIdp] [-PublishToServer] [-PublishDeltaToServer] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-CACRLDistributionPoint** cmdlet adds a certificate revocation list (CRL) distribution point uniform resource indicator (URI) where Active Directory Certificate Services (AD CS) publishes certification revocations. + +You can add CRL distribution points in issued certificates by using this Windows PowerShell cmdlet. +However, adding the URL for a CRL distribution point only affects newly issued certificates. +Previously issued certificates will continue to reference the original location. + +To indicate that you want to use a URL as a CRL distribution point, use the switch parameter *PublishCRL*. + +To indicate that you want to use a URL as a delta CRL distribution point, use the switch parameter *PublishDeltaCRL*. + +To indicate that you want to publish this location in CRLs to point clients to a delta CRL, use the switch parameter *IncludeDeltaCRLs*. + +CRL uniform resource locators can be HTTP or Lightweight Directory Access Protocol (LDAP) paths. +You can use the following variables depending upon the switch when specifying the address of the CRL. + +``, which is replaced by the name of the targeted CA. + +``, which is replaced by object class identifier for a CA, used when publishing to an LDAP URL. + +``, which is replaced by sanitized name of the CA, truncated to 32 characters with a hash at the end. + +``, which is replaced by the object class identifier for CRL distribution points, used when publishing to an LDAP URL. + +``, which is replaced by the renewal extension of the CA. + +``, which is replaced by the location of the Configuration container in Active Directory Domain Services (AD DS) location. + +``, which is replaced by inserts a name suffix at the end of the file name when publishing a CRL to a file or URL. + +``, which is replaced by the CRLNameSuffix variable with a separate suffix to distinguish the delta CRL from the CRL; used when a delta CRL is published. + +``, which is replaced by the DNS name of the CA server. + +``, which is replaced by the NetBIOS name of the CA server. + +## EXAMPLES + +### Example 1: Add a CRL distribution point URI where AD CS publishes certification revocations +``` +PS C:\> Add-CACRLDistributionPoint -Uri "http://ca1.corp.contoso.com/pki/.crl" -AddToCertificateCdp +``` + +This command adds a CRL distribution point for the URI of `http://ca1.corp.contoso.com/pki/.crl` and sets the CRL URI to be included in issued certificates. + +## PARAMETERS + +### -AddToCertificateCdp +Indicates that the cmdlet adds the CDP extension of issued certificates. +This parameter is available for use with LDAP, HTTP, Universal Naming Convention (UNC), and File paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCrlCdp +Indicates that the cmdlet includes the CRL. +This parameter is available for use with LDAP paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCrlIdp +Indicates that the cmdlet includes the IDP extension of issued certificates. +This parameter is available for use with LDAP and HTTP paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToFreshestCrl +Indicates that the cmdlet includes the most recent CRL. +This parameter is available for use with LDAP, HTTP, UNC, and file paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PublishDeltaToServer +Indicates that the cmdlet publishes the delta CRL. +This parameter is available for use with LDAP, UNC, local, and file paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PublishToServer +Indicates that the cmdlet publishes the CRL to the specified server. +This parameter is available for use with LDAP, local, UNC, and file paths. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Uri +Specifies the uniform resource identifier (URI) for the distribution point location of the CRL. +This is the location from where status information about certificate revocation will be retrieved and the location the CRL will be published. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPointResult +This cmdlet returns a Boolean object named Restart. +If Restart equals True, then the CA must be restarted. + +## NOTES + +## RELATED LINKS + +[Get-CACrlDistributionPoint](./Get-CACrlDistributionPoint.md) + +[Remove-CACrlDistributionPoint](./Remove-CACrlDistributionPoint.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Add-CATemplate.md b/docset/winserver2025-ps/adcsadministration/Add-CATemplate.md new file mode 100644 index 0000000000..9058cf6e30 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Add-CATemplate.md @@ -0,0 +1,127 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/add-catemplate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-CATemplate +--- + +# Add-CATemplate + +## SYNOPSIS +Adds a certificate template to the CA. + +## SYNTAX + +``` +Add-CATemplate [-Name] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-CATemplate** cmdlet adds a certificate template to the certificate authority (CA) for issuing. + +A certificate template is a preconfigured list of certificate settings that allows users and computers to enroll for certificates without having to create complex certificate requests. +Certificate templates allow for the customization of a certificate that can be issued by the CA. +The template defines items such as the cryptographic types, validity and renewal periods, and certificate purposes. + +The certificate templates are stored in Active Directory Domain Services (AD DS). +Many default certificate templates are added to AD DS when the CA role service is installed. +This cmdlet does not allow you to create new templates or duplicate existing templates. + +## EXAMPLES + +### Example 1: Add a CA template +``` +PS C:\> Add-CATemplate -Name "EFS" +``` + +This command adds a CA template with the template name EFS. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of a certificate template name. +This name must always be the template name, short name without spaces, and not the template display name. +For example, the certificate template with the template display name of Exchange Enrollment Agent (Offline request) must be specified by its template name, which is EnrollmentAgentOffline. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String +There is only one parameter for this cmdlet, *Name*, and it can only accept a single template each time specified by name as a string. + +## OUTPUTS + +### System.Object + +## NOTES +* To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. + +## RELATED LINKS + +[Get-CATemplate](./Get-CATemplate.md) + +[Remove-CATemplate](./Remove-CATemplate.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Backup-CARoleService.md b/docset/winserver2025-ps/adcsadministration/Backup-CARoleService.md new file mode 100644 index 0000000000..8be59af2f3 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Backup-CARoleService.md @@ -0,0 +1,195 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/backup-caroleservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Backup-CARoleService +--- + +# Backup-CARoleService + +## SYNOPSIS +Backs up the CA database and private key information. + +## SYNTAX + +### Key +``` +Backup-CARoleService [-Path] [-Force] [-KeyOnly] [-Password ] [] +``` + +### Database +``` +Backup-CARoleService [-Path] [-Force] [-DatabaseOnly] [-Incremental] [-KeepLog] [] +``` + +### All +``` +Backup-CARoleService [-Path] [-Force] [-Password ] [-Incremental] [-KeepLog] + [] +``` + +## DESCRIPTION +The **Backup-CARoleService** cmdlet backs up the certification authority (CA) database and private key information to a specified path. + +## EXAMPLES + +### Example 1: Back up the CA database and private key information +``` +PS C:\> Backup-CARoleService -Path "C:\CABackup" +``` + +This command exports the CA database and private key information to the specified path. + +### Example 2: Back up the CA database only +``` +PS C:\> Backup-CARoleService -Path "C:\CABackup" -DatabaseOnly +``` + +This command exports the CA database to the specified path. +The command does not back up the CA private key information. + +### Example 3: Back up the CA key only +``` +PS C:\> Backup-CARoleService -Path "C:\CABackup" -KeyOnly +``` + +This command exports the CA private key information to the specified path. +The command does not back up the CA database. + +## PARAMETERS + +### -DatabaseOnly +Indicates that the cmdlet backs up only the certification authority database. + +```yaml +Type: SwitchParameter +Parameter Sets: Database +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Incremental +Indicates that the cmdlet performs incremental database back up. + +```yaml +Type: SwitchParameter +Parameter Sets: Database, All +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -KeepLog +Indicates that the cmdlet does not truncate database logs. + +```yaml +Type: SwitchParameter +Parameter Sets: Database, All +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -KeyOnly +Indicates that the cmdlet backs up only the CA private key and certificate. + +```yaml +Type: SwitchParameter +Parameter Sets: Key +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Password +Specifies a password, as a secure string, to protect private key and certificate information. +To obtain a secure string, use the [ConvertTo-SecureString](https://go.microsoft.com/fwlink/?LinkID=113291) cmdlet. +For more information, type `Get-Help ConvertTo-SecureString`. + +```yaml +Type: SecureString +Parameter Sets: Key, All +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Path +Specifies the directory to which the cmdlet backs up the CA database and private key. +If you back up the database, the cmdlet creates a new subdirectory named Database that contains the database backup. +If you back up the private key, the cmdlet writes the private key to a .p12 file in the Database subdirectory in the path that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +### System.Security.SecureString + +## OUTPUTS + +### System.Void + +## NOTES + +## RELATED LINKS + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/?LinkID=113291) + +[Restore-CARoleService](./Restore-CARoleService.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Confirm-CAAttestationIdentityKeyInfo.md b/docset/winserver2025-ps/adcsadministration/Confirm-CAAttestationIdentityKeyInfo.md new file mode 100644 index 0000000000..ab30e5b217 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Confirm-CAAttestationIdentityKeyInfo.md @@ -0,0 +1,115 @@ +--- +description: Checks whether the local CA trusts secure hardware for identity key attestation. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +online version: https://learn.microsoft.com/powershell/module/adcsadministration/confirm-caattestationidentitykeyinfo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Confirm-CAAttestationIdentityKeyInfo +--- + +# Confirm-CAAttestationIdentityKeyInfo + +## SYNOPSIS +Checks whether the local CA trusts secure hardware for identity key attestation. + +## SYNTAX + +### PublicKeyHash +``` +Confirm-CAAttestationIdentityKeyInfo [-PublicKeyHash] [] +``` + +### Certificate +``` +Confirm-CAAttestationIdentityKeyInfo [-Certificate] [] +``` + +## DESCRIPTION +The **Confirm-CAAttestationIdentityKeyInfo** cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for identity key attestation. The Attestation Identity Key (AIK) replaces the Endorsement Key as an identity for the TPM. An Attestation Identity Key is permanently embedded in the security hardware. The public portion of the key helps to recognize genuine security hardware. + +This cmdlet verifies whether the AIK public certificate connects through a certificate chain to an anchor that the CA trusts. Specify an X509 certificate by using the **Certificate** parameter. + +This cmdlet checks whether the AIK public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the **PublicKeyHash** parameter. + +## EXAMPLES + +### Example 1: Check certificate +``` +Confirm-CAAttestationIdentityKeyInfo -Certificate Contoso87.cer + +True +``` + +This command checks whether the certificate `Contoso87.cer` connects, by using a certificate chain, to a trusted anchor. +This example returns a value of `$True`. + +### Example 2: Check a key +``` +Confirm-CAAttestationIdentityKeyInfo -PublicKeyHash "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + +False +``` + +The command checks for the public certificate specified as an SHA-256 hash code. +This example returns a value of `$False`. +The CA does not have this public key. + +## PARAMETERS + +### -Certificate +Specifies an X509 public key certificate issued to secure hardware. + +```yaml +Type: X509Certificate2 +Parameter Sets: Certificate +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PublicKeyHash +Specifies an Attestation Identity Key (AIK) public key of the secure hardware, as the result of the SHA-256 hash algorithm. +This value is a 64 character hexadecimal string. + +```yaml +Type: String +Parameter Sets: PublicKeyHash +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Security.Cryptography.X509Certificates.X509Certificate2 + +## OUTPUTS + +### System.Boolean + +## NOTES + +## RELATED LINKS + +[Confirm-CAEndorsementKeyInfo](Confirm-CAEndorsementKeyInfo.md) + +[Add-CAAuthorityInformationAccess](Add-CAAuthorityInformationAccess.md) + +[Add-CACrlDistributionPoint](Add-CACrlDistributionPoint.md) + +[Backup-CARoleService](Backup-CARoleService.md) + +[Confirm-CAEndorsementKeyInfo](Confirm-CAEndorsementKeyInfo.md) diff --git a/docset/winserver2025-ps/adcsadministration/Confirm-CAEndorsementKeyInfo.md b/docset/winserver2025-ps/adcsadministration/Confirm-CAEndorsementKeyInfo.md new file mode 100644 index 0000000000..61eb5e7069 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Confirm-CAEndorsementKeyInfo.md @@ -0,0 +1,111 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/confirm-caendorsementkeyinfo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Confirm-CAEndorsementKeyInfo +--- + +# Confirm-CAEndorsementKeyInfo + +## SYNOPSIS +Checks whether the local CA trusts secure hardware for key attestation. + +## SYNTAX + +### PublicKeyHash +``` +Confirm-CAEndorsementKeyInfo [-PublicKeyHash] [] +``` + +### Certificate +``` +Confirm-CAEndorsementKeyInfo [-Certificate] [] +``` + +## DESCRIPTION +The **Confirm-CAEndorsementKeyInfo** cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for key attestation. +The cmdlet checks the endorsement key or certificate. +An endorsement key is permanently embedded in the security hardware. +The public portion of the endorsement key helps to recognize genuine security hardware. + +This cmdlet verifies whether the endorsement public certificate connects by means of a certificate chain to an anchor that the CA trusts for key attestation. +Specify an X509 certificate by using the *Certificate* parameter. + +This cmdlet checks whether the endorsement public key exists as a file in a folder configured at the local CA for key attestation. +Specify the public key by using the *PublicKeyHash* parameter. + +## EXAMPLES + +### Example 1: Check an endorsement certificate +``` +PS C:\> Confirm-CAEndorsementKeyInfo -Certificate Contoso87.cer + +True +``` + +This command checks whether the endorsement certificate Contoso87.cer connects, by means of a certificate chain, to a trusted anchor. +This example returns a value of $True. + +### Example 2: Check an endorsement key +``` +PS C:\> Confirm-CAEndorsementKeyInfo -PublicKeyHash "1dd117facfbdcbd8713b9c588eef305e61ce3d8e3c6e21e6323a877476ecd167" +False +``` + +The command checks for the endorsement public certificate specified as an SHA-256 hash code. +This example returns a value of $False. +Therefore, the CA does not have this public key. + +## PARAMETERS + +### -Certificate +Specifies an X509 public key certificate issued to secure hardware. + +```yaml +Type: X509Certificate2 +Parameter Sets: Certificate +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PublicKeyHash +Specifies an endorsement public key of the secure hardware, as the result of the SHA-256 hash algorithm. +This is a 64 character hexadecimal string. + +```yaml +Type: String +Parameter Sets: PublicKeyHash +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Security.Cryptography.X509Certificates.X509Certificate2 + +## OUTPUTS + +### System.Boolean + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adcsadministration/Get-CAAuthorityInformationAccess.md b/docset/winserver2025-ps/adcsadministration/Get-CAAuthorityInformationAccess.md new file mode 100644 index 0000000000..df51df8940 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Get-CAAuthorityInformationAccess.md @@ -0,0 +1,62 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/get-caauthorityinformationaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-CAAuthorityInformationAccess +--- + +# Get-CAAuthorityInformationAccess + +## SYNOPSIS +Gets the AIA and OCSP URI information set on the AIA extension of the CA properties. + +## SYNTAX + +``` +Get-CAAuthorityInformationAccess [] +``` + +## DESCRIPTION +The **Get-CAAuthorityInformationAccess** cmdlet gets the Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP) URI information set on the AIA extension of the certification authority (CA) properties. + +## EXAMPLES + +### Example 1: Get AIA and OCSP URI information set on the AIA extension of the CA properties +``` +PS C:\> Get-CAAuthorityInformationAccess +``` + +This command gets the current AIA and OCSP settings information for the certification authority. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.AuthorityInformationAccess +This cmdlet returns an array of Authority Information Access (AIA) **Microsoft.CertificateServices.Management.Cmdlets.CA.AuthorityInformationAccess** objects. +Each object will contain URI and different Boolean properties as follows: + +Name | Type +-----|------ +Uri | String +AddToCertificateAia | Boolean +AddtoCertificateOCSP | Boolean + +## NOTES + +## RELATED LINKS + +[Add-CAAuthorityInformationAccess](./Add-CAAuthorityInformationAccess.md) + +[Remove-CAAuthorityInformationAccess](./Remove-CAAuthorityInformationAccess.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Get-CACrlDistributionPoint.md b/docset/winserver2025-ps/adcsadministration/Get-CACrlDistributionPoint.md new file mode 100644 index 0000000000..a526642019 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Get-CACrlDistributionPoint.md @@ -0,0 +1,66 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/get-cacrldistributionpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-CACrlDistributionPoint +--- + +# Get-CACrlDistributionPoint + +## SYNOPSIS +Gets all the locations set on the CDP extension of the CA properties. + +## SYNTAX + +``` +Get-CACrlDistributionPoint [] +``` + +## DESCRIPTION +The **Get-CACRLDistributionPoint** cmdlet gets all the locations set on the CRL distribution point (CDP) extension of the certification authority (CA) properties. + +## EXAMPLES + +### Example 1: Get a CA certificate revocation list distribution point object +``` +PS C:\> Get-CACrlDistributionPoint +``` + +This command gets a CA certificate revocation list (CRL) distribution point (CDP) type object, which contains the settings information and uniform resource indicator (URI) that correspond to the CDP for the current CA. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### none + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPoint +This cmdlet returns an array of **Microsoft.CertificateServices.Management.Cmdlets.CA.CrlDistributionPoint** objects. +Each object contains URI and different Boolean properties as follows: + +Name | Type +-----|------ +PublishToServer | Boolean +PublishDeltaToServer | Boolean +AddToCertificateCdp | Boolean +AddToFreshestCrl | Boolean +AddToCrlCdp | Boolean +AddToCrlIdp | Boolean +Uri | String + +## NOTES + +## RELATED LINKS + +[Add-CACrlDistributionPoint](./Add-CACrlDistributionPoint.md) + +[Remove-CACrlDistributionPoint](./Remove-CACrlDistributionPoint.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Get-CATemplate.md b/docset/winserver2025-ps/adcsadministration/Get-CATemplate.md new file mode 100644 index 0000000000..8e9261e13a --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Get-CATemplate.md @@ -0,0 +1,56 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/get-catemplate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-CATemplate +--- + +# Get-CATemplate + +## SYNOPSIS +Gets the list of templates set on the CA for issuance of certificates. + +## SYNTAX + +``` +Get-CATemplate [] +``` + +## DESCRIPTION +The **Get-CATemplate** cmdlet gets the list of templates set on the certificate authority (CA) for issuance of certificates. + +## EXAMPLES + +### Example 1: Get the list of templates set on the CA for issuance of certificates +``` +PS C:\> Get-CATemplate +``` + +This command gets a list of certificate template entries that each contain a template name. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.Common.CertificateTemplate +This cmdlet returns an array of certificate template objects which have two properties: (1) Object Name and (2) Object ID (OID). +Both properties are of string type. + +## NOTES + +## RELATED LINKS + +[Add-CATemplate](./Add-CATemplate.md) + +[Remove-CATemplate](./Remove-CATemplate.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Remove-CAAuthorityInformationAccess.md b/docset/winserver2025-ps/adcsadministration/Remove-CAAuthorityInformationAccess.md new file mode 100644 index 0000000000..0c24ce6a2f --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Remove-CAAuthorityInformationAccess.md @@ -0,0 +1,182 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/remove-caauthorityinformationaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-CAAuthorityInformationAccess +--- + +# Remove-CAAuthorityInformationAccess + +## SYNOPSIS +Removes AIA or OCSP URI from the AIA extension set on the certification authority. + +## SYNTAX + +### RemoveAsAIA (Default) +``` +Remove-CAAuthorityInformationAccess [-Uri] [-AddToCertificateAia] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### RemoveAsOCSP +``` +Remove-CAAuthorityInformationAccess [-Uri] [-AddToCertificateOcsp] [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-CAAuthorityInformationAccess** cmdlet removes the Authority Information Access (AIA) or Online Certificate Status Protocol (OCSP) uniform resource information (URI) from the AIA extension set on the certification authority. + +## EXAMPLES + +### Example 1: Remove AIA for a specified URI +``` +PS C:\> Remove-CAAuthorityInformationAccess -Uri "http://www.contoso.com/pki/orca1.crt" -AddToCertificateAia +``` + +This command removes AIA for the specified URI named `http://www.contoso.com/pki/orca1.crt`. + +### Example 2: Remove OCSP for a specified URI +``` +PS C:\> Remove-CAAuthorityInformationAccess -Uri "http://www.cpandl.com/ocsp/" -AddToCertificateOcsp +``` + +This command removes the OCSP for the specified URI named `http://www.cpandl.com/ocsp`. + +### Example 3: Remove all AIA and OCSP entries for a specified URI +``` +PS C:\> Remove-CAAuthorityInformationAccess -Uri "http://www.contoso.com/pki/orca1.crt" +``` + +This command removes all AIA and OCSP entries that match the URL `http://www.contoso.com/pki/orca1.crt`. + +### Example 4: Remove all AIA entries + +```powershell +$AIA = Get-CAAuthorityInformationAccess +$AIA | Remove-CAAuthorityInformationAccess +``` + +This example removes all AIA entries + +The first command gets the certificate authority information and stores the information in the variable named $AIA. + +The second command removes all the AIA entries that are stored in the $AIA variable. +## PARAMETERS + +### -AddToCertificateAia +Indicates that the cmdlet adds the AIA URI. + +```yaml +Type: SwitchParameter +Parameter Sets: RemoveAsAIA +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCertificateOcsp +Indicates that the cmdlet adds an Online Responder's URI. + +```yaml +Type: SwitchParameter +Parameter Sets: RemoveAsOCSP +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Uri +Specifies the URI from where the certificate for the CA can be downloaded or the online responder information can be obtained. +This information is added to the CA properties and registry. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.AuthorityInformationAccessResult + +## NOTES +* You must be a member of Enterprise Admins group to successfully run this command. + +## RELATED LINKS + +[Add-CAAuthorityInformationAccess](./Add-CAAuthorityInformationAccess.md) + +[Get-CAAuthorityInformationAccess](./Get-CAAuthorityInformationAccess.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Remove-CACrlDistributionPoint.md b/docset/winserver2025-ps/adcsadministration/Remove-CACrlDistributionPoint.md new file mode 100644 index 0000000000..175fc96261 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Remove-CACrlDistributionPoint.md @@ -0,0 +1,223 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/remove-cacrldistributionpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-CACrlDistributionPoint +--- + +# Remove-CACrlDistributionPoint + +## SYNOPSIS +Removes the URI for the CRL distribution point (CDP) from the CA. + +## SYNTAX + +``` +Remove-CACrlDistributionPoint [-Uri] [-AddToCertificateCdp] [-AddToFreshestCrl] [-AddToCrlCdp] + [-AddToCrlIdp] [-PublishToServer] [-PublishDeltaToServer] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-CACRLDistributionPoint** cmdlet removes the uniform resource identifier (URI) for the certificate revocation list (CRL) distribution point from the certification authority (CA). + +## EXAMPLES + +### Example 1: Remove all URIs for all distribution points for the specified URI +``` +PS C:\> Remove-CACrlDistributionPoint -URI "http://corp.contoso.com/rootca.crl" +``` + +This command removes all URIs for all distribution points that contain the specified URI value `http://corp.contoso.com/rootca.crl`. + +### Example 2: Remove the URIs for all distribution points for the CDP extension of issued certificates +``` +PS C:\> Remove-CACrlDistributionPoint -Uri "http://corp.contoso.com/rootca.crl" -AddToCertificateCdp +``` + +This command removes only the URIs that are set to a value of `http://corp.contoso.com/rootca.crl` and for which the *AddToCertificateCdp* parameter is set. + +### Example 3: Remove the URIs for all distribution points for the CDP and IDP extensions of issued certificates +``` +PS C:\> Remove-CACrlDistributionPoint -Uri "http://www.contoso.com/pki/orca.crl" -AddToCertificateCdp -AddToCrlIdp +``` + +This command removes only the URIs that are unique to the URI named `http://www.contoso.com/pki/orca.crl` and the combination of flags that are set or included with the *AddToCertificateCdp* and *AddToCrlIdp* parameters. + +## PARAMETERS + +### -AddToCertificateCdp +Indicates that the cmdlet removes the CDP extension of issued certificates. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCrlCdp +Indicates that the cmdlet removes the CRL. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToCrlIdp +Indicates that the cmdlet removes the IDP extension of issued certificates. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AddToFreshestCrl +Indicates that the cmdlet removes the most recent CRL. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PublishDeltaToServer +Indicates that the cmdlet removes the delta CRL. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PublishToServer +Indicates that the cmdlet removes the base CRL. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Uri +Specifies the uniform resource identifier (URI) for the distribution point location of the certificate revocation list (CRL). +This is the location from where status information about certificate revocation has been retrieved and/or the location the CRL was published. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPointResult +This cmdlet returns a property named RestartCA, which when set to True indicates that the CA service (certsvc) needs to be restarted. + +## NOTES + +## RELATED LINKS + +[Add-CACrlDistributionPoint](./Add-CACrlDistributionPoint.md) + +[Get-CACrlDistributionPoint](./Get-CACrlDistributionPoint.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Remove-CATemplate.md b/docset/winserver2025-ps/adcsadministration/Remove-CATemplate.md new file mode 100644 index 0000000000..4913fc02d2 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Remove-CATemplate.md @@ -0,0 +1,147 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/remove-catemplate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-CATemplate +--- + +# Remove-CATemplate + +## SYNOPSIS +Removes the templates from the CA which were set for issuance of certificates. + +## SYNTAX + +### Default (Default) +``` +Remove-CATemplate [-Name] [-Force] [-WhatIf] [-Confirm] [] +``` + +### AllTemplates +``` +Remove-CATemplate [-AllTemplates] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-CATemplate** cmdlet removes the templates from the certification authority (CA) which were set for issuance of certificates. + +## EXAMPLES + +### Example 1: Remove all templates on the CA +``` +PS C:\> Remove-CATemplate -AllTemplates +``` + +This command removes all the templates on the CA set for certificates issuance are removed. + +### Example 2: Remove a specific CA +``` +PS C:\> Remove-CATemplate -Name "EFS" +``` + +This command removes the template named EFS on the CA that is set for certificate issuance is removed. + +## PARAMETERS + +### -AllTemplates +Indicates that the cmdlet removes all certificate templates on the CA that are available for certificate issuance. +A common task administrative task is to remove all the default templates that are currently added for issuance. +This allows the administrator to add only the templates that should be available for certificate issuance in the given scenario. + +```yaml +Type: SwitchParameter +Parameter Sets: AllTemplates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of an individual certificate template from the CA that is available for certificate issuance that this cmdlet removes. +You need to use the certificate template name and not the certificate template display name. +For instance, the certificate template display name of Basic EFS is assigned the template name EFS. + +```yaml +Type: String +Parameter Sets: Default +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Add-CATemplate](./Add-CATemplate.md) + +[Get-CATemplate](./Get-CATemplate.md) + diff --git a/docset/winserver2025-ps/adcsadministration/Restore-CARoleService.md b/docset/winserver2025-ps/adcsadministration/Restore-CARoleService.md new file mode 100644 index 0000000000..9f60dd0275 --- /dev/null +++ b/docset/winserver2025-ps/adcsadministration/Restore-CARoleService.md @@ -0,0 +1,195 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Administration.Commands.dll-Help.xml +Module Name: ADCSAdministration +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsadministration/restore-caroleservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Restore-CARoleService +--- + +# Restore-CARoleService + +## SYNOPSIS +Restores the CA database and private key information. + +## SYNTAX + +### Key +``` +Restore-CARoleService [-Path] [-Force] [-KeyOnly] [-Password ] [-WhatIf] [-Confirm] + [] +``` + +### Database +``` +Restore-CARoleService [-Path] [-Force] [-DatabaseOnly] [-WhatIf] [-Confirm] [] +``` + +### All +``` +Restore-CARoleService [-Path] [-Force] [-Password ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Restore-CARoleService** cmdlet restores the certification authority (CA) database and private key information. + +## EXAMPLES + +### Example 1: Restore the CA private key and certificate +``` +PS C:\> Restore-CARoleService -Path "C:\CABackup" +``` + +This command restores the CA private key and certificate from the specified path. + +### Example 2: Restore the CA database only +``` +PS C:\> Restore-CARoleService -Path "C:\CABackup" -DatabaseOnly +``` + +This command restores the CA database from the specified path. +The command does not restore the CA private key information. + +### Example 3: Restore the CA key only +``` +PS C:\> Restore-CARoleService -Path "C:\CABackup" -KeyOnly +``` + +This command restores the CA private key information to the specified path. +The command does not restore the CA database. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabaseOnly +Indicates that the cmdlet restores only the certification authority database. + +```yaml +Type: SwitchParameter +Parameter Sets: Database +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -KeyOnly +Indicates that the cmdlet restores only the certification authority private key and certificate. + +```yaml +Type: SwitchParameter +Parameter Sets: Key +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Password +Specifies a password, as a secure string, to access the private key and certificate information. +To obtain a secure string, use the [ConvertTo-SecureString](https://go.microsoft.com/fwlink/?LinkID=113291) cmdlet. +For more information, type `Get-Help ConvertTo-SecureString`. + +```yaml +Type: SecureString +Parameter Sets: Key, All +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Path +Specifies the directory from which the cmdlet restores the CA database and private key. +The cmdlet restores the database from the subdirectory named Database in the path that you specified when you backed up the CA database. +The cmdlet restores the private key from the .p12 file that you backed up in the Database subdirectory in the path that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +### System.Security.SecureString + +## OUTPUTS + +### System.Void + +## NOTES + +## RELATED LINKS + +[Backup-CARoleService](./Backup-CARoleService.md) + diff --git a/docset/winserver2025-ps/adcsdeployment/ADCSDeployment.md b/docset/winserver2025-ps/adcsdeployment/ADCSDeployment.md new file mode 100644 index 0000000000..adc52c534b --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/ADCSDeployment.md @@ -0,0 +1,68 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 4.0.2.1 +Locale: en-US +Module Guid: 5919a3cb-977e-464f-a221-421c270218b4 +Module Name: ADCSDeployment +ms.date: 12/27/2016 +title: ADCSDeployment +--- + +# ADCSDeployment Module + +## Description + +This topic contains the brief descriptions of the Windows PowerShell® cmdlets that are for use in +deploying Active Directory Certificate Services (AD CS). Each cmdlet in the table is linked to +additional information about that cmdlet. + +## ADCSDeployment Cmdlets + +### [Install-AdcsCertificationAuthority](./Install-AdcsCertificationAuthority.md) + +Performs installation and configuration of the AD CS Certification Authority role service. + +### [Install-AdcsEnrollmentPolicyWebService](./Install-AdcsEnrollmentPolicyWebService.md) + +Performs the configuration of Certificate Enrollment Policy Web service. + +### [Install-AdcsEnrollmentWebService](./Install-AdcsEnrollmentWebService.md) + +Performs the initial configuration of the Certificate Enrollment Web service. + +### [Install-AdcsNetworkDeviceEnrollmentService](./Install-AdcsNetworkDeviceEnrollmentService.md) + +Installs the NDES role service. + +### [Install-AdcsOnlineResponder](./Install-AdcsOnlineResponder.md) + +Installs the Online Responder service. + +### [Install-AdcsWebEnrollment](./Install-AdcsWebEnrollment.md) + +Installs the Certification Authority Web Enrollment. + +### [Uninstall-AdcsCertificationAuthority](./Uninstall-AdcsCertificationAuthority.md) + +Uninstalls the CA role service and removes the configuration information. + +### [Uninstall-AdcsEnrollmentPolicyWebService](./Uninstall-AdcsEnrollmentPolicyWebService.md) + +Uninstalls the Certificate Enrollment Policy Web service. + +### [Uninstall-AdcsEnrollmentWebService](./Uninstall-AdcsEnrollmentWebService.md) + +Uninstalls the Certificate Enrollment Web service or individual instances of it. + +### [Uninstall-AdcsNetworkDeviceEnrollmentService](./Uninstall-AdcsNetworkDeviceEnrollmentService.md) + +Uninstalls the NDES role service. + +### [Uninstall-AdcsOnlineResponder](./Uninstall-AdcsOnlineResponder.md) + +Uninstalls the Online Responder service. + +### [Uninstall-AdcsWebEnrollment](./Uninstall-AdcsWebEnrollment.md) + +Uninstalls the CA Web Enrollment role service. diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsCertificationAuthority.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsCertificationAuthority.md new file mode 100644 index 0000000000..d41c54320f --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsCertificationAuthority.md @@ -0,0 +1,607 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcscertificationauthority?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsCertificationAuthority +--- + +# Install-AdcsCertificationAuthority + +## SYNOPSIS +Performs installation and configuration of the Active Directory Certificate Services (AD CS) +Certification Authority (CA) role service. + +## SYNTAX + +### NewKeyParameterSet (Default) + +``` +Install-AdcsCertificationAuthority [-AllowAdministratorInteraction] + [-ValidityPeriod ] [-ValidityPeriodUnits ] + [-CACommonName ] [-CADistinguishedNameSuffix ] + [-CAType ] [-CryptoProviderName ] + [-DatabaseDirectory ] [-HashAlgorithmName ] + [-IgnoreUnicode] [-KeyLength ] [-LogDirectory ] + [-OutputCertRequestFile ] [-OverwriteExistingCAinDS] + [-OverwriteExistingKey] [-ParentCA ] [-OverwriteExistingDatabase] + [-Credential ] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### ExistingCertificateParameterSet + +``` +Install-AdcsCertificationAuthority [-AllowAdministratorInteraction] + [-CertFilePassword ] [-CertFile ] [-CAType ] + [-CertificateID ] [-DatabaseDirectory ] + [-LogDirectory ] [-OverwriteExistingKey] + [-OverwriteExistingDatabase] [-Credential ] [-Force] + [-WhatIf] [-Confirm] [] +``` + +### ExistingKeyParameterSet + +``` +Install-AdcsCertificationAuthority [-AllowAdministratorInteraction] + [-ValidityPeriod ] [-ValidityPeriodUnits ] + [-CADistinguishedNameSuffix ] [-CAType ] + [-CryptoProviderName ] [-DatabaseDirectory ] + [-HashAlgorithmName ] [-IgnoreUnicode] [-KeyContainerName ] + [-LogDirectory ] [-OutputCertRequestFile ] + [-OverwriteExistingCAinDS] [-ParentCA ] + [-OverwriteExistingDatabase] [-Credential ] [-Force] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsCertificationAuthority` cmdlet performs installation and configuration of the +Active Directory Certificate Services (AD CS) Certification Authority (CA) role service. To remove +the certification authority role service use the `Uninstall-AdcsCertificationAuthority` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Install-WindowsFeature Adcs-Cert-Authority` + +To include the Certification Authority and Certificate Templates consoles in a CA installation, you +must use the **IncludeManagementTools** parameter at the end of the +`Install-WindowsFeature Adcs-Cert-Authority` command. + +**Int** is equivalent to **Int32** in the +[.NET Framework](/dotnet/csharp/language-reference/builtin-types/built-in-types). + +## EXAMPLES + +### Example 1: Install a new Standalone Root CA with default settings + +```powershell +Install-AdcsCertificationAuthority -CAType StandaloneRootCa +``` + +This command installs a new Standalone Root CA with default settings. + +### Example 2: Install a new Enterprise Root CA using a specific provider and key length + +```powershell +$params = @{ + CAType = EnterpriseRootCa + CryptoProviderName = "ECDSA_P256#Microsoft Software Key Storage Provider" + KeyLength = 256 + HashAlgorithmName = SHA256 +} +Install-AdcsCertificationAuthority @params +``` + +This command installs a new Enterprise Root CA using the provider named ECDSA_P256 Microsoft +Software Key Storage Provider, key length of 256, and the hash algorithm named SHA 256. + +### Example 3: Install a new Enterprise Root CA using a specific provider and a validity period + +```powershell +$params = @{ + CAType = EnterpriseRootCa + CryptoProviderName = "RSA#Microsoft Software Key Storage Provider" + KeyLength = 2048 + HashAlgorithmName = SHA1 + ValidityPeriod = Years + ValidityPeriodUnits = 3 +} +Install-AdcsCertificationAuthority @params +``` + +This command installs a new Enterprise Root CA using the RSA algorithm using the provider named +Microsoft Software Key Storage Provider, a key length of 2048, a hash algorithm named SHA 1, and +validity period of three years. + +### Example 4: Install a new Enterprise Subordinate CA using a parent CA + +```powershell +$params = @{ + CAType = EnterpriseSubordinateCa + ParentCA = "SERVER75.corp.contoso.com\SERVER75-CA" +} +Install-AdcsCertificationAuthority @params +``` + +This command installs a new Enterprise subordinate CA, the parent CA is `SERVER75` in the CORP domain +of Contoso.com. + +### Example 5: Install a new Enterprise Subordinate CA using an existing certificate + +```powershell +$params = @{ + CAType = EnterpriseSubordinateCa + CertFile = "C:\Cert\SERVER80-CA.p12" + CertFilePassword = (Read-Host "Set user password" -AsSecureString) +} +Install-AdcsCertificationAuthority @params +``` + +This command installs an Enterprise Subordinate CA using an existing certificate from a PFX/P12 file +that is located on the local `C:\Cert` folder named `SERVER80-CA.p12`. + +## PARAMETERS + +### -AllowAdministratorInteraction + +Indicates that the cmdlet enables prompting when the private key is accessed. This is not required +for any of the Microsoft default providers. For enhanced security components, such as a hardware +security module (HSM), review the enhanced security component vendor documentation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CACommonName + +Specifies the certification authority common name. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CADistinguishedNameSuffix + +Specifies the certification authority distinguished name suffix. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CAType + +Specifies the type of certification authority that this cmdlet installs. +The acceptable values for this parameter are: + +- EnterpriseRootCA +- EnterpriseSubordinateCA +- StandaloneRootCA +- StandaloneSubordinateCA + +```yaml +Type: CAType +Parameter Sets: (All) +Aliases: +Accepted values: EnterpriseRootCA, EnterpriseSubordinateCA, StandaloneRootCA, StandaloneSubordinateCA + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CertFile + +Specifies the file name of certification authority PKCS #12 formatted certificate file. + +```yaml +Type: String +Parameter Sets: ExistingCertificateParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CertFilePassword + +Specifies the password for certification authority certificate file. + +```yaml +Type: SecureString +Parameter Sets: ExistingCertificateParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CertificateID + +Specifies the thumbprint or serial number of certification authority certificate. + +```yaml +Type: String +Parameter Sets: ExistingCertificateParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a **PSCredential** object for the connection to AD DS. To obtain a credential object, use +the `Get-Credential` cmdlet. For more information, type `Get-Help Get-Credential`. To install an +enterprise certification authority, the computer must be joined to an AD DS domain and a user +account that is a member of the Enterprise Admin group is required. To install a standalone +certification authority, the computer can be in a workgroup or AD DS domain. If the computer is in a +workgroup, a user account that is a member of Administrators is required. If the computer is in an +AD DS domain, a user account that is a member of Domain Admins is required. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CryptoProviderName + +Specifies the name of the cryptographic service provider (CSP) or key storage provider (KSP) that is +used to generate or store the private key for the CA. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DatabaseDirectory + +Specifies the folder location of the certification authority database. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HashAlgorithmName + +Specifies the signature hash algorithm used by the certification authority. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IgnoreUnicode + +Indicates that the cmdlet allows Unicode characters in the certification authority name string. + +```yaml +Type: SwitchParameter +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -KeyContainerName + +Specifies the name of an existing private key container. + +```yaml +Type: String +Parameter Sets: ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -KeyLength + +Specifies the bit length for new certification authority key. + +```yaml +Type: Int32 +Parameter Sets: NewKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LogDirectory + +Specifies the folder location of the certification authority database log. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OutputCertRequestFile + +Specifies the folder location for the certificate request file. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OverwriteExistingCAinDS + +Indicates that the cmdlet overwrites the computer object in the Active Directory Domain Service +domain with the same computer name. + +```yaml +Type: SwitchParameter +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OverwriteExistingDatabase + +Indicates that the cmdlet overwrites the existing certification authority database. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OverwriteExistingKey + +Indicates that the cmdlet overwrites the existing key container with the same name. + +```yaml +Type: SwitchParameter +Parameter Sets: NewKeyParameterSet, ExistingCertificateParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ParentCA + +Specifies the configuration string of the parent certification authority that will certify this CA. + +```yaml +Type: String +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ValidityPeriod + +Specifies the validity period of the certification authority (CA) certificate in hours, days, weeks, +months, or years. If this is a subordinate CA, do not use this parameter, because the validity period +is determined by the parent CA. + +```yaml +Type: ValidityPeriod +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: +Accepted values: Hours, Days, Weeks, Months, Years + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ValidityPeriodUnits + +Specifies the validity period of the CA certificate. If this is a subordinate CA, do not specify +this parameter because the validity period is determined by the parent CA. + +```yaml +Type: Int32 +Parameter Sets: NewKeyParameterSet, ExistingKeyParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, +`-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, +`-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter + +### System.Security.SecureString + +### System.String + +### Microsoft.CertificateServices.Deployment.Common.CA.ValidityPeriod + +### System.Int32 + +### Microsoft.CertificateServices.Deployment.Common.CA.CAType + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **force** parameter to + bypass the prompt for confirmation. To see parameters, run the following command: + + `Install-AdcsCertificationAuthority -?` +- If you have installation issues, try using the **verbose** parameter to get verbose output and + review the information in the %windir%\cerocm.log file. + +## RELATED LINKS + +[Uninstall-AdcsCertificationAuthority](./Uninstall-AdcsCertificationAuthority.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentPolicyWebService.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentPolicyWebService.md new file mode 100644 index 0000000000..26a32d1ae3 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentPolicyWebService.md @@ -0,0 +1,244 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcsenrollmentpolicywebservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsEnrollmentPolicyWebService +--- + +# Install-AdcsEnrollmentPolicyWebService + +## SYNOPSIS +Performs the configuration of Certificate Enrollment Policy Web Service. + +## SYNTAX + +``` +Install-AdcsEnrollmentPolicyWebService + [-AuthenticationType ] [-SSLCertThumbprint ] + [-KeyBasedRenewal] [-Force] [-Credential ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsEnrollmentPolicyWebService` cmdlet performs the configuration of Certificate +Enrollment Policy Web Service. It is also used to create and configure additional instances of the +service within an existing installation. To remove the certification authority (CA) role service use +the `Uninstall-AdcsEnrollmentPolicyWebService` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Import-Module ServerManager` +- `Add-WindowsFeature Adcs-Enroll-Web-Pol` + +## EXAMPLES + +### Example 1: Install the Certificate Enrollment Policy Web Service using Kerberos + +```powershell +$params = @{ + AuthenticationType = Kerberos + SSLCertThumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b" +} +Install-AdcsEnrollmentPolicyWebService @params +``` + +This command installs the Certificate Enrollment Policy Web Service using Kerberos for +authentication. For information on obtaining a certificate thumbprint using Windows PowerShell, see +[Certificate Provider](https://go.microsoft.com/fwlink/?LinkId=225044). + +### Example 2: Install the Certificate Enrollment Policy Web Service specifying a username and password + +```powershell +$params = @{ + AuthenticationType = Username + SSLCertThumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b" +} +Install-AdcsEnrollmentPolicyWebService @params +``` + +This command installs the Certificate Enrollment Policy Web Service specifying that a username and +password is used for authentication. + +### Example 3: Install the Certificate Enrollment Policy Web Service specifying a username and password for Key-Based Renewal + +```powershell +$params = @{ + AuthenticationType = Username + SSLCertThumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b" + KeyBasedRenewal = $true +} +Install-AdcsEnrollmentPolicyWebService @params +``` + +This command installs the Certificate Enrollment Policy Web Service specifying that a username and +password is used for authentication and configures the service for Key-Based Renewal of the +certificate. + +## PARAMETERS + +### -AuthenticationType + +Specifies the authentication type used by the Certificate Enrollment Policy Web Service. +The acceptable values for this parameter are: + +- Certificate +- Kerberos +- UserName + +```yaml +Type: AuthenticationType +Parameter Sets: (All) +Aliases: +Accepted values: Kerberos, UserName, Certificate + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the credentials for installing the Enrollment Policy Web Service. To obtain a credential +object, use the `Get-Credential` cmdlet. For more information, type `Get-Help Get-Credential`. The +Enrollment Policy Web Service must be installed on a server that is a member of an Active Directory +Domain Services (AD DS) domain. You must use an account that is a member of Domain Admins group to +install this service. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyBasedRenewal + +Indicates that this cmdlet configures the Certificate Enrollment Policy Web Service to operate in +key-based renewal mode. Key-based renewal allows certificate clients to renew their certificates +using the key of their existing certificate for authentication. When in key-based renewal mode, the +service will only return certificate templates that are set for key based renewal. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SSLCertThumbprint + +Specifies the thumbprint of the certificate used by Internet Information Service (IIS) to enable +support for required Secure Sockets Layer/Transport Layer Security (SSL/TLS). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.CertificateServices.Deployment.Common.AuthenticationType + +### System.String + +### System.Management.Automation.SwitchParameter + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CEP.EnrollmentPolicyServiceResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. To see parameters, run the following command: + `Install-AdcsEnrollmentPolicyWebService -?` + +- You can get the CA configuration, which is the computer name and CA name by running certutil + without any parameters. You can see the certificate SSL certificate thumbprints assigned to the + local computer by running the following commands: + - `cd cert:\LocalMachine\My` + - `dir | format-list` + +## RELATED LINKS + +[Uninstall-AdcsEnrollmentPolicyWebService](./Uninstall-AdcsEnrollmentPolicyWebService.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentWebService.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentWebService.md new file mode 100644 index 0000000000..e97078e955 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsEnrollmentWebService.md @@ -0,0 +1,350 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcsenrollmentwebservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsEnrollmentWebService +--- + +# Install-AdcsEnrollmentWebService + +## SYNOPSIS +Performs the initial configuration of the Certificate Enrollment Web service. + +## SYNTAX + +### DefaultParameterSet (Default) + +``` +Install-AdcsEnrollmentWebService [-CAConfig ] + [-ApplicationPoolIdentity] [-AuthenticationType ] + [-SSLCertThumbprint ] [-RenewalOnly] [-AllowKeyBasedRenewal] + [-Force] [-Credential ] [-WhatIf] [-Confirm] + [] +``` + +### ServiceAccountParameterSet + +``` +Install-AdcsEnrollmentWebService [-CAConfig ] +-ServiceAccountName -ServiceAccountPassword +[-AuthenticationType ] [-SSLCertThumbprint ] +[-RenewalOnly] [-AllowKeyBasedRenewal] [-Force] [-Credential ] +[-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsEnrollmentWebService` cmdlet performs the configuration of the Certificate +Enrollment Web service. It is also used to create and configure additional instances of the service +within an existing installation. To remove the Certificate Enrollment Web Service role service use +the `Uninstall-AdcsEnrollmentWebService` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Import-Module ServerManager` +- `Add-WindowsFeature Adcs-Enroll-Web-Svc` + +## EXAMPLES + +### Example 1: Installs the Certificate Enrollment Web Service to use the certification authority + +```powershell +$params = @{ + ApplicationPoolIdentity = $true + CAConfig = "CA1.contoso.com\contoso-CA1-CA" + SSLCertThumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b" + AuthenticationType = Certificate +} +Install-AdcsEnrollmentWebService @params +``` + +This command installs the Certificate Enrollment Web Service to use the certification authority with +a computer name of `CA1.contoso.com` and a CA common name `contoso-CA1-CA`. The identity of the +Certificate Enrollment Web Service is specified as the default application pool identity. The +authentication type is certificate based. + +### Example 2: Installs the Certificate Enrollment Web Service to use the certification authority that prompts for password + +```powershell +$params = @{ + CAConfig = "APP1.corp.contoso.com\corp-APP1-CA" + SSLCertThumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b" + ServiceAccountName = "Corp\CEPAcct1" + ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString) +} +Install-AdcsEnrollmentWebService @params +``` + +This command installs the Certificate Enrollment Web Service to use the certification authority with +a computer name of `APP1.corp.contoso.com` and a CA common name `corp-APP1-CA`. The identity of the +Certificate Enrollment Web Service is specified as `CEPAcct1` from the `Corp` domain. The command +will prompt for the user password. + +## PARAMETERS + +### -AllowKeyBasedRenewal + +Indicates that the cmdlet accepts key based renewal requests for the enrollment server, which are +valid client certificates for authentication that do not directly map to a security principal. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationPoolIdentity + +Indicates that the cmdlet configures the Certificate Enrollment Web Service to use the application +pool identity when communicating with the Certification Authority (CA). This parameter is only valid +when Certificate Enrollment Web Service targets a remote CA. If not specified, the local application +pool identity is used. This parameter is only valid when installing the first instance of the +Certificate Enrollment Web Service. If this installation will be for an additional instance of +Certificate Enrollment Web Service on this server, then this parameter should not be specified. + +```yaml +Type: SwitchParameter +Parameter Sets: DefaultParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationType + +Specifies the authentication type. +The acceptable values for this parameter are: + +- Certificate +- Kerberos +- UserName + +```yaml +Type: AuthenticationType +Parameter Sets: (All) +Aliases: +Accepted values: Kerberos, UserName, Certificate + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CAConfig + +Specifies the configuration string of the CA used by the Certificate Enrollment Web Service to +process enrollment requests. This parameter depends upon whether a local CA is installed. If the CA +is local, then the parameter is optional and defaults to the local CA when not specified. If there +is not a local CA, then the parameter is required. The input of the configuration string is +`\`. Replace the computer name of the (CA) for `` and +replace the CA common name for ``. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the credentials for installing the Certificate Enrollment Web Service. To obtain a +credential object, use the `Get-Credential` cmdlet. For more information, type +`Get-Help Get-Credential`. The Certificate Enrollment Web Service must be installed on a server that +is a member of an Active Directory Domain Services (AD DS) domain. If the Certificate Enrollment Web +Service is configured to use a Standalone certification authority (CA), then an account that is a +member of the local Administrators on the CA is required. If the Enrollment Web Service is installed +to use an Enterprise CA, then using an account that is a member of Domain Admins group is required. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RenewalOnly + +Indicates that the cmdlet enables renewal only mode. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SSLCertThumbprint + +Specifies the hash or thumbprint of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) +certificate for a web site as a string value. This parameter is optional. If used, it establishes +the necessary binding with Internet Information Server (IIS) to enable support for the required +SSL/TLS connectivity. If a binding already exists within IIS, specifying this parameter overwrites +the existing binding. If this parameter is not specified, any existing binding is used. If no +bindings exist, installation succeeds, but the service will not function until the binding is +established manually. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAccountName + +Specifies the domain account for use with the service. The input string should be in the form of +`\`. For instance, to specify an account named `WebEnroll` in the +`Corp.contoso.com` domain, you would type `CORP\WebEnroll`. + +```yaml +Type: String +Parameter Sets: ServiceAccountParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAccountPassword + +Specifies the password for the domain account used as the service account. + +```yaml +Type: SecureString +Parameter Sets: ServiceAccountParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Security.SecureString + +### System.Management.Automation.SwitchParameter + +### Microsoft.CertificateServices.Deployment.Common.AuthenticationType + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CES.EnrollmentServiceResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. To see parameters, run the following command: + `Install-AdcsEnrollmentWebService cmdlet -?` +- You can get the CA configuration, which is the computer name and CA name by running certutil + without any parameters. You can see the SSL certificate thumbprints assigned to the local computer + by running the following commands: + - `cd cert:\LocalMachine\My` + - `dir | format-list` + +## RELATED LINKS + +[Uninstall-AdcsEnrollmentWebService](./Uninstall-AdcsEnrollmentWebService.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsNetworkDeviceEnrollmentService.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsNetworkDeviceEnrollmentService.md new file mode 100644 index 0000000000..e7ec85c125 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsNetworkDeviceEnrollmentService.md @@ -0,0 +1,469 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcsnetworkdeviceenrollmentservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsNetworkDeviceEnrollmentService +--- + +# Install-AdcsNetworkDeviceEnrollmentService + +## SYNOPSIS +Installs the NDES role service. + +## SYNTAX + +### DefaultParameterSet (Default) + +``` +Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity] + [-RAName ] [-RAEmail ] [-RACompany ] + [-RADepartment ] [-RACity ] [-RAState ] + [-RACountry ] [-SigningProviderName ] + [-SigningKeyLength ] [-EncryptionProviderName ] + [-EncryptionKeyLength ] [-CAConfig ] [-Force] + [-Credential ] [-WhatIf] [-Confirm] [] +``` + +### ServiceAccountParameterSet + +``` +Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName + -ServiceAccountPassword [-RAName ] + [-RAEmail ] [-RACompany ] [-RADepartment ] + [-RACity ] [-RAState ] [-RACountry ] + [-SigningProviderName ] [-SigningKeyLength ] + [-EncryptionProviderName ] [-EncryptionKeyLength ] + [-CAConfig ] [-Force] [-Credential ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsNetworkDeviceEnrollmentService` cmdlet performs the configuration of the Network +Device Enrollment Service (NDES) role service. + +To remove the NDES role service, use the `Uninstall-AdcsNetworkDeviceEnrollmentService` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Import-Module ServerManager` +- `Add-WindowsFeature Adcs-Device-Enrollment` + +Int is equivalent to Int32 in the [.NET Framework](https://msdn.microsoft.com/en-us/library/ya5y69ds.aspx). + +## EXAMPLES + +### Example 1: Display the default NDES settings + +```powershell +Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf +``` + +This command displays the default NDES settings that will be configured if it is installed. + +### Example 2: Display the default NDES settings using a service account name and password + +```powershell +$params = @{ + ServiceAccountName = "CONTOSO\svcNDES" + ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString) + WhatIf = $true +} +Install-AdcsNetworkDeviceEnrollmentService @params +``` + +This command displays the default settings when NDES is using a service account without making any +changes to the configuration. This command uses the service account named `CONTOSO\svcNDES` that +is a member of the local computer's `IIS_USRS` group. + +### Example 3: Install NDES using the application pool identity + +```powershell +$params = @{ + ApplicationPoolIdentity = $true + CAConfig = "\" +} +Install-AdcsNetworkDeviceEnrollmentService @params +``` + +This command installs NDES using the application pool identity to use a remote CA as specified by +the CA computer `\`. Substitute the appropriate CA computer name and +common name for `` and ``. + +### Example 4: Install NDES using a specific service account + +```powershell +$params = @{ + ServiceAccountName = "CONTOSO\svcNDES" + ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString) + CAConfig = "CAComputerName\CAName" + RAName = "Contoso-NDES-RA" + RACountry = "US" + RACompany = "Contoso" + SigningProviderName = "Microsoft Strong Cryptographic Provider" + SigningKeyLength = 4096 + EncryptionProviderName = "Microsoft Strong Cryptographic Provider" + EncryptionKeyLength = 4096 +} +Install-AdcsNetworkDeviceEnrollmentService @params +``` + +This command installs the NDES using a service account named `CONTOSO\svcNDES` that is a member of +the local computer's `IIS_USRS` group. The command also specifies several non-default parameters. + +## PARAMETERS + +### -ApplicationPoolIdentity + +Indicates the identity that the Network Device Enrollment Service (NDES) uses when communicating +with the certification authority (CA). This parameter is only valid when NDES is using +a remote CA. If the CA is local, the application pool identity account cannot be used. + +```yaml +Type: SwitchParameter +Parameter Sets: DefaultParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CAConfig + +Specifies the remote certification authority (CA) that the Network Device Enrollment Service uses. This +parameter is mandatory when used within the **ApplicationPoolIdentity** parameter. Do not use this +parameter when a local CA is installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a **PSCredential** object that this cmdlet uses to connect to the NDES role service. To +obtain a credential object, use the `Get-Credential` cmdlet. For more information, type +`Get-Help Get-Credential`. The NDES must be installed on a server that is a member of an Active +Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone CA, then an +account that is a member of the local Administrators on the CA is required. If NDES is installed to +use an Enterprise CA, then using an account that is a member of Domain Admins group is required. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EncryptionKeyLength + +Specifies the encryption key length. +This option is not valid if you use existing keys during installation. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EncryptionProviderName + +Specifies the name of the encryption provider, such as the name of cryptographic service provider +(CSP). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RACity + +Specifies the city of the registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RACompany + +Specifies the organization or company that the registration authority represents. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RACountry + +Specifies the country/region of the registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RADepartment + +Specifies the department of the registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RAEmail + +Specifies the email address of the registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RAName + +Specifies the name of the NDES registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RAState + +Specifies the state or province (geographical political boundary), if applicable, of the +registration authority. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAccountName + +Specifies the name of the account that is used by the Network Device Enrollment Service. + +```yaml +Type: String +Parameter Sets: ServiceAccountParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServiceAccountPassword + +Specifies the password of the service account that is used by the Network Device Enrollment Service. + +```yaml +Type: SecureString +Parameter Sets: ServiceAccountParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SigningKeyLength + +Specifies the signing key length. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SigningProviderName + +Specifies the name of the signing device. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter + +### System.String + +### System.Security.SecureString + +### System.Int32 + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.NDES.NetworkDeviceEnrollmentServiceResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to bypass + the prompt for confirmation. To see parameters, run the following command: + + `Install-AdcsNetworkDeviceEnrollmentService -?` + +## RELATED LINKS + +[Uninstall-AdcsNetworkDeviceEnrollmentService](./Uninstall-AdcsNetworkDeviceEnrollmentService.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsOnlineResponder.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsOnlineResponder.md new file mode 100644 index 0000000000..bd683c0de1 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsOnlineResponder.md @@ -0,0 +1,151 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcsonlineresponder?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsOnlineResponder +--- + +# Install-AdcsOnlineResponder + +## SYNOPSIS +Installs the Online Responder service. + +## SYNTAX + +``` +Install-AdcsOnlineResponder [-Force] [-Credential ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsOnlineResponder` cmdlet installs the Online Responder service, which provides +Online Certificate Status Protocol (OSCP) services. To remove the role service, use the +`Uninstall-AdcsOnlineResponder` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Import-Module ServerManager` +- `Add-WindowsFeature Adcs-Online-Cert` + +## EXAMPLES + +### Example 1: Install the Online Responder role service + +```powershell +Install-AdcsOnlineResponder +``` + +This command installs the Online Responder role service. + +### Example 2: Force the installation of the Online Responder role service + +```powershell +Install-AdcsOnlineResponder -Force +``` + +This command forces the installation of the Online Responder role service. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a **PSCredential** object for the Online Responder service. To obtain a credential object, +use the `Get-Credential` cmdlet. For more information, type `Get-Help Get-Credential`. You can +install the Online Responder role service only on servers that are members of Active Directory +Domain Services (AD DS) domains. If you are installing an online responder configured to use a +standalone certification authority (CA), then an account that is a member of the local +Administrators group of the target server is required. If you are installing an online responder to +target an Enterprise CA, then an account that is a member of the Domain Admins group is required. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.OCSP.OnlineResponderResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. To see parameters, run the following command: + + `Install-AdcsOnlineResponder -?` + +## RELATED LINKS + +[Uninstall-AdcsOnlineResponder](./Uninstall-AdcsOnlineResponder.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/adcsdeployment/Install-AdcsWebEnrollment.md b/docset/winserver2025-ps/adcsdeployment/Install-AdcsWebEnrollment.md new file mode 100644 index 0000000000..83ef088c09 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Install-AdcsWebEnrollment.md @@ -0,0 +1,172 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/install-adcswebenrollment?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdcsWebEnrollment +--- + +# Install-AdcsWebEnrollment + +## SYNOPSIS +Installs the Certification Authority Web Enrollment. + +## SYNTAX + +``` +Install-AdcsWebEnrollment [-CAConfig ] [-Force] + [-Credential ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-AdcsWebEnrollment` cmdlet performs initial installation and configuration of the +Certification Authority (CA) Web Enrollment role service. To remove the Web Enrollment role service +use the `Uninstall-AdcsWebEnrollment` cmdlet. + +You can import the cmdlet by running the following commands from Windows PowerShell: + +- `Import-Module ServerManager` +- `Add-WindowsFeature Adcs-Web-Enrollment` + +## EXAMPLES + +### Example 1: Install the Web Enrollment role service to a CA with confirmation + +```powershell +Install-AdcsWebEnrollment -CAConfig "\" +``` + +This command installs the Web Enrollment role service to a CA specified by +`\`. Replace the computer name of the CA for `` and +replace the CA common name for `` when running the command. + +### Example 1: Install the Web Enrollment role service to a CA without confirmation + +```powershell +Install-AdcsWebEnrollment -CAConfig "\" -Force +``` + +This command installs the Web Enrollment role service to a CA specified by +`\` without requiring user confirmation. Replace the computer name of +the CA for `` and replace the CA common name for `` when running the +command. + +## PARAMETERS + +### -CAConfig + +Specifies the CA config parameter string. +Do not specify this if there is a local CA installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies a **PSCredential** object for the CA Web Enrollment. To obtain a credential object, use the +`Get-Credential` cmdlet. For more information, type `Get-Help Get-Credential`. If the Web Enrollment +service is configured to use Standalone CA, then an account that is a member of the local +Administrators on the CA is required. If the Web Enrollment service is configured to use an +Enterprise CA, then an account that is a member of Domain Admins is required. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.PSCredential + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.WEP.WebEnrollmentResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. To see parameters, run the following command: + + `Install-AdcsWebEnrollment -?` + +## RELATED LINKS + +[Uninstall-AdcsWebEnrollment](./Uninstall-AdcsWebEnrollment.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsCertificationAuthority.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsCertificationAuthority.md new file mode 100644 index 0000000000..62a31230e5 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsCertificationAuthority.md @@ -0,0 +1,112 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcscertificationauthority?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsCertificationAuthority +--- + +# Uninstall-AdcsCertificationAuthority + +## SYNOPSIS +Uninstalls the CA role service and removes the configuration information. + +## SYNTAX + +``` +Uninstall-AdcsCertificationAuthority [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsCertificationAuthority` cmdlet removes the Active certificate authority (CA) role +and removes the configuration information. + +## EXAMPLES + +### Example 1: Uninstall the Active Directory CA role service + +```powershell +Uninstall-AdcsCertificationAuthority -Force +``` + +This command uninstalls the Active Directory Certification Authority role service and does not +prompt for user confirmation. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupResult + +## NOTES + +- To uninstall the CA role service, ensure you run Windows PowerShell as an administrator. You can + run the command with the **Force** parameter to bypass the prompt for confirmation. + +## RELATED LINKS + +[Install-AdcsCertificationAuthority](./Install-AdcsCertificationAuthority.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentPolicyWebService.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentPolicyWebService.md new file mode 100644 index 0000000000..451fe7c816 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentPolicyWebService.md @@ -0,0 +1,186 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcsenrollmentpolicywebservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsEnrollmentPolicyWebService +--- + +# Uninstall-AdcsEnrollmentPolicyWebService + +## SYNOPSIS +Uninstalls the Certificate Enrollment Policy Web service. + +## SYNTAX + +### UninstallSingleInstance (Default) + +``` +Uninstall-AdcsEnrollmentPolicyWebService -AuthenticationType + [-KeyBasedRenewal] [-Force] [-WhatIf] [-Confirm] [] +``` + +### UninstallAll + +``` +Uninstall-AdcsEnrollmentPolicyWebService [-AllPolicyServers] [-Force] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsEnrollmentPolicyWebService` cmdlet uninstalls the Certificate Enrollment Policy +(CEP) Web Service. + +## EXAMPLES + +### Example 1: Uninstall all configuration in the CEP Web Service + +```powershell +Uninstall-AdcsEnrollmentPolicyWebService -AllPolicyServers -Force +``` + +This command uninstalls all configurations in the CEP Web Service without prompting for +confirmation. + +### Example 2: Uninstall an instance of the CEP Web Service + +```powershell +Uninstall-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -KeyBasedRenewal -Force +``` + +This command uninstalls the instance of CEP Web Service that is utilizing certificate authentication +and is in key-based renewal mode without prompting for confirmation. + +## PARAMETERS + +### -AllPolicyServers + +Indicates that the cmdlet uninstall all instances of the CEP Web Service. + +```yaml +Type: SwitchParameter +Parameter Sets: UninstallAll +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationType + +Specifies the authentication type for the CEP Web Service instance to be uninstalled when multiple +instances are present. + +```yaml +Type: AuthenticationType +Parameter Sets: UninstallSingleInstance +Aliases: +Accepted values: Kerberos, UserName, Certificate + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyBasedRenewal + +Indicates that this cmdlet uninstalls the instance of the CEP Web Service running in key-based +renewal mode. This parameter is optional. It is used to distinguish which instance of the CEP Web +Service is to be uninstalled if there are multiple instances that use the same authentication type. +If this option is not specified, the instance of the CEP Web Service that is using the defined +AuthenticationType that is not enabled for KeyBasedRenewal mode is uninstalled. + +```yaml +Type: SwitchParameter +Parameter Sets: UninstallSingleInstance +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter + +### Microsoft.CertificateServices.Deployment.Common.AuthenticationType + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CEP.EnrollmentPolicyServiceResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. + +## RELATED LINKS + +[Install-AdcsEnrollmentPolicyWebService](./Install-AdcsEnrollmentPolicyWebService.md) + diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentWebService.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentWebService.md new file mode 100644 index 0000000000..6d5d58f3cc --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsEnrollmentWebService.md @@ -0,0 +1,190 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcsenrollmentwebservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsEnrollmentWebService +--- + +# Uninstall-AdcsEnrollmentWebService + +## SYNOPSIS +Uninstalls the Certificate Enrollment Web service or individual instances of it. + +## SYNTAX + +### UninstallSingleInstance (Default) + +``` +Uninstall-AdcsEnrollmentWebService -CAConfig -AuthenticationType + [-Force] [-WhatIf] [-Confirm] [] +``` + +### UninstallAll + +``` +Uninstall-AdcsEnrollmentWebService [-AllEnrollmentServices] [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsEnrollmentWebService` cmdlet uninstalls the Certificate Enrollment Web Service +either entirely removing all instances of it or partially by removing individual instances. + +## EXAMPLES + +### Example 1: Uninstall all Enrollment Web Service role services + +```powershell +Uninstall-AdcsEnrollmentWebService -AllEnrollmentServices -Force +``` + +This command uninstalls all the Enrollment Web Service role services without prompting for +confirmation. + +### Example 2: Uninstall an Enrollment Web Service role service using the specified CA + +```powershell +$params = @{ + CAConfig = "APP1.corp.contoso.com\corp-APP1-CA" + AuthenticationType = Certificate +} +Uninstall-AdcsEnrollmentWebService @params +``` + +This command uninstalls the Certificate Enrollment Web Service using the CA specified by the +configuration named `APP1.corp.contoso.com\corp-APP1-CA`. The CA configuration is the CA Computer +Name and CA common name separated by a backslash. The authentication type in use is Certificate. + +## PARAMETERS + +### -AllEnrollmentServices + +Indicates that this cmdlet removes all Certificate Enrollment Web Service instances. + +```yaml +Type: SwitchParameter +Parameter Sets: UninstallAll +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AuthenticationType + +Specifies the authentication type of the of enrollment services instance to be uninstalled. + +```yaml +Type: AuthenticationType +Parameter Sets: UninstallSingleInstance +Aliases: +Accepted values: Kerberos, UserName, Certificate + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CAConfig + +Specifies the configuration string of the certification authority (CA) for which this cmdlet +uninstalls enrollment services. This parameter is used to identify which instance of the Certificate +Enrollment Web Service is to be uninstalled when multiple are present. + +```yaml +Type: String +Parameter Sets: UninstallSingleInstance +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### Microsoft.CertificateServices.Deployment.Common.AuthenticationType + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.CES.EnrollmentServiceResult + +## NOTES + +- The application directories are removed from their respective instance folders in the file system. + The uninstall command does not remove the Secure Sockets Layer/Transport Layer Security (SSL/TLS) + or the secure hypertext transfer protocol (https) bindings. + +## RELATED LINKS + +[Install-AdcsEnrollmentWebService](./Install-AdcsEnrollmentWebService.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsNetworkDeviceEnrollmentService.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsNetworkDeviceEnrollmentService.md new file mode 100644 index 0000000000..7e0903ac6c --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsNetworkDeviceEnrollmentService.md @@ -0,0 +1,110 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcsnetworkdeviceenrollmentservice?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsNetworkDeviceEnrollmentService +--- + +# Uninstall-AdcsNetworkDeviceEnrollmentService + +## SYNOPSIS +Uninstalls the NDES role service. + +## SYNTAX + +``` +Uninstall-AdcsNetworkDeviceEnrollmentService [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsNetworkDeviceEnrollmentService` cmdlet uninstalls the Network Device Enrollment +Service (NDES) role service. + +## EXAMPLES + +### Example 1: Uninstall the NDES role service + +```powershell +Uninstall-AdcsNetworkDeviceEnrollmentService -Force +``` + +This command uninstalls the NDES role service and does not prompt for user input. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.NDES.NetworkDeviceEnrollmentServiceResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. + +## RELATED LINKS + +[Install-AdcsNetworkDeviceEnrollmentService](./Install-AdcsNetworkDeviceEnrollmentService.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsOnlineResponder.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsOnlineResponder.md new file mode 100644 index 0000000000..b85afbd32d --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsOnlineResponder.md @@ -0,0 +1,108 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcsonlineresponder?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsOnlineResponder +--- + +# Uninstall-AdcsOnlineResponder + +## SYNOPSIS +Uninstalls the Online Responder service. + +## SYNTAX + +``` +Uninstall-AdcsOnlineResponder [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsOnlineResponder` cmdlet uninstalls the Online Responder role service. + +## EXAMPLES + +### Example 1: Uninstall the Online Responder role service + +```powershell +Uninstall-AdcsOnlineResponder -Force +``` + +This command removes Online Responder role service without requiring confirmation. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.OCSP.OnlineResponderResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. + +## RELATED LINKS + +[Install-AdcsOnlineResponder](./Install-AdcsOnlineResponder.md) diff --git a/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsWebEnrollment.md b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsWebEnrollment.md new file mode 100644 index 0000000000..a08d3dafc7 --- /dev/null +++ b/docset/winserver2025-ps/adcsdeployment/Uninstall-AdcsWebEnrollment.md @@ -0,0 +1,110 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml +Module Name: ADCSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/adcsdeployment/uninstall-adcswebenrollment?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-AdcsWebEnrollment +--- + +# Uninstall-AdcsWebEnrollment + +## SYNOPSIS +Uninstalls the CA Web Enrollment role service. + +## SYNTAX + +``` +Uninstall-AdcsWebEnrollment [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Uninstall-AdcsWebEnrollment` cmdlet removes the Certification Authority (CA) Web Enrollment +role service. + +## EXAMPLES + +### Example 1: Uninstall the CA Web Enrollment role service + +```powershell +Uninstall-AdcsWebEnrollment -Force +``` + +This command uninstalls the CA Web Enrollment role service without requiring confirmation. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.CertificateServices.Deployment.Common.WEP.WebEnrollmentResult + +## NOTES + +- Ensure you run Windows PowerShell as an administrator. You can use the **Force** parameter to + bypass the prompt for confirmation. + +## RELATED LINKS + +[Install-AdcsWebEnrollment](./Install-AdcsWebEnrollment.md) diff --git a/docset/winserver2025-ps/addsdeployment/ADDSDeployment.md b/docset/winserver2025-ps/addsdeployment/ADDSDeployment.md new file mode 100644 index 0000000000..188d313afc --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/ADDSDeployment.md @@ -0,0 +1,58 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 4.0.3.1 +Locale: en-US +Module Guid: df736400-2e72-4a7b-8eda-d5b28421881f +Module Name: ADDSDeployment +ms.date: 12/27/2016 +title: ADDSDeployment +--- + +# ADDSDeployment Module + +## Description + +The following contains the names and a brief description of each ADDSDeployment cmdlet. + +## ADDSDeployment Cmdlets + +### [Add-ADDSReadOnlyDomainControllerAccount](./Add-ADDSReadOnlyDomainControllerAccount.md) + +Creates a RODC account that can be used to install an RODC in Active Directory. + +### [Install-ADDSDomain](./Install-ADDSDomain.md) + +Installs an Active Directory domain configuration. + +### [Install-ADDSDomainController](./Install-ADDSDomainController.md) + +Installs a domain controller in Active Directory. + +### [Install-ADDSForest](./Install-ADDSForest.md) + +Installs an Active Directory forest configuration. + +### [Test-ADDSDomainControllerInstallation](./Test-ADDSDomainControllerInstallation.md) + +Runs the prerequisites (only) for installing a domain controller in Active Directory. + +### [Test-ADDSDomainControllerUninstallation](./Test-ADDSDomainControllerUninstallation.md) + +Runs the prerequisites for uninstalling a domain controller in Active Directory. + +### [Test-ADDSDomainInstallation](./Test-ADDSDomainInstallation.md) + +Runs the prerequisites for installing a new Active Directory domain configuration. + +### [Test-ADDSForestInstallation](./Test-ADDSForestInstallation.md) + +Runs the prerequisites for installing a new forest in Active Directory. + +### [Test-ADDSReadOnlyDomainControllerAccountCreation](./Test-ADDSReadOnlyDomainControllerAccountCreation.md) + +Runs the prerequisites for adding a RODC account. + +### [Uninstall-ADDSDomainController](./Uninstall-ADDSDomainController.md) + +Uninstalls a domain controller in Active Directory. diff --git a/docset/winserver2025-ps/addsdeployment/Add-ADDSReadOnlyDomainControllerAccount.md b/docset/winserver2025-ps/addsdeployment/Add-ADDSReadOnlyDomainControllerAccount.md new file mode 100644 index 0000000000..ce2af2d347 --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Add-ADDSReadOnlyDomainControllerAccount.md @@ -0,0 +1,324 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/add-addsreadonlydomaincontrolleraccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-ADDSReadOnlyDomainControllerAccount +--- + +# Add-ADDSReadOnlyDomainControllerAccount + +## SYNOPSIS +Creates a RODC account that can be used to install an RODC in Active Directory. + +## SYNTAX + +``` +Add-ADDSReadOnlyDomainControllerAccount [-SkipPreChecks] + -DomainControllerAccountName -DomainName + -SiteName [-AllowPasswordReplicationAccountName ] + [-Credential ] [-DelegatedAdministratorAccountName ] + [-DenyPasswordReplicationAccountName ] [-NoGlobalCatalog] [-InstallDns] + [-ReplicationSourceDC ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Add-ADDSReadOnlyDomainControllerAccount` cmdlet creates a read-only domain controller (RODC) +account that can be used to install an RODC in Active Directory. + +## EXAMPLES + +### Example 1: Add a RODC account + +```powershell +$HashArguments = @{ + DomainControllerAccountName = "RODC1" + DomainName = "corp.contoso.com" + SiteName = "NorthAmerica" +} +Add-ADDSReadOnlyDomainControllerAccount @HashArguments +``` + +This command adds a RODC account to the `corp.contoso.com` domain using the North America site as the +source site for the replication source domain controller. + +## PARAMETERS + +### -AllowPasswordReplicationAccountName + +Specifies an array of user accounts, group accounts, and computer accounts whose passwords can be +replicated to this RODC. Use None if you want to keep the value empty. By default, only the Allowed +RODC Password Replication Group is allowed, and it is originally created empty. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Specify the `Get-Credential` cmdlet when using this parameter to prompt the user to +supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegatedAdministratorAccountName + +Specifies the name of the user or group that installs and administers the RODC. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyPasswordReplicationAccountName + +Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not +to be replicated to this RODC. Use None if you do not want to deny the replication of credentials of +any users or computers. By default, Administrators, Server Operators, Backup Operators, Account +Operators, and the Denied RODC Password Replication Group are denied. By default, the Denied RODC +Password Replication Group includes Cert Publishers, Domain Admins, Enterprise Admins, Enterprise +Domain Controllers, Enterprise Read-Only Domain Controllers, Group Policy Creator Owners, the krbtgt +account, and Schema Admins. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainControllerAccountName + +Specifies the name of the RODC account that this cmdlet creates. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the domain name for the user name for the operation. This parameter is required. It also +helps to specify the forest where you plan to install the domain controller or create an RODC +account. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that the cmdlet installs the DNS Server service. If no value is provided, the default +behavior is to automatically compute DNS configuration behavior based upon the existing environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Indicates that the cmdlet does not set the RODC as a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the name of the domain controller to be used as the source for replicating to this RODC. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipPreChecks + +Indicates that the cmdlet executes only a base set of validations. This behavior is equivalent to +the validations that were performed when using `Dcpromo.exe` in earlier versions of Windows Server +to add a domain controller. When this switch parameter is set, it specifies that additional +preliminary checks should be bypassed. For more information on the scope of these additional +preliminary checks that the **ADDSDeployment** module performs by default when using Windows Server +2012, refer to the table in the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +- Once you have added the RODC account, you can add an RODC to a server computer by using the + `Install-ADDSDomainController` cmdlet with the `-ReadOnlyReplica` switch parameter. +- You can also delegate the ability to attach the server to a non-administrative group or user. If + you are deploying RODCs in delegated administration scenarios where the machine accounts are + pre-provisioned, creating the RODC account is the first stage of the RODC installation process and + needs to be done by a member of the Domain Admins group. In these scenarios, once an administrator + uses this cmdlet to add the RODC account in Active Directory Domain Services (AD DS), the second + stage of the installation can occur. This involves attaching an actual server computer in a remote + location (such as a branch office) that will operate as the RODC for the specified account created + using this cmdlet. + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomainController](./Install-ADDSDomainController.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/addsdeployment/Install-ADDSDomain.md b/docset/winserver2025-ps/addsdeployment/Install-ADDSDomain.md new file mode 100644 index 0000000000..1d4c29e05f --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Install-ADDSDomain.md @@ -0,0 +1,589 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/install-addsdomain?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-ADDSDomain +--- + +# Install-ADDSDomain + +## SYNOPSIS + +Creates a new domain in an existing Active Directory forest. + +## SYNTAX + +``` +Install-ADDSDomain [-SkipPreChecks] -NewDomainName -ParentDomainName +[-SafeModeAdministratorPassword ] [-ADPrepCredential ] +[-AllowDomainReinstall] [-CreateDnsDelegation] [-Credential ] +[-DatabasePath ] [-DnsDelegationCredential ] [-NoDnsOnNetwork] +[-DomainMode ] [-DomainType ] [-NoGlobalCatalog] [-InstallDns] +[-LogPath ] [-NewDomainNetbiosName ] [-NoRebootOnCompletion] +[-ReplicationSourceDC ] [-SiteName ] [-SkipAutoConfigureDns] +[-SysvolPath ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-ADDSDomain` cmdlet installs an Active Directory domain configuration. + +## EXAMPLES + +### Example 1: Install a new child domain + +```powershell +$params = @{ + Credential = (Get-Credential CORP\EnterpriseAdmin1) + NewDomainName = "child" + ParentDomainName = "corp.contoso.com" + InstallDNS = $true + CreateDNSDelegation = $true + DomainMode = "Win2003" + ReplicationSourceDC = "DC1.corp.contoso.com" + SiteName = "Houston" + DatabasePath = "D:\NTDS" + SYSVOLPath = "D:\SYSVOL" + LogPath = "E:\Logs" + NoRebootOnCompletion = $true +} +Install-ADDSDomain @HashArguments +``` + +This command installs a new child domain named `child.corp.contoso.com` using credentials of +`CORP\EnterpriseAdmin1`. This command also installs a DNS server, creates a DNS delegation in the +`corp.contoso.com` domain, sets the domain functional level to Windows Server 2003, makes the +domain controller a global catalog server in a site named Houston, uses `DC1.corp.contoso.com` as +the replication source domain controller, installs the Active Directory database and SYSVOL on the +`D:\` drive. Additionally this command also installs the log files on the `E:\` drive, has the +server not automatically restart after the domain installation is complete and causes the user to +be prompted to provide and confirm the Directory Services Restore Mode (DSRM) password to complete +and commit the installation of the domain in Active Directory. + +## PARAMETERS + +### -ADPrepCredential + +Specifies the user name and password that corresponds to the account to be used for running +operations to prepare Active Directory prior to the installation of this domain. Use the +`Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowDomainReinstall + +Indicates that the cmdlet recreates an existing domain. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateDnsDelegation + +Indicates that the cmdlet creates a DNS delegation that references the new DNS server that you +install along with the domain controller. Valid for Active Directory-integrated DNS only. The +default is computed automatically based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that contains the domain database, for instance, `C:\Windows\NTDS`. The +default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password (account credentials) for creating the DNS delegation. This +parameter is skipped if the value for the **CreateDnsDelegation** parameter is either specified or +computed to be `$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainMode + +Specifies the domain functional level of the first domain in the creation of a new forest. Supported +values for this parameter can be either a valid integer or a corresponding enumerated string value. +For instance, to set the domain mode level to Windows Server 2008 R2, you can specify either a value +of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: 5 or Win2012 +- Windows Server 2012 R2: 6 or Win2012R2 +- Windows Server 2016: 7 or Windows2016Domain + +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The default is automatically computed and set. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.DomainMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainType + +Specifies the type of domain that this cmdlet creates. You can create a new domain tree in an +existing forest (supported values are `TreeDomain` or `tree`) or a child of an existing domain +(supported values are `ChildDomain` or `child`). The default is `ChildDomain`. + +```yaml +Type: DomainType +Parameter Sets: (All) +Aliases: +Accepted values: ChildDomain, TreeDomain + +Required: False +Position: Named +Default value: ChildDomain +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that the cmdlet installs and configures the DNS Server service for the domain or domain +tree. For domain installation, if this parameter is left unspecified and the parent domain (or in +the case of a domain tree, the forest root domain) already hosts and stores the DNS names for the +domain, then the default for this parameter is `$true` and the DNS server is installed. Otherwise, +if DNS domain names are hosted outside of Active Directory, the default is `$false` and no DNS +server is installed. + +To test if DNS domain names are hosted outside of Active Directory, this cmdlet uses a start of +authority (SOA) type DNS query. For instance, if the value of **NewDomainName** parameter is +`corp.contoso.com`, Active Directory performs an SOA query for `corp.contoso.com` and ensures that +the zone name in the response is `corp.contoso.com`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that contains the domain log files, for instance, `C:\Windows\Logs`. The default is +`%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewDomainName + +Specifies the new domain name that this cmdlet installs. If the value set for the **DomainType** +parameter is set to `TreeDomain`, this parameter can be used to specify the fully qualified domain +name (FQDN) for the new domain tree. If the value for the **DomainType** parameter is set to +`ChildDomain`, this parameter can be used to specify a single label domain name for the child +domain. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewDomainNetbiosName + +Specifies the NetBIOS name for the new domain. For NetBIOS names to be valid for use with this +parameter they must be single label names of 15 characters or less. + +If this parameter is set with a valid NetBIOS name value, then promotion continues with the name +specified. If this parameter is not set, then the default is automatically computed from the value +of the **NewDomainName** parameter. + +For instance, if this parameter is not specified and a single-label prefix domain name of 15 +characters or less is specified within the value of the **NewDomainName** parameter, then promotion +continues with an automatically generated NetBIOS domain name. For example, the prefix label `corp` +within a full domain name value of `corp.contoso.com` would be a successful name choice. + +Note that if the name value given for this parameter is a name of 16 characters or more, then the +domain installation will fail. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter (the default) indicates that the TCP/IP client settings of the network +adapter on this server computer is used to contact a DNS server. Therefore, if you do not specify +this parameter, ensure that TCP/IP client settings are first configured with a preferred DNS server +address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Specifies that the read-only domain controller (RODC) will not be a global catalog server. +By default, the domain controller that you are installing is a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not reboot the computer upon completion. By default, reboot upon +completion occurs when this cmdlet is used and this parameter is omitted. As a general rule, +Microsoft support recommends that you not use this parameter except for testing or troubleshooting +purposes because once configuration has completed the server will not function correctly as either a +member server or a DC until it is rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ParentDomainName + +Specifies the fully qualified domain name (FQDN) of an existing parent domain. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the fully qualified domain name (FQDN) of the domain controller to be used as the source +for replicating to this domain. The default value for this parameter is automatically computed from +the environment. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Specifies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If there are no other arguments +specified with the cmdlet, you are prompted to enter a masked password for this parameter but no +confirmation of the password entered is made. This is not recommended as it could allow a mistyped +password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. The default +value is the site that is associated with the subnet that includes the IP address of this server. If +no such site exists, the default is the site of the replication source domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that the cmdlet skips automatic configuration of DNS client settings, forwarders, and root +hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipPreChecks + +Indicates that the cmdlet performs only a base set of validations. This behavior is equivalent to +the validations that were performed when using `Dcpromo.exe` in earlier versions of Windows Server +to add a new domain. When this switch parameter is set, it specifies that additional preliminary +checks should be bypassed. For more information on the scope of these additional preliminary checks +that the **ADDSDeployment** module performs by default when using Windows Server 2012, refer to the +table in the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer, +for example, `C:\Windows\SYSVOL`. The default is `%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +- When a new domain tree is created in an existing forest, a two-way, transitive tree root trust is + established by default. + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomainController](./Install-ADDSDomainController.md) + +[Install-ADDSForest](./Install-ADDSForest.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Install-ADDSDomainController.md b/docset/winserver2025-ps/addsdeployment/Install-ADDSDomainController.md new file mode 100644 index 0000000000..be7aeb807a --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Install-ADDSDomainController.md @@ -0,0 +1,741 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/install-addsdomaincontroller?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-ADDSDomainController +--- + +# Install-ADDSDomainController + +## SYNOPSIS +Installs a new domain controller in an Active Directory domain. + +## SYNTAX + +### ADDSDomainController (Default) + +``` +Install-ADDSDomainController [-SkipPreChecks] -DomainName + [-SafeModeAdministratorPassword ] [-SiteName ] + [-ADPrepCredential ] [-AllowDomainControllerReinstall] + [-ApplicationPartitionsToReplicate ] [-CreateDnsDelegation] [-Credential ] + [-CriticalReplicationOnly] [-DatabasePath ] [-DnsDelegationCredential ] + [-NoDnsOnNetwork] [-NoGlobalCatalog] [-InstallationMediaPath ] [-InstallDns] + [-LogPath ] [-MoveInfrastructureOperationMasterRoleIfNecessary] [-NoRebootOnCompletion] + [-ReplicationSourceDC ] [-SkipAutoConfigureDns] [-SystemKey ] + [-SysvolPath ] [-Force] [-WhatIf] [-Confirm] [] +``` + +### ADDSDomainControllerReadOnly + +``` +Install-ADDSDomainController [-SkipPreChecks] -DomainName + [-SafeModeAdministratorPassword ] -SiteName + [-ADPrepCredential ] [-AllowDomainControllerReinstall] + [-AllowPasswordReplicationAccountName ] [-ApplicationPartitionsToReplicate ] + [-Credential ] [-CriticalReplicationOnly] [-DatabasePath ] + [-DelegatedAdministratorAccountName ] [-DenyPasswordReplicationAccountName ] + [-NoDnsOnNetwork] [-NoGlobalCatalog] [-InstallationMediaPath ] [-InstallDns] + [-LogPath ] [-MoveInfrastructureOperationMasterRoleIfNecessary] [-ReadOnlyReplica] + [-NoRebootOnCompletion] [-ReplicationSourceDC ] [-SkipAutoConfigureDns] + [-SystemKey ] [-SysvolPath ] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### ADDSDomainControllerUseExistingAccount + +``` +Install-ADDSDomainController [-SkipPreChecks] -DomainName + [-SafeModeAdministratorPassword ] [-ADPrepCredential ] + [-ApplicationPartitionsToReplicate ] [-Credential ] + [-CriticalReplicationOnly] [-DatabasePath ] [-NoDnsOnNetwork] + [-InstallationMediaPath ] [-LogPath ] [-NoRebootOnCompletion] + [-ReplicationSourceDC ] [-SkipAutoConfigureDns] [-SystemKey ] + [-SysvolPath ] [-UseExistingAccount] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-ADDSDomainController` cmdlet installs a domain controller in Active Directory. + +## EXAMPLES + +### Example 1: Install a domain controller and DNS server + +```powershell +Install-ADDSDomainController -InstallDns -DomainName "corp.contoso.com" +``` + +This command installs a domain controller and DNS server in the `corp.contoso.com` domain using +`CORP\Administrator` credentials and prompts the user to provide and confirm the Directory Services +Restore Mode (DSRM) password. + +### Example 2: Install a domain controller and DNS server using administrator credentials + +```powershell +$HashArguments = @{ + Credential = (Get-Credential "CORP\Administrator") + DomainName = "corp.contoso.com" + InstallDns = $true +} +Install-ADDSDomainController @HashArguments +``` + +This command installs a domain controller and DNS server in the `corp.contoso.com` domain using +Administrator credentials and prompts the user to provide and confirm the DSRM password. + +### Example 3: Install a domain controller and DNS server that uses domain promotion + +```powershell +$HashArguments = @{ + Credential = (Get-Credential) + DomainName = (Read-Host "Domain to promote into") + InstallDns = $true +} +Install-ADDSDomainController @HashArguments +``` + +Installs a domain controller and DNS server and prompts for credentials, the name of the domain to +use when installing and promoting the domain controller and to provide and confirm the DSRM +password. + +## PARAMETERS + +### -ADPrepCredential + +Specifies the user name and password that corresponds to the account to be used for running the +Adprep utility, if it is required, to prepare the directory prior to the installation of this domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowDomainControllerReinstall + +Indicates that the cmdlet continues to install this domain controller, despite the fact that another +domain controller account with the same name is detected. By default, the +`Install-ADDSDomainController` cmdlet does not continue the installation if another domain +controller with the same name is found. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowPasswordReplicationAccountName + +Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords +can be replicated to this RODC. Use an empty string (`""`) if you want to keep the value empty. By +default, only the `Allowed` read-only domain controller (RODC) Password Replication Group is +allowed. + +```yaml +Type: System.String[] +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ApplicationPartitionsToReplicate + +Specifies an array of application directory partitions that DCPromo will replicate. +Use the following format: "partition1" "partition2" "partitionN". +Use * to replicate all application directory partitions. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateDnsDelegation + +Indicates that the cmdlet creates a DNS delegation that references the new DNS server that this +cmdlet installs along with the domain controller. Valid for Active Directory-integrated DNS only. +If this parameter is specified then the DNS delegation is created. If the value of `$False` is +specified then no DNS delegation is created. By default, the value for this parameter is computed +automatically based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CriticalReplicationOnly + +Indicates that the cmdlet performs only critical replication before reboot and then continues during +the AD DS installation operation. This parameter skips the noncritical and potentially lengthy +portion of replication. The noncritical replication happens after the installation finishes and the +computer reboots. By default, the cmdlet performs both critical and noncritical portions of the +replication. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that will contain the domain database, for instance, `C:\Windows\NTDS`. +The default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegatedAdministratorAccountName + +Specifies the name of the user or group that is the delegated administrator of this domain +controller. + +```yaml +Type: System.String +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyPasswordReplicationAccountName + +Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not +to be replicated to this RODC. Use an empty string (`""`) if you do not want to deny the replication +of credentials of any users or computers. By default, Administrators, Server Operators, Backup +Operators, Account Operators, and the Denied RODC Password Replication Group are denied. By default, +the Denied RODC Password Replication Group includes Cert Publishers, Domain Admins, Enterprise +Admins, Enterprise Domain Controllers, Enterprise Read-Only Domain Controllers, Group Policy Creator +Owners, the krbtgt account, and Schema Admins. + +```yaml +Type: System.String[] +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password for creating DNS delegation. This parameter is skipped if the +value for the **CreateDnsDelegation** parameter is either specified or computed to be `$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the fully qualified domain name (FQDN) for the domain where the domain controller is +installed or added. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates the cmdlet installs and configures the DNS Server service on the domain controller. For +domain controller installation, if this parameter is left unspecified and the current domain +already hosts and stores the DNS names for the domain, then the default for this parameter is +`$true` and the DNS server is installed. Otherwise, if DNS domain names are hosted outside of +Active Directory, the default is `$false` and no DNS server is installed. + +To test if DNS domain names are hosted outside of Active Directory, this cmdlet uses a start of +authority (SOA) type DNS query. For instance, if the value of **DomainName** is `corp.contoso.com`, +Active Directory performs an SOA query for `corp.contoso.com` and ensures that the zone name in the +response is `corp.contoso.com`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallationMediaPath + +Indicates the location of the installation media that is used to install a new domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that will contain the domain log files, for example, `C:\Windows\Logs`. The default is +`%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MoveInfrastructureOperationMasterRoleIfNecessary + +Indicates that the cmdlet transfers the infrastructure master role to the domain controller being +installed. To successfully complete the transfer, the **NoGlobalCatalog** parameter must be +included as well. Do not specify this parameter if you want the infrastructure master role to +remain where it currently is. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter (the default) indicates that the TCP/IP client settings of the network +adapter on this server computer is used to contact a DNS server. Therefore, if you are not +specifying this parameter, ensure that TCP/IP client settings are first configured with a preferred +DNS server address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Indicates that the RODC will not be a global catalog server. +By default, the domain controller that you are installing is a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not restart the computer upon the completion of the operation to +install the domain controller. By default, if this parameter is omitted the computer will restart +upon the completion of the install operation. As a general rule, Microsoft support recommends that +you not use this parameter except for testing or troubleshooting purposes because once configuration +has completed the server will not function correctly as either a member server or a DC until it is +rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReadOnlyReplica + +Indicates that the cmdlet installs the domain controller as an RODC for an existing domain. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: FALSE +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the name of the domain controller to be used as the source for replicating to this domain +controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this +parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, +the value must be a secure string. + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you is prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. The default +value depends on the type of installation. For a new forest, the default is +`Default-First-Site-Name`. For all other installations, the default is the site that is associated +with the subnet that includes the IP address of this server. If no such site exists, the default is +the site of the replication source domain controller. + +```yaml +Type: System.String +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: System.String +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that the cmdlet skips automatic configuration of the DNS client settings, forwarders, and +root hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipPreChecks + +Indicates that the cmdlet performs only a base set of validations. This behavior is equivalent to +the validations that were performed when using `Dcpromo.exe` in earlier versions of Windows Server +to add a new domain controller. When this switch parameter is set, it specifies that additional +preliminary checks should be bypassed. For more information on the scope of these additional +preliminary checks that the **ADDSDeployment** module performs by default when using Windows Server +2016, refer to the table in the section "ADPrep and Prerequisite Checking Architecture" in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SystemKey + +Specifies the system key for the media from which you replicate the data. +The default is none. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that will contain the Sysvol data, for example, `C:\Windows\SYSVOL`. The default is +`%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseExistingAccount + +Indicates that the cmdlet attaches a server to an existing RODC account. +If specified, a member of the Domain Admins group or a delegated user can run this cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUseExistingAccount +Aliases: + +Required: False +Position: Named +Default value: FALSE +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, +`-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, +`-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.DirectoryServices.Deployment.Types.Result + +## NOTES + +- By default, this cmdlet always prompts for confirmation. To bypass confirmation, you need to + include the **Confirm** parameter and specify a value of `$false`. For example, + `-Confirm:$false`. +- By default, this cmdlet is always run when executed. To see what will happen if the cmdlet runs + without executing or committing installation changes, first run the cmdlet using the **WhatIf** + parameter to show what would happen. + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Add-ADDSReadOnlyDomainControllerAccount](./Add-ADDSReadOnlyDomainControllerAccount.md) + +[Install-ADDSDomain](./Install-ADDSDomain.md) + +[Install-ADDSForest](./Install-ADDSForest.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Install-ADDSForest.md b/docset/winserver2025-ps/addsdeployment/Install-ADDSForest.md new file mode 100644 index 0000000000..e70f392e3a --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Install-ADDSForest.md @@ -0,0 +1,471 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/install-addsforest?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-ADDSForest +--- + +# Install-ADDSForest + +## SYNOPSIS +Creates a new Active Directory forest. + +## SYNTAX + +``` +Install-ADDSForest [-SkipPreChecks] -DomainName + [-SafeModeAdministratorPassword ] [-CreateDnsDelegation] + [-DatabasePath ] [-DnsDelegationCredential ] [-NoDnsOnNetwork] + [-DomainMode ] [-DomainNetbiosName ] [-ForestMode ] + [-InstallDns] [-LogPath ] [-NoRebootOnCompletion] [-SkipAutoConfigureDns] + [-SysvolPath ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Install-ADDSForest` cmdlet installs an Active Directory forest configuration. + +## EXAMPLES + +### Example 1: Install a new forest + +```powershell +Install-ADDSForest -DomainName "corp.contoso.com" -InstallDNS +``` + +This command installs a new forest named `corp.contoso.com`, causes the user to be prompted to provide +and confirm the Directory Services Restore Mode (DSRM) password and specifies a DNS server should +also be installed during the forest installation process. + +### Example 2: Install a new forest and a DNS delegation + +```powershell +$HashArguments = @{ + CreateDNSDelegation = $true + DatabasePath = "d:\NTDS" + DomainMode = Win2008R2 + DomainName = "corp.contoso.com" + ForestMode = Win2008R2 + LogPath = "e:\Logs" + SysvolPath = "d:\SYSVOL" +} +Install-ADDSForest @HashArguments +``` + +This command installs a new forest named `corp.contoso.com`, creates a DNS delegation in the +`contoso.com` domain, sets domain functional level to Windows Server 2008 R2 and sets forest +functional level to Windows Server 2008, installs the Active Directory database and SYSVOL on the +`D:\` drive, installs the log files on the `E:\` drive and has the server automatically restart +after AD DS installation is complete and prompts the user to provide and confirm the DSRM password. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateDnsDelegation + +Indicates that this cmdlet creates a DNS delegation that references the new DNS server that you +install along with the domain controller. Valid for Active Directory-integrated DNS only. The +default is computed automatically based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that contains the domain database, for instance, `C:\Databases\NTDS`. The +default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password for creating DNS delegation. This parameter is skipped if the +value for the **CreateDnsDelegation** parameter is either specified or computed to be `$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainMode + +Specifies the domain functional level of the first domain in the creation of a new forest. +Supported values for this parameter can be either a valid integer or a corresponding enumerated +string value. For instance, to set the domain mode level to Windows Server 2008 R2, you can specify +either a value of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: 5 or Win2012 +- Windows Server 2012 R2: 6 or Win2012R2 +- Windows Server 2016: 7 or WinThreshold + +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The default is automatically computed and set. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.DomainMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the fully qualified domain name (FQDN) for the root domain in the forest. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainNetbiosName + +Specifies the NetBIOS name for the root domain in the new forest. For NetBIOS names to be valid for +use with this parameter they must be single label names of 15 characters or less. + +If this parameter is set with a valid NetBIOS name value, then forest installation continues with +the name specified. If this parameter is not set, then the default is automatically computed from +the value of the **DomainName** parameter. + +For example, if this parameter is not specified and a single-label prefix domain name of 15 +characters or less is specified within the value of the **DomainName** parameter, then promotion +continues with an automatically generated NetBIOS domain name. For example, the prefix label `corp` +within a full domain name value of `corp.contoso.com` would be a successful name choice. + +Note that if the name value given for this parameter is a name of 16 characters or more, then the +forest installation fails. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForestMode + +Specifies the forest functional level for the new forest. Supported values for this parameter can +be either a valid integer or a corresponding enumerated string value. For example, to set the +forest mode level to Windows Server 2008 R2, you can specify either a value of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: 5 or Win2012 +- Windows Server 2012 R2: `6` or `Win2012R2` +- Windows Server 2016: `7` or `WinThreshold` + +The default forest functional level in Windows Server is typically the same as the version you are +running. However, the default forest functional level in Windows Server 2008 R2 when you create a +new forest is Windows Server 2003 or `2`. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.ForestMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that this cmdlet installs and configures the DNS Server service for the new forest. +For forest installation, the default is `$true`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: True +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +where the log file for this operation is written. For instance, `C:\Logs`. The default log file path +if no other path is specified with this parameter is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter indicates that the TCP/IP client settings of the network adapter on this +server computer is used to contact a DNS server. Therefore, if you do not specify this parameter, +ensure that TCP/IP client settings are first configured with a preferred DNS server address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not reboot the computer upon completion of this command. Omitting +this parameter indicates the computer is rebooted upon completion of the command, regardless of +success or failure. As a general rule, Microsoft support recommends that you do not use this +parameter except for testing or troubleshooting purposes because once configuration has completed +the server will not function correctly as either a member server or a DC until it is rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you are prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that the cmdlet skips automatic configuration of DNS client settings, forwarders, and root +hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipPreChecks + +Indicates that the cmdlet performs only a base set of validations. This behavior is equivalent to +the validations that were performed when using `Dcpromo.exe` in earlier versions of Windows Server +to add a new forest. When this switch parameter is set, it specifies that additional preliminary +checks should be bypassed. For more information on the scope of these additional preliminary checks +that the **ADDSDeployment** module performs by default when using Windows Server 2012, refer to the +table in the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +where the Sysvol file is written. For example, `C:\Logs\SYSVOL`. The default path if no other path +is specified with this parameter is `%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +- By default, the DNS Server service is installed when you create a new forest. It is strongly + recommended that you install and use the Windows DNS Server to support the needs for DNS name + resolution in your Active Directory deployment. You do not need to specifically include the + `-InstallDNS` to install it. + +- If you are using Active Directory-integrated DNS, the IP address for the preferred DNS server for + the first domain controller in the forest is automatically set to the loopback address of + `127.0.0.1`. This helps assure that the IP address of the first domain controller is resolved in + DNS even if the address is changed. + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomain](./Install-ADDSDomain.md) + +[Test-ADDSForestInstallation](./Test-ADDSForestInstallation.md) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerInstallation.md b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerInstallation.md new file mode 100644 index 0000000000..ea6406ba1f --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerInstallation.md @@ -0,0 +1,691 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/test-addsdomaincontrollerinstallation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADDSDomainControllerInstallation +--- + +# Test-ADDSDomainControllerInstallation + +## SYNOPSIS +Runs the prerequisites (only) for installing a domain controller in Active Directory. + +## SYNTAX + +### ADDSDomainController (Default) + +``` +Test-ADDSDomainControllerInstallation -DomainName + [-SafeModeAdministratorPassword ] [-SiteName ] + [-ADPrepCredential ] [-AllowDomainControllerReinstall] + [-ApplicationPartitionsToReplicate ] [-CreateDnsDelegation] + [-Credential ] [-CriticalReplicationOnly] [-DatabasePath ] + [-DnsDelegationCredential ] [-NoDnsOnNetwork] [-NoGlobalCatalog] + [-InstallationMediaPath ] [-InstallDns] [-LogPath ] + [-MoveInfrastructureOperationMasterRoleIfNecessary] [-NoRebootOnCompletion] + [-ReplicationSourceDC ] [-SkipAutoConfigureDns] [-SystemKey ] + [-SysvolPath ] [-Force] [] +``` + +### ADDSDomainControllerReadOnly + +``` +Test-ADDSDomainControllerInstallation -DomainName + [-SafeModeAdministratorPassword ] -SiteName + [-ADPrepCredential ] [-AllowDomainControllerReinstall] + [-AllowPasswordReplicationAccountName ] + [-ApplicationPartitionsToReplicate ] [-Credential ] + [-CriticalReplicationOnly] [-DatabasePath ] + [-DelegatedAdministratorAccountName ] + [-DenyPasswordReplicationAccountName ] [-NoDnsOnNetwork] [-NoGlobalCatalog] + [-InstallationMediaPath ] [-InstallDns] [-LogPath ] + [-MoveInfrastructureOperationMasterRoleIfNecessary] [-ReadOnlyReplica] + [-NoRebootOnCompletion] [-ReplicationSourceDC ] [-SkipAutoConfigureDns] + [-SystemKey ] [-SysvolPath ] [-Force] [] +``` + +### ADDSDomainControllerUseExistingAccount + +``` +Test-ADDSDomainControllerInstallation -DomainName + [-SafeModeAdministratorPassword ] [-ADPrepCredential ] + [-ApplicationPartitionsToReplicate ] [-Credential ] + [-CriticalReplicationOnly] [-DatabasePath ] [-NoDnsOnNetwork] + [-InstallationMediaPath ] [-LogPath ] [-NoRebootOnCompletion] + [-ReplicationSourceDC ] [-SkipAutoConfigureDns] [-SystemKey ] + [-SysvolPath ] [-UseExistingAccount] [-Force] [] +``` + +## DESCRIPTION + +The `Test-ADDSDomainControllerInstallation` cmdlet runs those prerequisite checks (only) which would +be performed if you were to use the `Install-ADDSDomainController` cmdlet to install a domain +controller in Active Directory. It differs from using the **WhatIf** parameter with the +`Install-ADDSDomainController` cmdlet in that instead of summarizing the changes that would occur +during the installation process, this cmdlet actually tests whether those changes are possible given +the current environment. + +For more information on the scope of these prerequisite checks that the **ADDSDeployment** module +performs when using this cmdlet see the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +## EXAMPLES + +### Example 1: Test if the installation of domain controller is possible + +```powershell +$HashArguments = @{ + Credential = (Get-Credential CORP\Administrator) + DomainName = "corp.contoso.com" + InstallDns = $true +} +Test-ADDSDomainControllerInstallation @HashArguments +``` + +This command runs the prerequisites to determine if installing a domain controller is possible that +includes a DNS server for the `corp.contoso.com` domain using domain administrator credentials. The +command also prompts the user to enter and confirm the Directory Services Restore Mode (DSRM) +password. + +### Example 2: Test if the installation of domain controller and DNS server is possible + +```powershell +Test-ADDSDomainControllerInstallation -InstallDns -DomainName "corp.contoso.com" +``` + +This command runs the prerequisites to determine if installing a domain controller along with the +DNS server in the `corp.contoso.com` domain. The command also prompts the user to enter and confirm +the DSRM password. + +### Example 3: Test if installation of domain controller is possible using Administrator credentials + +```powershell +$HashArguments = @{ + Credential = (Get-Credential) + DomainName = (Read-Host "Domain to promote into") + InstallDns = $true +} +Test-ADDSDomainControllerInstallation @HashArguments +``` + +This command runs the prerequisites to determine if installing a domain controller along with a DNS +server and that will cause the user to be prompted for Administrator credentials as well as whether +the domain name is possible and if the user is prompted to enter and confirm the DSRM password. + +## PARAMETERS + +### -ADPrepCredential + +Specifies the user name and password that corresponds to the account to be used for running +operations (if they are required) to prepare Active Directory prior to the installation of this +domain. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowDomainControllerReinstall + +Indicates that the cmdlet continues to install this domain controller, despite the fact that another +domain controller account with the same name is detected. By default, the +`Install-ADDSDomainController` cmdlet does not continue to install if another domain controller with +the same name is found. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowPasswordReplicationAccountName + +Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords +can be replicated to this RODC. Use an empty string (`""`) if you want to keep the value empty. By +default, only the Allowed read-only domain controller (RODC) Password Replication Group is allowed. + +```yaml +Type: System.String[] +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ApplicationPartitionsToReplicate + +Specifies an array of application directory partitions that DCPromo replicates. Use the following +format: `"partition1" "partition2" "partitionN"`. Use `*` to replicate all application directory +partitions. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateDnsDelegation + +Indicates that the cmdlet creates a DNS delegation that references the new DNS server that you are +installing along with the domain controller. Valid for Active Directory-integrated DNS only. If this +parameter is specified then the DNS delegation is created. If the value of $False is specified then +no DNS delegation is created. By default, the value for this parameter is computed automatically +based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CriticalReplicationOnly + +Indicates that the cmdlet performs only critical replication before reboot and then continues during +the AD DS installation operation. This parameter will skip the noncritical and potentially lengthy +portion of replication. The noncritical replication happens after the installation finishes and the +computer reboots. By default, the cmdlet performs both critical and noncritical portions of the +replication. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that will contain the domain database, for instance, `C:\Windows\NTDS`. +The default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegatedAdministratorAccountName + +Specifies the name of the user or group that is the delegated administrator of this domain +controller. + +```yaml +Type: System.String +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyPasswordReplicationAccountName + +Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords +are not to be replicated to this RODC. Use an empty string (`""`) if you do not want to deny the +replication of credentials of any users or computers. By default, Administrators, Server Operators, +Backup Operators, Account Operators, and the Denied RODC Password Replication Group are denied. By +default, the Denied RODC Password Replication Group includes Cert Publishers, Domain Admins, +Enterprise Admins, Enterprise Domain Controllers, Enterprise Read-Only Domain Controllers, Group +Policy Creator Owners, the krbtgt account, and Schema Admins. + +```yaml +Type: System.String[] +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password for creating DNS delegation. The cmdlet will skip the parameter +if the value for the `-CreateDnsDelegation` parameter is either specified or computed to be +`$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the fully qualified domain name (FQDN) for the domain where the domain controller is +installed or added. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that the cmdlet installs and configures the DNS Server service on the domain controller. +For domain controller installation, if this parameter is left unspecified and the current domain +already hosts and stores the DNS names for the domain, then the default for this parameter is +`$true` and the DNS server is installed. Otherwise, if DNS domain names are hosted outside of +Active Directory, the default is `$false` and no DNS server is installed. + +To test if DNS domain names are hosted outside of Active Directory, this cmdlet uses a start of +authority (SOA) type DNS query. For example, if the value of the **DomainName** parameter is +`corp.contoso.com`, Active Directory performs an SOA query for `corp.contoso.com` and ensures that +the zone name in the response is `corp.contoso.com`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallationMediaPath + +Specifies the location of the installation media that is used to install a new domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that will contain the domain log files, for instance, `C:\Windows\Logs`. The default is +`%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MoveInfrastructureOperationMasterRoleIfNecessary + +Indicates that the cmdlet transfers the infrastructure master role to the domain controller that +you create in case the transfer is needed. You cannot use the **NoGlobalCatalog** parameter when +specifying this parameter. Do not specify this parameter if you want the infrastructure master role +to remain where it currently is. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter (the default) indicates that the TCP/IP client settings of the network +adapter on this server computer is used to contact a DNS server. Therefore, if you do not specify +this parameter, ensure that TCP/IP client settings are first configured with a preferred DNS server +address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Indicates that the read-only domain controller (RODC) is not a global catalog server. By default, +the domain controller that you are installing is a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainController, ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not restart the computer upon the completion of the operation to +install the domain controller. By default, if this parameter is omitted the computer restarts upon +the completion of the install operation. As a general rule, Microsoft support recommends that you +not use this parameter except for testing or troubleshooting purposes because once configuration has +completed the server will not function correctly as either a member server or a domain controller +until it is rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReadOnlyReplica + +Indicates that this cmdlet installs the domain controller as an RODC for an existing domain. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: False +Position: Named +Default value: FALSE +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the name of the domain controller to be used as the source for replicating to this domain +controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this +parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, +the value must be a secure string. + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you are prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. The default +value depends on the type of installation. For a new forest, the default is +`Default-First-Site-Name`. For all other installations, the default is the site that is associated +with the subnet that includes the IP address of this server. If no such site exists, the default is +the site of the replication source domain controller. + +```yaml +Type: System.String +Parameter Sets: ADDSDomainController +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: System.String +Parameter Sets: ADDSDomainControllerReadOnly +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that the cmdlet skips automatic configuration of DNS client settings, forwarders, and root +hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SystemKey + +Specifies the system key for the media from which you replicate the data. The default is none. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that will contain the Sysvol data, for example, `C:\Windows\SYSVOL`. The default is +`%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseExistingAccount + +Indicates that the cmdlet attaches a server to an existing RODC account. If specified, a member of +the Domain Admins group or a delegated user can run this cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUseExistingAccount +Aliases: + +Required: False +Position: Named +Default value: FALSE +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Understand and Troubleshoot AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomainController](./Install-ADDSDomainController.md) + +[Test-ADDSReadOnlyDomainControllerAccountCreation](./Test-ADDSReadOnlyDomainControllerAccountCreation.md) + +[Test-ADDSDomainInstallation](./Test-ADDSDomainInstallation.md) + +[Test-ADDSForestInstallation](./Test-ADDSForestInstallation.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerUninstallation.md b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerUninstallation.md new file mode 100644 index 0000000000..d46b7de48c --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainControllerUninstallation.md @@ -0,0 +1,335 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/test-addsdomaincontrolleruninstallation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADDSDomainControllerUninstallation +--- + +# Test-ADDSDomainControllerUninstallation + +## SYNOPSIS +Runs the prerequisites for uninstalling a domain controller in Active Directory. + +## SYNTAX + +### ADDSDomainControllerUninstall (Default) + +``` +Test-ADDSDomainControllerUninstallation [-LocalAdministratorPassword ] + [-Credential ] [-DemoteOperationMasterRole] + [-DnsDelegationRemovalCredential ] [-IgnoreLastDCInDomainMismatch] + [-IgnoreLastDnsServerForZone] [-LastDomainControllerInDomain] [-NoRebootOnCompletion] + [-RemoveApplicationPartitions] [-RemoveDnsDelegation] [-RetainDCMetadata] [-Force] + [] +``` + +### ADDSDomainControllerUninstallForceRemoval + +``` +Test-ADDSDomainControllerUninstallation [-LocalAdministratorPassword ] + [-Credential ] [-DemoteOperationMasterRole] [-ForceRemoval] + [-NoRebootOnCompletion] [-Force] [] +``` + +## DESCRIPTION + +The `Test-ADDSDomainControllerUninstallation` cmdlet runs those prerequisite checks which would be +performed if you were to use the `Uninstall-ADDSDomainController` cmdlet to uninstall a domain +controller in Active Directory. It differs from using the **WhatIf** parameter with the +`Uninstall-ADDSDomainController` cmdlet in that instead of summarizing the changes that would occur +during the uninstallation process, this cmdlet actually tests whether those changes are possible +given the current environment. + +For more information on the scope of these prerequisite checks that the **ADDSDeployment** module +performs when using this cmdlet see the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +## EXAMPLES + +### Example 1: Test if uninstalling a domain controller is possible + +```powershell +Test-ADDSDomainControllerUninstallation +``` + +This command runs the prerequisites to determine if the uninstall of an additional domain controller +in a domain is possible. The command also prompts the user to set and confirm the local +Administrator password prior to completing the uninstallation process. + +## PARAMETERS + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. To prompt the user to supply a password, use Runs the prerequisites (only) to determine +if installing a domain controller is possible that includes a DNS server for the `corp.contoso.com` +domain, using domain administrator credentials, and then prompts the user to correctly specify the +Directory Services Restore Mode (DSRM) password. Use the `Get-Credential` cmdlet in place of an +existing **PSCredential** type. This parameter will cause Windows PowerShell to prompt the user to +enter credentials using the Windows security login UI. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DemoteOperationMasterRole + +Indicates that forced demotion should continue even if an operations master role is discovered on +the domain controller from which AD DS is being removed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationRemovalCredential + +Specifies the account credentials to use when you create or remove the DNS delegation. If you do +not specify a value, the account credentials that you specify for the AD DS installation or removal +are used to remove the DNS delegation. As an alternative, you can specify the asterisk (`*`) to +prompt the user to enter credentials. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceRemoval + +Indicates that the cmdlet forces the removal of a domain controller. Use this parameter to force the +uninstall of AD DS if you need to remove the domain controller and do not have connectivity to other +domain controllers within the domain topology. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstallForceRemoval +Aliases: + +Required: True +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreLastDCInDomainMismatch + +Indicates that Windows PowerShell ignores any inconsistency that it detects with the value that you +specify for the **LastDomainControllerInDomain** parameter. For instance, if you specify +**LastDomainControllerInDomain** but Windows PowerShell detects that there is actually another +active domain controller in the domain, you can specify the **IgnoreLastDCInDomainMismatch** +parameter to have Windows PowerShell continue the removal of AD DS from the domain controller +despite the inconsistency that it has detected. Similarly, if you do not specify +**LastDomainControllerInDomain** but Windows PowerShell is unable to detect that another domain +controller is in the domain, you can specify **IgnoreLastDCInDomainMismatch** to have Windows +PowerShell continue to remove AD DS from the domain controller. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreLastDnsServerForZone + +Indicates that the cmdlet continues the removal of AD DS despite the fact that the domain controller +is the last DNS server for one or more of the Active Directory-integrated DNS zones that it hosts. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LastDomainControllerInDomain + +Indicates that the cmdlet removes AD DS from the last controller in the domain. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LocalAdministratorPassword + +Specifies a local administrator account password when AD DS is removed from a domain controller. In +earlier releases, where uninstall of AD DS was done using `Dcpromo.exe` for demotion, the default +was to allow an empty password for this setting. In Windows PowerShell, the ADDS Deployment module +requires that a non-empty password string value be assigned. If a value is not provided for this +parameter, you are prompted to enter a value for the password at the Windows PowerShell prompt. The +password value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you are prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not restart the computer upon completion, regardless of success. By +default, reboot upon completion occurs when this cmdlet is used and this parameter is omitted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveApplicationPartitions + +Indicates that the cmdlet removes application partitions during the removal of AD DS from a domain +controller. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveDnsDelegation + +Indicates that the cmdlet preserves DNS delegations that point to this DNS server from the parent +DNS zone. + +By default, this parameter is set to `$false`, which means DNS delegations that point to this +server from the parent DNS zone will not be retained after uninstallation of the domain controller. +This setting corresponds to the earlier `Dcpromo.exe` parameter default of +`/RemoveDNSDelegation:Yes`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetainDCMetadata + +Indicates that the domain controller should retain metadata for the domain after removal of AD DS. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Uninstall-ADDSDomainController](./Uninstall-ADDSDomainController.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainInstallation.md b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainInstallation.md new file mode 100644 index 0000000000..1a4f803629 --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Test-ADDSDomainInstallation.md @@ -0,0 +1,536 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/test-addsdomaininstallation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADDSDomainInstallation +--- + +# Test-ADDSDomainInstallation + +## SYNOPSIS +Runs the prerequisites for installing a new Active Directory domain configuration. + +## SYNTAX + +``` +Test-ADDSDomainInstallation -NewDomainName -ParentDomainName + [-SafeModeAdministratorPassword ] [-ADPrepCredential ] + [-AllowDomainReinstall] [-CreateDnsDelegation] [-Credential ] + [-DatabasePath ] [-DnsDelegationCredential ] [-NoDnsOnNetwork] + [-DomainMode ] [-DomainType ] [-NoGlobalCatalog] [-InstallDns] + [-LogPath ] [-NewDomainNetbiosName ] [-NoRebootOnCompletion] + [-ReplicationSourceDC ] [-SiteName ] [-SkipAutoConfigureDns] + [-SysvolPath ] [-Force] [] +``` + +## DESCRIPTION + +The `Test-ADDSDomainInstallation` cmdlet runs those prerequisite checks which would be performed if +you were to use the `Install-ADDSDomainController` cmdlet to install a new Active Directory domain +configuration. It differs from using the **WhatIf** parameter with the +`Install-ADDSDomainController` cmdlet in that instead of summarizing the changes that would occur +during the installation process, this cmdlet actually tests whether those changes are possible +given the current environment. + +For more information on the scope of these prerequisite checks that the **ADDSDeployment** module +performs when using this cmdlet see the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +## EXAMPLES + +### Example 1: Test if installing a child domain is possible + +```powershell +@HashArguments = { + CreateDNSDelegation = $true + Credential = (Get-Credential CORP\EnterpriseAdmin1) + DatabasePath = "D:\NTDS" + DomainMode = Win2003 + InstallDNS = $true + NewDomainName = "child" + NoRebootOnCompletion = $true + ParentDomainName = "corp.contoso.com" + ReplicationSourceDC = "DC1.corp.contoso.com" + LogPath = "E:\Logs" + SiteName = "Houston" + SYSVOLPath = "D:\SYSVOL" +} +Test-ADDSDomainInstallation @HashArguments +``` + +This command runs the prerequisites to determine if installing a new child domain named +`child.corp.contoso.com` using credentials of `CORP\EnterpriseAdmin1` is possible. This command +also installs a DNS server, creates a DNS delegation in the `corp.contoso.com` domain, sets the +domain functional level to Windows Server 2003, makes the domain controller a global catalog server +in a site named `Houston`, and uses `DC1.corp.contoso.com` as the replication source domain +controller. The command also installs the Active Directory database and SYSVOL on the `D:\` drive, +installs the log files on the `E:\` drive, has the server not automatically restart after the +domain installation is complete and prompts the user to provide and confirm the Directory Services +Restore Mode (DSRM) password to complete and commit the installation of the domain in Active +Directory. + +## PARAMETERS + +### -ADPrepCredential + +Specifies the user name and password that corresponds to the account to be used for running +operations, if required, to prepare Active Directory prior to the installation of this domain. Use +the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowDomainReinstall + +Indicates that the cmdlet recreates an existing domain is to be recreated. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateDnsDelegation + +Indicates whether to create a DNS delegation that references the new DNS server that you are +installing along with the domain controller. Valid for Active Directory-integrated DNS only. The +default is computed automatically based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that contains the domain database, for example, `C:\Windows\NTDS`. The +default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password for the user that creates the DNS delegation. This parameter +is skipped if the value for the **CreateDnsDelegation** parameter is either specified or computed +to be `$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainMode + +Specifies the domain functional level of the first domain in the creation of a new forest. +Supported values for this parameter can be either a valid integer or a corresponding enumerated +string value. For instance, to set the domain mode level to Windows Server 2008 R2, you can specify +either a value of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: 5 or Win2012 +- Windows Server 2012 R2: 6 or Win2012R2 + +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The default is automatically computed and set. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.DomainMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainType + +Specifies the type of domain that this cmdlet creates: a new domain tree in an existing forest +(supported values are `TreeDomain` or `tree`), a child of an existing domain (supported values are +`ChildDomain` or `child`). The default is `ChildDomain`. + +```yaml +Type: DomainType +Parameter Sets: (All) +Aliases: +Accepted values: ChildDomain, TreeDomain + +Required: False +Position: Named +Default value: ChildDomain +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that this cmdlet installs and configures the DNS Server service for the domain or domain +tree. For domain installation, if this parameter is left unspecified and the parent domain (or in +the case of a domain tree, the forest root domain) already hosts and stores the DNS names for the +domain, then the default for this parameter is `$true` and the DNS server is installed. Otherwise, +if DNS domain names are hosted outside of Active Directory, the default is `$false` and no DNS +server is installed. + +To test if DNS domain names are hosted outside of Active Directory, this cmdlet uses a start of +authority (SOA) type DNS. For instance, if the value of **NewDomainName** is `corp.contoso.com`, +Active Directory performs an SOA query for `corp.contoso.com` and ensures that the zone name in the +response is `corp.contoso.com`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +that will contain the domain log files, for example, `C:\Windows\Logs`. The default is +`%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewDomainName + +Specifies the new name of the domain. If the value set for **DomainType** is set to `TreeDomain`, +this parameter can be used to specify the fully qualified domain name (FQDN) for the new domain +tree (for example, `contoso.com`). If the value set for **DomainType** is set to `ChildDomain`, +this parameter can be used to specify a single label domain name for the child domain (for example, +specify corp to make a new domain `corp.contoso.com` if the new domain is in the `contoso.com` +domain tree). + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewDomainNetbiosName + +Specifies the NetBIOS name for the new domain. For NetBIOS names to be valid for use with this +parameter they must be single label names of 15 characters or less. + +If this parameter is set with a valid NetBIOS name value, then promotion continues with the name +specified. If this parameter is not set, then the default is automatically computed from the value +of the **NewDomainName** parameter. + +For instance, if this parameter is not specified and a single-label prefix domain name of 15 +characters or less is specified within the value of the **NewDomainName** parameter, then promotion +continues with an automatically generated NetBIOS domain name. For example, the prefix label corp +within a full domain name value of `corp.contoso.com` would be a successful name choice. If the +label is more than 16 characters, the operation will fail. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter, the default value, indicates that the TCP/IP client settings of the network +adapter on this server computer is used to contact a DNS server. Therefore, if you are not +specifying this parameter, ensure that TCP/IP client settings are first configured with a preferred +DNS server address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Indicates that the read-only domain controller (RODC) will not be a global catalog server. By +default, the domain controller that you are installing is a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet restarts the computer upon completion, regardless of success. By default, +reboot upon completion occurs when this cmdlet is used and this parameter is omitted. As a general +rule, Microsoft support recommends that you not use this parameter except for testing or +troubleshooting purposes because once configuration has completed the server will not function +correctly as either a member server or a DC until it is rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ParentDomainName + +Specifies the fully qualified domain name (FQDN) of an existing parent domain. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the fully qualified domain name (FQDN) of the domain controller to be used as the source +for replicating to this domain. The default value for this parameter is automatically computed from +the environment. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Supplies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you are prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. The default +value is the site that is associated with the subnet that includes the IP address of this server. If +no such site exists, the default is the site of the replication source domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that this cmdlet skips automatic configuration of DNS client settings, forwarders, and +root hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer, +for example, `C:\Windows\SYSVOL`. The default is `%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomain](./Install-ADDSDomain.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Test-ADDSForestInstallation.md b/docset/winserver2025-ps/addsdeployment/Test-ADDSForestInstallation.md new file mode 100644 index 0000000000..cc4c370675 --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Test-ADDSForestInstallation.md @@ -0,0 +1,421 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/test-addsforestinstallation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADDSForestInstallation +--- + +# Test-ADDSForestInstallation + +## SYNOPSIS +Runs the prerequisites for installing a new forest in Active Directory. + +## SYNTAX + +``` +Test-ADDSForestInstallation -DomainName + [-SafeModeAdministratorPassword ] [-CreateDnsDelegation] + [-DatabasePath ] [-DnsDelegationCredential ] [-NoDnsOnNetwork] + [-DomainMode ] [-DomainNetbiosName ] [-ForestMode ] + [-InstallDns] [-LogPath ] [-NoRebootOnCompletion] [-SkipAutoConfigureDns] + [-SysvolPath ] [-Force] [] +``` + +## DESCRIPTION + +The `Test-ADDSForestInstallation` cmdlet runs those prerequisite checks which would be performed if +you were to use the `Install-ADDSForest` cmdlet to install a new forest in Active Directory. It +differs from using the **WhatIf** parameter with the `Install-ADDSForest` cmdlet in that instead of +summarizing the changes that would occur during the installation process, this cmdlet actually +tests whether those changes are possible given the current environment. + +For more information on the scope of these prerequisite checks that the **ADDSDeployment** module +performs when using this cmdlet see the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +## EXAMPLES + +### Example 1: Test the install of a forest to confirm if it is possible + +```powershell +Test-ADDSForestInstallation -DomainName "corp.contoso.com" -NoRebootOnCompletion +``` + +This command runs the prerequisites for installing a new forest named `corp.contoso.com` and +specifies not to reboot after the new forest is created. The user is prompted to provide and +confirm the Directory Services Restore Mode (DSRM) password. + +### Example 2: Test the install of a forest to confirm if it is possible + +```powershell +$HashArguments = @{ + CreateDNSDelegation = $true + DatabasePath = "D:\NTDS" + DomainMode = Win2008 + DomainName = "corp.contoso.com" + ForestMode = Win2008R2 + LogPath = "E:\Logs" + SysvolPath = "D:\SYSVOL" +} +Test-ADDSForestInstallation @HashArguments +``` + +This command runs the prerequisites for installing a new forest that will create a DNS delegation +in the `contoso.com` domain, set the domain functional level to Windows Server 2008 R2 and sets +forest functional level to Windows Server 2008 R2. The command also installs the Active Directory +database and SYSVOL on the `D:` drive, installs the log files on the `E:` drive and has the server +automatically restart after AD DS installation. The user is prompted to provide and confirm the +DSRM password. + +## PARAMETERS + +### -CreateDnsDelegation + +Indicates that the cmdlet creates a DNS delegation that references the new DNS server that you +install along with the domain controller. Valid for Active Directory-integrated DNS only. The +default is computed automatically based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DatabasePath + +Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed +disk of the local computer that contains the domain database, for example, `C:\Windows\NTDS`. The +default is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationCredential + +Specifies the user name and password (account credentials) for creating DNS delegation. The cmdlet +will skip this parameter if the value for the **CreateDnsDelegation** parameter is either specified +or computed to be `$false`. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainMode + +Specifies the domain functional level of the first domain in the creation of a new forest. Supported +values for this parameter can be either a valid integer or a corresponding enumerated string value. +For instance, to set the domain mode level to Windows Server 2008 R2, you can specify either a value +of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: 5 or Win2012 +- Windows Server 2012 R2: 6 or Win2012R2 + +The domain functional level cannot be lower than the forest functional level, but it can be higher. +The default is automatically computed and set. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.DomainMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the fully qualified domain name (FQDN) for the root domain in the forest. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainNetbiosName + +Specifies the NetBIOS name for the root domain in the new forest. For NetBIOS names to be valid for +use with this parameter they must be single label names of 15 characters or less. + +If this parameter is set with a valid NetBIOS name value, then forest installation continues with +the name specified. If this parameter is not set, then the default is automatically computed from +the value of the **DomainName** parameter. + +For instance, if this parameter is not specified and a single-label prefix domain name of 15 +characters or less is specified within the value of the **DomainName** parameter, then promotion +continues with an automatically generated NetBIOS domain name. For example, the prefix label `corp` +within a full domain name value of `corp.contoso.com` would be a successful name choice. + +Note that if the name value given for this parameter is a name of 16 characters or more, then the +forest installation fails. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForestMode + +Specifies the forest functional level for the new forest. Supported values for this parameter can be +either a valid integer or a corresponding enumerated string value. For example, to set the forest +mode level to Windows Server 2008 R2, you can specify either a value of `4` or `Win2008R2`. + +The acceptable values for this parameter are: + +- Windows Server 2003: 2 or Win2003 +- Windows Server 2008: 3 or Win2008 +- Windows Server 2008 R2: 4 or Win2008R2 +- Windows Server 2012: `5` or `Win2012` +- Windows Server 2012 R2: `6` or `Win2012R2` + +The default forest functional level in Windows Server is typically the same as the version you are +running. However, the default forest functional level in Windows Server 2008 R2 when you create a +new forest is Windows Server 2003 or `2`. + +```yaml +Type: System.DirectoryServices.ActiveDirectory.ForestMode +Parameter Sets: (All) +Aliases: +Accepted values: Win2008, Win2008R2, Win2012, Win2012R2, WinThreshold, Default + +Required: False +Position: Named +Default value: Windows2008R2 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that the cmdlet installs and configures the DNS Server service for the new forest. For +forest installation, the default is `$true`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +where the log file for this operation is written. For instance, `C:\Logs`. The default log file path +if no other path is specified with this parameter is `%SYSTEMROOT%\NTDS`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDnsOnNetwork + +Indicates that the DNS service is not available on the network. This parameter is used only when the +IP setting of the network adapter for this computer is not configured with the name of a DNS server +for name resolution. It indicates that a DNS server is installed on this computer for name +resolution. Otherwise, the IP settings of the network adapter must first be configured with the +address of a DNS server. + +Omitting this parameter indicates that the TCP/IP client settings of the network adapter on this +server computer is used to contact a DNS server. Therefore, if you are not specifying this +parameter, ensure that TCP/IP client settings are first configured with a preferred DNS server +address. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet does not reboot the computer upon completion of the command. + +Omitting this parameter indicates the computer is rebooted upon completion of the command, +regardless of success or failure. As a general rule, Microsoft support recommends that you not use +this parameter except for testing or troubleshooting purposes because once configuration has +completed the server will not function correctly as either a member server or a DC until it is +rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SafeModeAdministratorPassword + +Specifies the password for the administrator account when the computer is started in Safe Mode or a +variant of Safe Mode, such as Directory Services Restore Mode. You must supply a password that meets +the password complexity rules of the domain and the password cannot be blank. If specified with a +value, the value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If there are no other arguments +specified with the cmdlet, you are prompted to enter a masked password for this parameter but no +confirmation of the password entered is made. This is not recommended as it could allow a mistyped +password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipAutoConfigureDns + +Indicates that the cmdlet skips automatic configuration of DNS client settings, forwarders, and root +hints. This parameter is in effect only if the DNS Server service is already installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SysvolPath + +Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer +where the Sysvol file is written. For example, `C:\Logs\SYSVOL`. The default path if no other path +is specified with this parameter is `%SYSTEMROOT%\SYSVOL`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSForest](./Install-ADDSForest.md) + +[Test-ADDSDomainInstallation](./Test-ADDSDomainInstallation.md) + +[Test-ADDSDomainControllerInstallation](./Test-ADDSDomainControllerInstallation.md) + +[Install-ADDSDomainController](./Install-ADDSDomainController.md) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/addsdeployment/Test-ADDSReadOnlyDomainControllerAccountCreation.md b/docset/winserver2025-ps/addsdeployment/Test-ADDSReadOnlyDomainControllerAccountCreation.md new file mode 100644 index 0000000000..2d2d69f478 --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Test-ADDSReadOnlyDomainControllerAccountCreation.md @@ -0,0 +1,262 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/test-addsreadonlydomaincontrolleraccountcreation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-ADDSReadOnlyDomainControllerAccountCreation +--- + +# Test-ADDSReadOnlyDomainControllerAccountCreation + +## SYNOPSIS +Runs the prerequisites for adding a RODC account. + +## SYNTAX + +``` +Test-ADDSReadOnlyDomainControllerAccountCreation -DomainControllerAccountName + -DomainName -SiteName [-AllowPasswordReplicationAccountName ] + [-Credential ] [-DelegatedAdministratorAccountName ] + [-DenyPasswordReplicationAccountName ] [-NoGlobalCatalog] [-InstallDns] + [-ReplicationSourceDC ] [-Force] [] +``` + +## DESCRIPTION + +The `Test-ADDSReadOnlyDomainControllerAccountCreation` cmdlet runs the prerequisite checks which +would be performed if you were to add a read-only domain controller (RODC) account in Active +Directory using the `Add-ADDSReadOnlyDomainControllerAccount` cmdlet. It differs from using the +**WhatIf** parameter with the `Add-ADDSReadOnlyDomainControllerAccount` cmdlet in that instead of +summarizing the changes that would occur during the account creation process, this cmdlet actually +tests whether those changes are possible given the current environment. + +## EXAMPLES + +### Example 1: Test adding an RODC account to confirm it is possible + +```powershell +$HashArguments = @{ + DomainControllerAccountName = RODC1 + DomainName = "corp.contoso.com" + SiteName = "NorthAmerica" +} +Test-ADDSReadOnlyDomainControllerAccountCreation @HashArguments +``` + +This command runs the prerequisites for adding an RODC account to the `corp.contoso.com` domain that +would use the North America site as the source site for the replication source domain controller. + +## PARAMETERS + +### -AllowPasswordReplicationAccountName + +Specifies the names of user accounts, group accounts, and computer accounts whose passwords can be +replicated to this RODC. Use `None` if you want to keep the value empty. By default, only the +Allowed RODC Password Replication Group is allowed, and it is originally created empty. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegatedAdministratorAccountName + +Specifies the name of the user or group that installs and administer the RODC. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DenyPasswordReplicationAccountName + +Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not +to be replicated to this RODC. Use `None` if you do not want to deny the replication of credentials +of any users or computers. By default, Administrators, Server Operators, Backup Operators, Account +Operators, and the Denied RODC Password Replication Group are denied. By default, the Denied RODC +Password Replication Group includes Cert Publishers, Domain Admins, Enterprise Admins, Enterprise +Domain Controllers, Enterprise Read-Only Domain Controllers, Group Policy Creator Owners, the +krbtgt account, and Schema Admins. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainControllerAccountName + +Specifies the name of the RODC account that this cmdlet creates. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName + +Specifies the domain name for the user name for the operation. This parameter is required. You +should specify the forest where you plan to install the domain controller or create an RODC account. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallDns + +Indicates that the cmdlet installs the DNS Server service. The default is automatically computed +based on the environment. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoGlobalCatalog + +Indicates that the RODC is not a global catalog server. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplicationSourceDC + +Specifies the name of the fully writable domain controller to use in the creation of the RODC +account in Active Directory. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SiteName + +Specifies the name of an existing site where you can place the new domain controller. The default +value depends on the type of installation. For a new forest, the default is +`Default-First-Site-Name`. For all other installations, the default is the site that is associated +with the subnet that includes the IP address of this server. If no such site exists, the default is +the site of the replication source domain controller. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-ADDSReadOnlyDomainControllerAccount](./Add-ADDSReadOnlyDomainControllerAccount.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) diff --git a/docset/winserver2025-ps/addsdeployment/Uninstall-ADDSDomainController.md b/docset/winserver2025-ps/addsdeployment/Uninstall-ADDSDomainController.md new file mode 100644 index 0000000000..5bb27b36e9 --- /dev/null +++ b/docset/winserver2025-ps/addsdeployment/Uninstall-ADDSDomainController.md @@ -0,0 +1,380 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.DirectoryServices.Deployment.dll-Help.xml +Module Name: ADDSDeployment +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/addsdeployment/uninstall-addsdomaincontroller?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-ADDSDomainController +--- + +# Uninstall-ADDSDomainController + +## SYNOPSIS +Uninstalls a domain controller in Active Directory. + +## SYNTAX + +### ADDSDomainControllerUninstall (Default) + +``` +Uninstall-ADDSDomainController [-SkipPreChecks] + [-LocalAdministratorPassword ] [-Credential ] + [-DemoteOperationMasterRole] [-DnsDelegationRemovalCredential ] + [-IgnoreLastDCInDomainMismatch] [-IgnoreLastDnsServerForZone] + [-LastDomainControllerInDomain] [-NoRebootOnCompletion] [-RemoveApplicationPartitions] + [-RemoveDnsDelegation] [-RetainDCMetadata] [-Force] [-WhatIf] [-Confirm] + [] +``` + +### ADDSDomainControllerUninstallForceRemoval + +``` +Uninstall-ADDSDomainController [-SkipPreChecks] + [-LocalAdministratorPassword ] + [-Credential ] [-DemoteOperationMasterRole] [-ForceRemoval] + [-NoRebootOnCompletion] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Uninstall-ADDSDomainController` cmdlet uninstalls a domain controller in Active Directory. + +## EXAMPLES + +### Example 1: Remove AD DS from a domain controller + +```powershell +Uninstall-ADDSDomainController +``` + +This command removes AD DS from an additional domain controller in a domain. The user is prompted to +set and confirm the local Administrator password prior to completing the removal process. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential + +Specifies the user name and password that corresponds to the account used to install the domain +controller. Use the `Get-Credential` cmdlet to prompt the user to supply a password in place of an +existing **System.Management.Automation.PSCredential** type. This causes Windows PowerShell to +prompt the user to enter credentials using the Windows security login UI. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DemoteOperationMasterRole + +Indicates that forced demotion should continue even if an operations master role is discovered on +the domain controller from which AD DS is being removed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DnsDelegationRemovalCredential + +Specifies the account credentials to use when you create or remove the DNS delegation. If you do +not specify a value, the account credentials that you specify for the AD DS installation or removal +are used to remove the DNS delegation. As an alternative, you can specify the asterisk (`*`) to +prompt the user to enter credentials. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force + +Forces the command to run without asking for user confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceRemoval + +Indicates that the cmdlet forces the removal of a domain controller. Use this parameter to force the +uninstall of AD DS if you need to remove the domain controller and do not have connectivity to other +domain controllers within the domain topology. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstallForceRemoval +Aliases: + +Required: True +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreLastDCInDomainMismatch + +Indicates that Windows PowerShell ignores any inconsistency that it detects with the value that you +specify for the **LastDomainControllerInDomain** parameter. For instance, if you specify +**LastDomainControllerInDomain** but Windows PowerShell detects that there is actually another +active domain controller in the domain, you can specify the **IgnoreLastDCInDomainMismatch** +parameter to have Windows PowerShell continue the removal of AD DS from the domain controller +despite the inconsistency that it has detected. Similarly, if you do not specify +**LastDomainControllerInDomain** but Windows PowerShell cannot detect that another domain +controller is in the domain, you can specify **IgnoreLastDCInDomainMismatch** to have Windows +PowerShell continue to remove AD DS from the domain controller. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreLastDnsServerForZone + +Indicates that the cmdlet continues the removal of AD DS despite the fact that the domain controller +is the last DNS server for one or more of the Active Directory-integrated DNS zones that it hosts. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LastDomainControllerInDomain + +Indicates that the computer from which AD DS is being removed is the last domain controller in the +domain. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LocalAdministratorPassword + +Specifies a local administrator account password when AD DS is removed from a domain controller. In +earlier releases, where uninstall of AD DS was done using `Dcpromo.exe` for demotion, the default +was to allow an empty password for this setting. In Windows PowerShell, the ADDS Deployment module +requires that a non-empty password string value be assigned. If a value is not provided for this +parameter, you are prompted to enter a value for the password at the Windows PowerShell prompt. The +password value must be a secure string. + +If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. +This is the preferred usage when running the cmdlet interactively. If additionally there are no +other arguments specified with the cmdlet, you are prompted to enter a masked password for this +parameter but no confirmation of the password entered is made. This is not recommended as it could +allow a mistyped password to be configured. Another available advanced option is to use the +`ConvertTo-SecureString` cmdlet and specify the password string inline as unmasked console input, +which is also not a recommended security best practice in production deployments. + +```yaml +Type: System.Security.SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoRebootOnCompletion + +Indicates that the cmdlet restarts the computer upon completion, regardless of success. By default, +reboot upon completion occurs when this cmdlet is used and this parameter is omitted. As a general +rule, Microsoft support recommends that you not use this parameter except for testing or +troubleshooting purposes because once configuration has completed the server will not function +correctly as either a member server or a DC until it is rebooted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveApplicationPartitions + +Indicates that this cmdlet removes application partitions during the removal of AD DS from a domain +controller. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: NULL +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveDnsDelegation + +Specifies whether to preserve DNS delegation that point to this DNS server from the parent DNS Zone. +If you use this parameter, DNS delegations that point to this server from the parent DNS zone will +not be retained after uninstallation of the domain controller. This setting corresponds to the +earlier `Dcpromo.exe` parameter default of `/RemoveDNSDelegation:Yes`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetainDCMetadata + +Indicates that metadata from the domain controller should be preserved after uninstallation is +completed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: ADDSDomainControllerUninstall +Aliases: + +Required: False +Position: Named +Default value: FALSE +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipPreChecks + +Indicates that only a base set of validations is performed. This behavior is equivalent to the +validations that were performed when using `Dcpromo.exe` in earlier versions of Windows Server to +add a new domain controller. When this switch parameter is set, it specifies that additional +preliminary checks should be bypassed. For more information on the scope of these additional +preliminary checks that the **ADDSDeployment** module performs by default when using Windows Server +2012, refer to the table in the section ADPrep and Prerequisite Checking Architecture in +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[AD DS Simplified Administration](https://go.microsoft.com/fwlink/?LinkID=237244) + +[Install-ADDSDomainController](./Install-ADDSDomainController.md) + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[ConvertTo-SecureString](https://go.microsoft.com/fwlink/p/?LinkId=113291) diff --git a/docset/winserver2025-ps/adfs/ADFS.md b/docset/winserver2025-ps/adfs/ADFS.md new file mode 100644 index 0000000000..5f4e8469f9 --- /dev/null +++ b/docset/winserver2025-ps/adfs/ADFS.md @@ -0,0 +1,527 @@ +--- +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 5c958595-c68c-4c00-a468-9763de83bbee +Module Name: ADFS +--- + +# ADFS Module +## Description +This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer Active Directory Federation Services (AD FS) in Windows Server. + +## ADFS Cmdlets +### [Add-AdfsAttributeStore](Add-AdfsAttributeStore.md) +Adds an attribute store to the Federation Service. + +### [Add-AdfsCertificate](Add-AdfsCertificate.md) +Adds a new certificate to AD FS for signing, decrypting, or securing communications. + +### [Add-AdfsClaimDescription](Add-AdfsClaimDescription.md) +Adds a claim description to the Federation Service. + +### [Add-AdfsClaimsProviderTrust](Add-AdfsClaimsProviderTrust.md) +Adds a new claims provider trust to the Federation Service. + +### [Add-AdfsClaimsProviderTrustsGroup](Add-AdfsClaimsProviderTrustsGroup.md) +Creates a claims provider trust group based on metadata that contains multiple entities. + +### [Add-AdfsClient](Add-AdfsClient.md) +Registers an OAuth 2.0 client with AD FS. + +### [Add-AdfsDeviceRegistrationUpnSuffix](Add-AdfsDeviceRegistrationUpnSuffix.md) +Adds a custom UPN suffix. + +### [Add-AdfsFarmNode](Add-AdfsFarmNode.md) +Adds this computer to an existing federation server farm. + +### [Add-AdfsLocalClaimsProviderTrust](Add-AdfsLocalClaimsProviderTrust.md) +Creates a local claims provider trust. + +### [Add-AdfsNativeClientApplication](Add-AdfsNativeClientApplication.md) +Adds a native client application role to an application in AD FS. + +### [Add-AdfsNonClaimsAwareRelyingPartyTrust](Add-AdfsNonClaimsAwareRelyingPartyTrust.md) +Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service. + +### [Add-AdfsRelyingPartyTrust](Add-AdfsRelyingPartyTrust.md) +Adds a new relying party trust to the Federation Service. + +### [Add-AdfsRelyingPartyTrustsGroup](Add-AdfsRelyingPartyTrustsGroup.md) +Creates a relying party trusts group. + +### [Add-AdfsScopeDescription](Add-AdfsScopeDescription.md) +Adds a scope description in AD FS. + +### [Add-AdfsServerApplication](Add-AdfsServerApplication.md) +Adds a server application role to an application in AD FS. + +### [Add-AdfsTrustedFederationPartner](Add-AdfsTrustedFederationPartner.md) +Adds configuration settings for trusted federation partners in AD FS. + +### [Add-AdfsWebApiApplication](Add-AdfsWebApiApplication.md) +Adds a Web API application role to an application in AD FS. + +### [Add-AdfsWebApplicationProxyRelyingPartyTrust](Add-AdfsWebApplicationProxyRelyingPartyTrust.md) +Adds a relying party trust for the Web Application Proxy. + +### [Disable-AdfsApplicationGroup](Disable-AdfsApplicationGroup.md) +Disables an application group. + +### [Disable-AdfsCertificateAuthority](Disable-AdfsCertificateAuthority.md) +Disables a certificate authority. + +### [Disable-AdfsClaimsProviderTrust](Disable-AdfsClaimsProviderTrust.md) +Disables a claims provider trust in the Federation Service. + +### [Disable-AdfsClient](Disable-AdfsClient.md) +Disables an OAuth 2.0 client that is currently registered with AD FS. + +### [Disable-AdfsDeviceRegistration](Disable-AdfsDeviceRegistration.md) +Marks the Device Registration Service as disabled on an AD FS server. + +### [Disable-AdfsEndpoint](Disable-AdfsEndpoint.md) +Disables an endpoint of AD FS. + +### [Disable-AdfsLocalClaimsProviderTrust](Disable-AdfsLocalClaimsProviderTrust.md) +Disables a local claims provider trust. + +### [Disable-AdfsNonClaimsAwareRelyingPartyTrust](Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) +Disables a relying party trust for a non-claims-aware web application or service from the Federation Service. + +### [Disable-AdfsRelyingPartyTrust](Disable-AdfsRelyingPartyTrust.md) +Disables a relying party trust of the Federation Service. + +### [Disable-AdfsWebApplicationProxyRelyingPartyTrust](Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) +Disables the relying party trust for the Web Application Proxy. + +### [Enable-AdfsApplicationGroup](Enable-AdfsApplicationGroup.md) +Enables an application group in AD FS. + +### [Enable-AdfsClaimsProviderTrust](Enable-AdfsClaimsProviderTrust.md) +Enables a claims provider trust in the Federation Service. + +### [Enable-AdfsClient](Enable-AdfsClient.md) +Enables the use of an OAuth 2.0 client registration by AD FS. + +### [Enable-AdfsDeviceRegistration](Enable-AdfsDeviceRegistration.md) +This cmdlet has been deprecated. + +### [Enable-AdfsEndpoint](Enable-AdfsEndpoint.md) +Enables an endpoint in AD FS. + +### [Enable-AdfsLocalClaimsProviderTrust](Enable-AdfsLocalClaimsProviderTrust.md) +Enables a local claims provider trust. + +### [Enable-AdfsNonClaimsAwareRelyingPartyTrust](Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) +Enables a relying party trust for a non-claims-aware web application or service from the Federation Service. + +### [Enable-AdfsRelyingPartyTrust](Enable-AdfsRelyingPartyTrust.md) +Enables a relying party trust of the Federation Service. + +### [Enable-AdfsWebApplicationProxyRelyingPartyTrust](Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) +Enables the relying party trust object for the Web Application Proxy. + +### [Export-AdfsAuthenticationProviderConfigurationData](Export-AdfsAuthenticationProviderConfigurationData.md) +Returns a file containing the tenant ID for which the AD FS farm is configured for Azure MFA, as well as the well-known client ID for Azure MFA. + +### [Export-AdfsDeploymentSQLScript](Export-AdfsDeploymentSQLScript.md) +Generates SQL scripts to create the AD FS database and to grant permissions. + +### [Export-AdfsWebContent](Export-AdfsWebContent.md) +Exports properties of all web content objects in a specific locale to a specified file. + +### [Export-AdfsWebTheme](Export-AdfsWebTheme.md) +Exports a web theme to a folder. + +### [Get-AdfsAccessControlPolicy](Get-AdfsAccessControlPolicy.md) +Gets an AD FS access control policy. + +### [Get-AdfsAdditionalAuthenticationRule](Get-AdfsAdditionalAuthenticationRule.md) +Retrieves the global rules that trigger additional authentication providers to be invoked. + +### [Get-AdfsApplicationGroup](Get-AdfsApplicationGroup.md) +Gets an application group. + +### [Get-AdfsApplicationPermission](Get-AdfsApplicationPermission.md) +Gets permission for an application. + +### [Get-AdfsAttributeStore](Get-AdfsAttributeStore.md) +Gets the attribute stores of the Federation Service. + +### [Get-AdfsAuthenticationProvider](Get-AdfsAuthenticationProvider.md) +Gets a list of all authentication providers in AD FS. + +### [Get-AdfsAuthenticationProviderWebContent](Get-AdfsAuthenticationProviderWebContent.md) +Retrieves web content objects for authentication providers. + +### [Get-AdfsAzureMfaConfigured](Get-AdfsAzureMfaConfigured.md) +Gets whether Azure MFA is enabled. + +### [Get-AdfsCertificate](Get-AdfsCertificate.md) +Retrieves the certificates from AD FS. + +### [Get-AdfsCertificateAuthority](Get-AdfsCertificateAuthority.md) +Gets a certificate authority. + +### [Get-AdfsClaimDescription](Get-AdfsClaimDescription.md) +Gets claim descriptions from the Federation Service. + +### [Get-AdfsClaimsProviderTrust](Get-AdfsClaimsProviderTrust.md) +Gets the claims provider trusts in the Federation Service. + +### [Get-AdfsClaimsProviderTrustsGroup](Get-AdfsClaimsProviderTrustsGroup.md) +Gets an AD FS claims provider trust group. + +### [Get-AdfsClient](Get-AdfsClient.md) +Retrieves registration information for an OAuth 2.0 client. + +### [Get-AdfsDeviceRegistration](Get-AdfsDeviceRegistration.md) +Gets the administrative polices of the Device Registration Service. + +### [Get-AdfsDeviceRegistrationUpnSuffix](Get-AdfsDeviceRegistrationUpnSuffix.md) +Gets the UPN suffixes that can be used with device registration. + +### [Get-AdfsEndpoint](Get-AdfsEndpoint.md) +Retrieves an endpoint in AD FS. + +### [Get-AdfsFarmInformation](Get-AdfsFarmInformation.md) +Gets AD FS behavior level and farm node information. + +### [Get-AdfsGlobalAuthenticationPolicy](Get-AdfsGlobalAuthenticationPolicy.md) +Displays the AD FS global policy. + +### [Get-AdfsGlobalWebContent](Get-AdfsGlobalWebContent.md) +Gets global web content objects. + +### [Get-AdfsLocalClaimsProviderTrust](Get-AdfsLocalClaimsProviderTrust.md) +Gets local claims provider trusts. + +### [Get-AdfsNativeClientApplication](Get-AdfsNativeClientApplication.md) +Gets native client application roles from an application in AD FS. + +### [Get-AdfsNonClaimsAwareRelyingPartyTrust](Get-AdfsNonClaimsAwareRelyingPartyTrust.md) +Gets the properties of a relying party trust for a non-claims-aware web application or service. + +### [Get-AdfsProperties](Get-AdfsProperties.md) +Gets all the associated properties for the AD FS service. + +### [Get-AdfsRegistrationHosts](Get-AdfsRegistrationHosts.md) +The Get-AdfsRegistrationHosts cmdlet is deprecated. +Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet. + +### [Get-AdfsRelyingPartyTrust](Get-AdfsRelyingPartyTrust.md) +Gets the relying party trusts of the Federation Service. + +### [Get-AdfsRelyingPartyTrustsGroup](Get-AdfsRelyingPartyTrustsGroup.md) +Gets a relying party trust group. + +### [Get-AdfsRelyingPartyWebContent](Get-AdfsRelyingPartyWebContent.md) +Gets web content objects for relying parties. + +### [Get-AdfsRelyingPartyWebTheme](Get-AdfsRelyingPartyWebTheme.md) +Gets properties of web themes applied to relying party trusts. + +### [Get-AdfsScopeDescription](Get-AdfsScopeDescription.md) +Gets a description for a scope in AD FS. + +### [Get-AdfsServerApplication](Get-AdfsServerApplication.md) +Gets configuration settings for a server application role for an application in AD FS. + +### [Get-AdfsSslCertificate](Get-AdfsSslCertificate.md) +Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service. + +### [Get-AdfsSyncProperties](Get-AdfsSyncProperties.md) +Gets synchronization properties the configuration database of AD FS. + +### [Get-AdfsTrustedFederationPartner](Get-AdfsTrustedFederationPartner.md) +Gets a trusted federation partner in AD FS. + +### [Get-AdfsWebApiApplication](Get-AdfsWebApiApplication.md) +Gets Web API application roles in AD FS. + +### [Get-AdfsWebApplicationProxyRelyingPartyTrust](Get-AdfsWebApplicationProxyRelyingPartyTrust.md) +Gets the relying party trust object for the Web Application Proxy. + +### [Get-AdfsWebConfig](Get-AdfsWebConfig.md) +Gets AD FS web customization configuration settings. + +### [Get-AdfsWebTheme](Get-AdfsWebTheme.md) +Gets web themes. + +### [Grant-AdfsApplicationPermission](Grant-AdfsApplicationPermission.md) +Grants application permission. + +### [Import-AdfsAuthenticationProviderConfigurationData](Import-AdfsAuthenticationProviderConfigurationData.md) +Imports the custom configuration for an authentication provider. + +### [Import-AdfsWebContent](Import-AdfsWebContent.md) +Imports properties from a resource file into global and relying party web content objects. + +### [Initialize-ADDeviceRegistration](Initialize-ADDeviceRegistration.md) +Initializes the Device Registration Service configuration in the Active Directory forest. + +### [Install-AdfsFarm](Install-AdfsFarm.md) +Creates the first node of a new federation server farm. + +### [Invoke-AdfsFarmBehaviorLevelRaise](Invoke-AdfsFarmBehaviorLevelRaise.md) +Raises the behavior level of a farm. + +### [New-AdfsAccessControlPolicy](New-AdfsAccessControlPolicy.md) +Creates an AD FS access control policy. + +### [New-AdfsApplicationGroup](New-AdfsApplicationGroup.md) +Creates an application group. + +### [New-AdfsAzureMfaTenantCertificate](New-AdfsAzureMfaTenantCertificate.md) +Creates a certificate for the AD FS farm to use to connect to Azure MFA, or returns the currently configured certificate. + +### [New-AdfsClaimRuleSet](New-AdfsClaimRuleSet.md) +Creates a set of claim rules. + +### [New-AdfsContactPerson](New-AdfsContactPerson.md) +Creates a contact person object. + +### [New-AdfsLdapAttributeToClaimMapping](New-AdfsLdapAttributeToClaimMapping.md) +Creates a mapping between an attribute of an LDAP folder and an AD FS claim type. + +### [New-AdfsLdapServerConnection](New-AdfsLdapServerConnection.md) +Creates a connection object. + +### [New-AdfsOrganization](New-AdfsOrganization.md) +Creates a new organization information object. + +### [New-AdfsSamlEndpoint](New-AdfsSamlEndpoint.md) +Creates a SAML protocol endpoint object. + +### [New-AdfsWebTheme](New-AdfsWebTheme.md) +Creates an AD FS web theme. + +### [Publish-SslCertificate](Publish-SslCertificate.md) +The Publish-SslCertificate cmdlet is deprecated. +Instead, use the Set-AdfsSslCertificate cmdlet. + +### [Register-AdfsAuthenticationProvider](Register-AdfsAuthenticationProvider.md) +Registers an external authentication provider in AD FS. + +### [Remove-AdfsAccessControlPolicy](Remove-AdfsAccessControlPolicy.md) +Removes an AD FS access control policy. + +### [Remove-AdfsApplicationGroup](Remove-AdfsApplicationGroup.md) +Removes an application group. + +### [Remove-AdfsAttributeStore](Remove-AdfsAttributeStore.md) +Removes an attribute store from the Federation Service. + +### [Remove-AdfsAuthenticationProviderWebContent](Remove-AdfsAuthenticationProviderWebContent.md) +Removes web content customization of the authentication provider in the user sign-in web pages from AD FS. + +### [Remove-AdfsCertificate](Remove-AdfsCertificate.md) +Removes a certificate from AD FS. + +### [Remove-AdfsClaimDescription](Remove-AdfsClaimDescription.md) +Removes a claim description from the Federation Service. + +### [Remove-AdfsClaimsProviderTrust](Remove-AdfsClaimsProviderTrust.md) +Removes a claims provider trust from the Federation Service. + +### [Remove-AdfsClaimsProviderTrustsGroup](Remove-AdfsClaimsProviderTrustsGroup.md) +Removes an AD FS claims provider trust group. + +### [Remove-AdfsClient](Remove-AdfsClient.md) +Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS. + +### [Remove-AdfsDeviceRegistrationUpnSuffix](Remove-AdfsDeviceRegistrationUpnSuffix.md) +Removes a custom UPN suffix. + +### [Remove-AdfsFarmNode](Remove-AdfsFarmNode.md) +The Remove-AdfsFarmNode cmdlet is deprecated. +Instead, use the Uninstall-WindowsFeature cmdlet. + +### [Remove-AdfsGlobalWebContent](Remove-AdfsGlobalWebContent.md) +Removes a global web content object. + +### [Remove-AdfsLocalClaimsProviderTrust](Remove-AdfsLocalClaimsProviderTrust.md) +Removes a local claims provider trust. + +### [Remove-AdfsNativeClientApplication](Remove-AdfsNativeClientApplication.md) +Removes a native client application role from an application in AD FS. + +### [Remove-AdfsNonClaimsAwareRelyingPartyTrust](Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) +Removes a relying party trust for a non-claims-aware web application or service from the Federation Service. + +### [Remove-AdfsRelyingPartyTrust](Remove-AdfsRelyingPartyTrust.md) +Removes a relying party trust from the Federation Service. + +### [Remove-AdfsRelyingPartyTrustsGroup](Remove-AdfsRelyingPartyTrustsGroup.md) +Removes a relying party trusts group. + +### [Remove-AdfsRelyingPartyWebContent](Remove-AdfsRelyingPartyWebContent.md) +Removes a relying party web content object. + +### [Remove-AdfsRelyingPartyWebTheme](Remove-AdfsRelyingPartyWebTheme.md) +Removes a web theme to a relying party. + +### [Remove-AdfsScopeDescription](Remove-AdfsScopeDescription.md) +Removes a scope description in AD FS. + +### [Remove-AdfsServerApplication](Remove-AdfsServerApplication.md) +Removes a server application role from an application in AD FS. + +### [Remove-AdfsTrustedFederationPartner](Remove-AdfsTrustedFederationPartner.md) +Removes a trusted federation partner in AD FS. + +### [Remove-AdfsWebApiApplication](Remove-AdfsWebApiApplication.md) +Removes a Web API application role from an application in AD FS. + +### [Remove-AdfsWebApplicationProxyRelyingPartyTrust](Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) +Removes the relying party trust object for the Web Application Proxy. + +### [Remove-AdfsWebTheme](Remove-AdfsWebTheme.md) +Removes a web theme. + +### [Restore-AdfsFarmBehaviorLevel](Restore-AdfsFarmBehaviorLevel.md) +Restores the farm to a previous behavior level. + +### [Revoke-AdfsApplicationPermission](Revoke-AdfsApplicationPermission.md) +Revokes permission for an application. + +### [Revoke-AdfsProxyTrust](Revoke-AdfsProxyTrust.md) +Revokes trust for all federation server proxies configured for the Federation Service. + +### [Set-AdfsAccessControlPolicy](Set-AdfsAccessControlPolicy.md) +Modifies an AD FS access control policy. + +### [Set-AdfsAdditionalAuthenticationRule](Set-AdfsAdditionalAuthenticationRule.md) +Sets the global rules that provide the trigger for additional authentication providers to be invoked. + +### [Set-AdfsAlternateTlsClientBinding](Set-AdfsAlternateTlsClientBinding.md) +Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication. + +### [Set-AdfsApplicationGroup](Set-AdfsApplicationGroup.md) +Modifies an application group. + +### [Set-AdfsApplicationPermission](Set-AdfsApplicationPermission.md) +Modifies application permissions. + +### [Set-AdfsAttributeStore](Set-AdfsAttributeStore.md) +Modifies properties of an attribute store. + +### [Set-AdfsAuthenticationProviderWebContent](Set-AdfsAuthenticationProviderWebContent.md) +Modifies a display name and description. + +### [Set-AdfsAzureMfaTenant](Set-AdfsAzureMfaTenant.md) +Enables an AD FS farm to use MFA. + +### [Set-AdfsCertificate](Set-AdfsCertificate.md) +Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications. + +### [Set-AdfsCertificateAuthority](Set-AdfsCertificateAuthority.md) +Modifies a certificate authority. + +### [Set-AdfsCertSharingContainer](Set-AdfsCertSharingContainer.md) +Sets the account that is used for sharing managed certificates in a federation server farm. + +### [Set-AdfsClaimDescription](Set-AdfsClaimDescription.md) +Modifies the properties of a claim description. + +### [Set-AdfsClaimsProviderTrust](Set-AdfsClaimsProviderTrust.md) +Sets the properties of a claims provider trust. + +### [Set-AdfsClient](Set-AdfsClient.md) +Modifies registration settings for an OAuth 2.0 client registered with AD FS. + +### [Set-AdfsDeviceRegistration](Set-AdfsDeviceRegistration.md) +Configures the administrative policies for the Device Registration Service. + +### [Set-AdfsDeviceRegistrationUpnSuffix](Set-AdfsDeviceRegistrationUpnSuffix.md) +Sets the list of UPN suffixes. + +### [Set-AdfsEndpoint](Set-AdfsEndpoint.md) +Sets the endpoint on a Web Application Proxy. + +### [Set-AdfsFarmInformation](Set-AdfsFarmInformation.md) +Removes a stale or offline farm node from the farm information table. + +### [Set-AdfsGlobalAuthenticationPolicy](Set-AdfsGlobalAuthenticationPolicy.md) +Modifies the AD FS global policy. + +### [Set-AdfsGlobalWebContent](Set-AdfsGlobalWebContent.md) +Sets properties for global web content objects. + +### [Set-AdfsLocalClaimsProviderTrust](Set-AdfsLocalClaimsProviderTrust.md) +Modifies a local claims provider trust. + +### [Set-AdfsNativeClientApplication](Set-AdfsNativeClientApplication.md) +Modifies configuration settings for a server native client application role of an application in AD FS. + +### [Set-AdfsNonClaimsAwareRelyingPartyTrust](Set-AdfsNonClaimsAwareRelyingPartyTrust.md) +Sets the properties of a relying party trust for a non-claims-aware web application or service. + +### [Set-AdfsProperties](Set-AdfsProperties.md) +Sets the properties that control global behaviors in AD FS. + +### [Set-AdfsRegistrationHosts](Set-AdfsRegistrationHosts.md) +The Set-AdfsRegistrationHosts cmdlet is deprecated. +Instead, use the **Set-AdfsDeviceRegistrationUpnSuffix** cmdlet. + +### [Set-AdfsRelyingPartyTrust](Set-AdfsRelyingPartyTrust.md) +Sets the properties of a relying party trust. + +### [Set-AdfsRelyingPartyWebContent](Set-AdfsRelyingPartyWebContent.md) +Sets properties for the relying party web content objects. + +### [Set-AdfsRelyingPartyWebTheme](Set-AdfsRelyingPartyWebTheme.md) +Applies a web theme to a relying party. + +### [Set-AdfsScopeDescription](Set-AdfsScopeDescription.md) +Modifies a scope description in AD FS. + +### [Set-AdfsServerApplication](Set-AdfsServerApplication.md) +Modifies configuration settings for a server application role of an application in AD FS. + +### [Set-AdfsSslCertificate](Set-AdfsSslCertificate.md) +Sets an SSL certificate for HTTPS bindings for AD FS. + +### [Set-AdfsSyncProperties](Set-AdfsSyncProperties.md) +Modifies the frequency of synchronization for the AD FS configuration database and which server is primary in the farm. + +### [Set-AdfsTrustedFederationPartner](Set-AdfsTrustedFederationPartner.md) +Modifies configuration settings for trusted federation partners in AD FS. + +### [Set-AdfsWebApiApplication](Set-AdfsWebApiApplication.md) +Modifies configuration settings for a Web API application in AD FS. + +### [Set-AdfsWebApplicationProxyRelyingPartyTrust](Set-AdfsWebApplicationProxyRelyingPartyTrust.md) +Modifies properties of the relying party trust object for the Web Application Proxy. + +### [Set-AdfsWebConfig](Set-AdfsWebConfig.md) +Modifies web customization configuration settings. + +### [Set-AdfsWebTheme](Set-AdfsWebTheme.md) +Modifies properties of a web theme. + +### [Test-AdfsFarmBehaviorLevelRaise](Test-AdfsFarmBehaviorLevelRaise.md) +Tests whether you can raise the behavior level of a farm. + +### [Test-AdfsFarmBehaviorLevelRestore](Test-AdfsFarmBehaviorLevelRestore.md) +Tests whether you can restore an AD FS farm to a previous behavior level. + +### [Test-AdfsFarmInstallation](Test-AdfsFarmInstallation.md) +Runs prerequisite checks for installing a new federation server farm. + +### [Test-AdfsFarmJoin](Test-AdfsFarmJoin.md) +Runs prerequisite checks for adding the server computer to a federation server farm. + +### [Unregister-AdfsAuthenticationProvider](Unregister-AdfsAuthenticationProvider.md) +Deletes an external authentication provider from AD FS. + +### [Update-AdfsCertificate](Update-AdfsCertificate.md) +Updates the certificates of AD FS. + +### [Update-AdfsClaimsProviderTrust](Update-AdfsClaimsProviderTrust.md) +Updates the claims provider trust from federation metadata. + +### [Update-AdfsRelyingPartyTrust](Update-AdfsRelyingPartyTrust.md) +Updates the relying party trust from federation metadata. + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsAttributeStore.md b/docset/winserver2025-ps/adfs/Add-AdfsAttributeStore.md new file mode 100644 index 0000000000..18620c8cba --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsAttributeStore.md @@ -0,0 +1,187 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsattributestore?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsAttributeStore +--- + +# Add-AdfsAttributeStore + +## SYNOPSIS +Adds an attribute store to the Federation Service. + +## SYNTAX + +### Predefined +``` +Add-AdfsAttributeStore -Name -StoreType -Configuration [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### Custom +``` +Add-AdfsAttributeStore -Name -TypeQualifiedName -Configuration [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsAttributeStore** cmdlet adds an attribute store to the Federation Service. + +## EXAMPLES + +### Example 1: Add a SQL type attribute store +``` +PS C:\> Add-AdfsAttributeStore -Name "LocalSqlStore" -StoreType "SQL" -Configuration @{"name" = "SQL Attribute Store"; "Connection" = "Server=CONTOSOSRV01;Database=UserAttributes;Integrated Security=True;Async=True"} +``` + +This command adds a SQL-based attribute store named LocalSqlStore. + +### Example 2: Add a custom attribute store +``` +PS C:\> Add-AdfsAttributeStore -Name "MyCustomStore" -TypeQualifiedName "Contoso.CustomTypes.MyAttributeStore, Contoso.CustomTypes" -Configuration @{"Name" = "Custom Attribute Store"; "Connection" = "Default"} +``` + +This command adds a custom attribute store named MyCustomStore. + +## PARAMETERS + +### -Configuration +Specifies the initialization parameters of the attribute store, such as a connection string. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this attribute store. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StoreType +Specifies the type of attribute store to add. +The acceptable values for this parameter are: + +- ActiveDirectory +- LDAP +- SQL + +```yaml +Type: String +Parameter Sets: Predefined +Aliases: +Accepted values: ActiveDirectory, LDAP, SQL + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TypeQualifiedName +Specifies the class reference for a custom attribute store that is implemented in a .NET assembly. + +```yaml +Type: String +Parameter Sets: Custom +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None or Microsoft.IdentityServer.Management.Resources.AttributeStore + +Returns the new AttributeStore object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* An Active Directory Federation Services (AD FS) 2.0 attribute store is a pluggable module that the policy process for AD FS 2.0 can query to retrieve claim values. You can use either an Active Directory database or a Microsoft SQL Server database as your attribute store, or you can implement your own custom attribute store. + +## RELATED LINKS + +[Get-AdfsAttributeStore](./Get-AdfsAttributeStore.md) + +[Set-AdfsAttributeStore](./Set-AdfsAttributeStore.md) + +[Remove-AdfsAttributeStore](./Remove-AdfsAttributeStore.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsCertificate.md b/docset/winserver2025-ps/adfs/Add-AdfsCertificate.md new file mode 100644 index 0000000000..550d0be9d8 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsCertificate.md @@ -0,0 +1,161 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfscertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsCertificate +--- + +# Add-AdfsCertificate + +## SYNOPSIS +Adds a new certificate to AD FS for signing, decrypting, or securing communications. + +## SYNTAX + +``` +Add-AdfsCertificate -CertificateType -Thumbprint [-IsPrimary] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsCertificate** cmdlet adds a new certificate to Active Directory Federation Services (AD FS) for token signing, token decrypting, card signing, or securing communications. + +## EXAMPLES + +### Example 1: Add a token-signing certificate +```powershell +PS C:\> Add-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint ‎"fedd995b45e633d4ef30fcbc8f3a48b627e9a28b" +``` + +This command adds a token-signing certificate with the thumbprint `fedd995b45e633d4ef30fcbc8f3a48b627e9a28b`. + +## PARAMETERS + +### -CertificateType +Specifies the type and purpose of the certificate. +The acceptable values for this parameter are: + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Token-Decrypting, Token-Signing + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsPrimary +Indicates that the certificate is primary or not. +Primary token-signing certificates are used to digitally sign outgoing claims. +Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. +Service communications certificates are always primary certificates. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Thumbprint +Specifies the thumbprint of the certificate to use. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +A string object is received by the *Thumbprint* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate + +Returns the new ServiceCertificate object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* Active Directory Federation Services (AD FS) uses certificates for issuing and receiving tokens, publishing federation metadata, and communication through Secure Sockets Layer (SSL). + +## RELATED LINKS + +[Get-AdfsCertificate](./Get-AdfsCertificate.md) + +[Remove-AdfsCertificate](./Remove-AdfsCertificate.md) + +[Set-AdfsCertificate](./Set-AdfsCertificate.md) + +[Update-AdfsCertificate](./Update-AdfsCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsClaimDescription.md b/docset/winserver2025-ps/adfs/Add-AdfsClaimDescription.md new file mode 100644 index 0000000000..66f8941138 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsClaimDescription.md @@ -0,0 +1,215 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsclaimdescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsClaimDescription +--- + +# Add-AdfsClaimDescription + +## SYNOPSIS +Adds a claim description to the Federation Service. + +## SYNTAX + +``` +Add-AdfsClaimDescription -Name -ClaimType [-ShortName ] [-IsAccepted ] + [-IsOffered ] [-IsRequired ] [-Notes ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-AdfsClaimDescription** cmdlet adds a claim description to the Federation Service. + +## EXAMPLES + +### Example 1: Add a claim description +``` +PS C:\> Add-AdfsClaimDescription -Name "Role" -ClaimType "https://Fabrikam.com/role" +``` + +This command adds the claim description named Role for a custom claim that has the specified claim type. + +## PARAMETERS + +### -ClaimType +Specifies the claim type URN or URI of the claim. +All claim descriptions must include a valid URN or URI. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsAccepted +Indicates whether the claim is published in federation metadata as a claim that the Federation Service accepts. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsOffered +Indicates whether the claim is published in federation metadata as a claim that the Federation Service offers. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsRequired +Indicates whether the claim is published in federation metadata as a claim that the Federation Service requires. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a friendly name for the claim description to add. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies text that describes the purpose of the claim description. +The cmdlet adds the notes to the claim description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShortName +Specifies a short name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ClaimDescription + +Returns the new ClaimDescription object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* Use claim descriptions to configure the list of claims that are available to be offered or accepted by Active Directory Federation Services (AD FS). + +## RELATED LINKS + +[Get-AdfsClaimDescription](./Get-AdfsClaimDescription.md) + +[Remove-AdfsClaimDescription](./Remove-AdfsClaimDescription.md) + +[Set-AdfsClaimDescription](./Set-AdfsClaimDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..03c6293d40 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrust.md @@ -0,0 +1,708 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsClaimsProviderTrust +--- + +# Add-AdfsClaimsProviderTrust + +## SYNOPSIS +Adds a new claims provider trust to the Federation Service. + +## SYNTAX + +### AllProperties +``` +Add-AdfsClaimsProviderTrust -Name -Identifier -TokenSigningCertificate + [-AutoUpdateEnabled ] [-AllowCreate ] [-AnchorClaimType ] [-CustomMFAUri ] + [-EncryptionCertificateRevocationCheck ] [-Enabled ] [-Notes ] + [-ProtocolProfile ] [-EncryptedNameIdRequired ] [-SamlAuthenticationRequestIndex ] + [-SamlAuthenticationRequestParameters ] [-SamlAuthenticationRequestProtocolBinding ] + [-SignatureAlgorithm ] [-SigningCertificateRevocationCheck ] [-SupportsMfa] + [-PromptLoginFederation ] [-PromptLoginFallbackAuthenticationType ] + [-RequiredNameIdFormat ] [-EncryptionCertificate ] + [-OrganizationalAccountSuffix ] [-WSFedEndpoint ] [-ClaimOffered ] + [-SamlEndpoint ] [-SignedSamlRequestsRequired ] [-PassThru] + [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] [-MonitoringEnabled ] + [-WhatIf] [-Confirm] [] +``` + +### MetadataFile +``` +Add-AdfsClaimsProviderTrust -Name [-AutoUpdateEnabled ] [-AllowCreate ] + [-AnchorClaimType ] [-EncryptionCertificateRevocationCheck ] [-Enabled ] + [-Notes ] [-ProtocolProfile ] [-EncryptedNameIdRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SignatureAlgorithm ] + [-SigningCertificateRevocationCheck ] [-PromptLoginFederation ] + [-PromptLoginFallbackAuthenticationType ] [-RequiredNameIdFormat ] + [-OrganizationalAccountSuffix ] [-MetadataFile ] [-SignedSamlRequestsRequired ] + [-PassThru] [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] + [-MonitoringEnabled ] [-WhatIf] [-Confirm] [] +``` + +### MetadataUrl +``` +Add-AdfsClaimsProviderTrust -Name [-AutoUpdateEnabled ] [-AllowCreate ] + [-AnchorClaimType ] [-EncryptionCertificateRevocationCheck ] [-Enabled ] + [-Notes ] [-ProtocolProfile ] [-EncryptedNameIdRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SignatureAlgorithm ] + [-SigningCertificateRevocationCheck ] [-PromptLoginFederation ] + [-PromptLoginFallbackAuthenticationType ] [-RequiredNameIdFormat ] + [-OrganizationalAccountSuffix ] [-MetadataUrl ] [-SignedSamlRequestsRequired ] + [-PassThru] [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] + [-MonitoringEnabled ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsClaimsProviderTrust** cmdlet adds a new claims provider trust to the Federation Service. +Use this cmdlet when users from a partner organization need to access resources (relying parties) protected by the Active Directory Federation Services (AD FS) service. +You can specify a claims provider trust manually, or you can provide a federation metadata document to bootstrap initial configuration. + +In Windows Server 2016, AD FS supports the prompt=login parameter. +When AD FS is acting as a federation provider, these new properties on the claims provider trust determine how AD FS handles the parameter. + +## EXAMPLES + +### Example 1: Add a claims provider trust +``` +PS C:\> Add-AdfsClaimsProviderTrust -Name "Fabrikam" -MetadataURL "https://fabrikam.com/federationmetadata/2007-06/federationmetadata.xml" +``` + +This command adds a claims provider trust named Fabrikam that has the specified metadata URL to the Federation Service. + +## PARAMETERS + +### -AcceptanceTransformRules +Specifies the claim acceptance transform rules for accepting claims from this claims provider. +These rules determine the information that is accepted from the partner represented by the claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AcceptanceTransformRulesFile +Specifies a file that contains the claim acceptance transform rules for accepting claims from the claims provider. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowCreate +Indicates whether the Security Assertion Markup Language (SAML) parameter *AllowCreate* is sent in SAML requests to the claims provider. +The default values $True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AnchorClaimType +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Indicates whether changes to the federation metadata by the *MetadataURL* parameter apply automatically to the configuration of the trust relationship. +If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically. + +Note: When auto-update is enabled, fields that can be overwritten by metadata become read only. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimOffered +Specifies an array of claims that are offered by this claims provider. + +```yaml +Type: ClaimDescription[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -CustomMFAUri +```yaml +Type: Uri +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether the claims provider trust is enabled or disabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptedNameIdRequired +Indicates whether the relying party requires that the **NameID** claim be encrypted. +This setting applies to SAML logout requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificate +Specifies the certificate to be used for encrypting a **NameID** to this claims provider in SAML logout requests. +Encrypting the **NameID** is optional. + +```yaml +Type: X509Certificate2 +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificateRevocationCheck +Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies the unique identifier for this claims provider trust. +No other trust can use an identifier from this list. +Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but you can use any string of characters. + +```yaml +Type: String +Parameter Sets: AllProperties +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataFile +Specifies a file path, such as c:\metadata.xml, that contains the federation metadata to be used when this claims provider trust is created. + +```yaml +Type: String +Parameter Sets: MetadataFile +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies a URL at which the federation metadata for this claims provider trust is available. + +```yaml +Type: Uri +Parameter Sets: MetadataUrl +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether periodic monitoring of this claims provider's federation metadata is enabled. +The URL of the claims provider's federation metadata is specified by the *MetadataUrl* parameter. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes for this claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationalAccountSuffix +Specifies an array of organizational account suffixes an administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFallbackAuthenticationType +Specifies a fallback authentication type for a prompt login request. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFederation +The acceptable values for this parameter are: + +- None. +Do not federate prompt=login request and error instead. +- FallbackToProtocolSpecificParameters. +Translate prompt=login to wfresh=0 and Wauth=forms during federation. +If wauth is present in the original request, it will be preserved. +- ForwardPromptAndHintsOverWsFederation. +Forward prompt, login_hint, and domain_hint parameters during federation. + +```yaml +Type: PromptLoginFederation +Parameter Sets: (All) +Aliases: +Accepted values: None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtocolProfile +Specifies which protocol profiles the claims provider supports. +The acceptable values for this parameter are: + +- SAML +- WsFederation +- WsFed-SAML. + +The default value is WsFed-SAML. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: WSFederation, WsFed-SAML, SAML + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequiredNameIdFormat +Specifies the format that is required for **NameID** claims to be included in SAML requests to the claims provider. +By default, no format is required. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestIndex +Specifies the value of **AssertionConsumerServiceIndex** that will be placed in SAML authentication requests that are sent to the claims provider. + +```yaml +Type: UInt16 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestParameters +Specifies which of the following parameters to use in SAML authentication requests to the claims provider: **AssertionConsumerServiceIndex**, **AssertionConsumerServiceUrl**, and **ProtocolBinding**.The acceptable values for this parameter are: + +- None +- Index +- Url +- ProtocolBinding +- UrlWithProtocolBinding + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Index, None, ProtocolBinding, Url, UrlWithProtocolBinding + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestProtocolBinding +Specifies the value of **ProtocolBinding** to place in SAML authentication requests to the claims provider. +The acceptable values for this parameter are: + +- Artifact +- Post +- Redirect + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Artifact, POST, Redirect + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlEndpoint +Specifies an array of SAML protocol endpoints for this claims provider. + +```yaml +Type: SamlEndpoint[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SignatureAlgorithm +Specifies the signature algorithm that the claims provider uses for signing and verification. +The acceptable values for this parameter are: + +- https://www.w3.org/2000/09/xmldsig#rsa-sha1 +- https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: https://www.w3.org/2000/09/xmldsig#rsa-sha1, https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignedSamlRequestsRequired +Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. +If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateRevocationCheck +Specifies the type of certificate validation that occurs when signatures are verified on responses or assertions from the claims provider. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SupportsMfa +```yaml +Type: SwitchParameter +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TokenSigningCertificate +Specifies an array of token-signing certificates that the claims provider uses. + +```yaml +Type: X509Certificate2[] +Parameter Sets: AllProperties +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WSFedEndpoint +Specifies the WS-Federation Passive URL for this claims provider. + +```yaml +Type: Uri +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AcceptanceTransformRules* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +ClaimDescription objects are received by the *SamlEndpoint* parameter. + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TokenSigningCertificate* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the new ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* The claims provider is responsible for collecting and authenticating a user's credentials, building up claims for that user, and packaging the claims into security tokens or Information Cards. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens or Information Cards on their behalf. When you configure Active Directory Federation Services (AD FS) to use federation services, the role of the claims provider is to enable its users to access resources that a relying party organization hosts by establishing one side of a federation trust relationship. After the trust is established, tokens and Information Cards can be presented to the relying party across the federation trust. + +## RELATED LINKS + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrustsGroup.md b/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrustsGroup.md new file mode 100644 index 0000000000..0efccfa889 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsClaimsProviderTrustsGroup.md @@ -0,0 +1,215 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsclaimsprovidertrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsClaimsProviderTrustsGroup +--- + +# Add-AdfsClaimsProviderTrustsGroup + +## SYNOPSIS +Creates a claims provider trust group based on metadata that contains multiple entities. + +## SYNTAX + +### MetadataFile +``` +Add-AdfsClaimsProviderTrustsGroup -MetadataFile [-Force] [-PassThru] + [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] [-MonitoringEnabled ] + [-WhatIf] [-Confirm] [] +``` + +### MetadataUrl +``` +Add-AdfsClaimsProviderTrustsGroup -MetadataUrl [-AutoUpdateEnabled ] [-Force] [-PassThru] + [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] [-MonitoringEnabled ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsClaimsProviderTrustsGroup** cmdlet creates a claims provider trust group based on metadata that contains multiple entities. + +## EXAMPLES + +### Example 1: Add a trust group by metadata URL +``` +PS C:\> Add-AdfsClaimsProviderTrustsGroup -MetadataUrl https://www.contosoconsortium.com/metadata/metadata.xml +``` + +This command specifies a metadata URL to add a trust group + +### Example 2: Add a trust group by metadata file +``` +PS C:\> Add-AdfsClaimsProviderTrustsGroup -MetadataFile "C:\metadata.xml" +``` + +This command specifies a metadata file to add a trust group. + +## PARAMETERS + +### -AcceptanceTransformRules +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AcceptanceTransformRulesFile +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Indicates whether automatic updates are enabled. + +```yaml +Type: Boolean +Parameter Sets: MetadataUrl +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataFile +Specifies the file path and name of a metadata file on the local file system. + +```yaml +Type: String +Parameter Sets: MetadataFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies the URL of a metadata file available on the public Internet. + +```yaml +Type: Uri +Parameter Sets: MetadataUrl +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether monitoring is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsClaimsProviderTrustsGroup](./Get-AdfsClaimsProviderTrustsGroup.md) + +[Remove-AdfsClaimsProviderTrustsGroup](./Remove-AdfsClaimsProviderTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsClient.md b/docset/winserver2025-ps/adfs/Add-AdfsClient.md new file mode 100644 index 0000000000..736c5f8ac4 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsClient.md @@ -0,0 +1,332 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsClient +--- + +# Add-AdfsClient + +## SYNOPSIS +Registers an OAuth 2.0 client with AD FS. + +## SYNTAX + +``` +Add-AdfsClient [-ClientId] [-Name] [[-RedirectUri] ] [-Description ] + [-ClientType ] [-ADUserPrincipalName ] [-JWTSigningCertificate ] + [-JWTSigningCertificateRevocationCheck ] [-JWKSUri ] [-JWKSFile ] + [-LogoutUri ] [-GenerateClientSecret] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsClient** cmdlet registers an OAuth client with Active Directory Federation Services (AD FS). +In order to allow access from OAuth clients to resources secured by AD FS, you need to register the OAuth client with AD FS by using this cmdlet. + +When you register an OAuth 2.0 client with AD FS, you must specify a client identifier and a redirection URI, as well as a friendly name and description, for the OAuth client. +When an OAuth client requests access to a resource using the OAuth 2.0 protocol, the client must specify a client identifier and redirection URI to AD FS, in accordance with [RFC 6749](https://tools.ietf.org/html/rfc6749). +AD FS will not allow access to a resource to clients that specify a client identifier or redirection URI that are not registered with AD FS. + +## EXAMPLES + +### Example 1: Add a client +``` +PS C:\> Add-AdfsClient -Name "Payroll Application" -ClientId "ab762716-544d-4aeb-a526-687b73838a33" -RedirectUri "ms-app://s-1-15-2-2205112887-4282980309-3272664163-2407253042-283898840-27493891-3661245662/" -Description "OAuth 2.0 client for our Payroll application" +``` + +This command registers an OAuth 2.0 client with AD FS by using a client identifier, redirection URI, name, and description. + +### Example 2: Add a client with multiple redirection URIs +``` +PS C:\> Add-AdfsClient -Name "Payroll Application" -ClientId "ab762716-544d-4aeb-a526-687b73838a33" -RedirectUri @("ms-app://s-1-15-2-2205112887-4282980309-3272664163-2407253042-283898840-27493891-3661245662/", "https://Contosopayrollapplication/oauthclient/") -Description "OAuth 2.0 client for our Payroll application" +``` + +This command registers an OAuth 2.0 client with a client identifier, two redirection URIs, a name and description with AD FS. +The command uses two different redirections URIs to denote multiple forms of the application that may use different redirection URIs, + +## PARAMETERS + +### -ADUserPrincipalName +Specifies an Active Directory user principal name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClientId +Specifies the cliend ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ClientType +Specifies the client type. +The acceptable values for this parameter are: + +- Public +- Confidential + +```yaml +Type: ClientType +Parameter Sets: (All) +Aliases: +Accepted values: Public, Confidential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -GenerateClientSecret +Indicates whether to generate a client secret. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSFile +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSUri +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificate +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificateRevocationCheck +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: RevocationSetting +Parameter Sets: (All) +Aliases: +Accepted values: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies one or more redirection URIs. +The cmdlet modifies the OAuth 2.0 client registration information with the redirection URIs that you specify. + +The OAuth 2.0 client uses the redirection URI when the client requests authorization to access a resource secured by AD FS. +You may register multiple redirection URIs for a single client identifier. +The redirection URI must be a valid URI. + +The redirection URI specified by the client must already be registered with AD FS and must correspond to the client identifier for that OAuth 2.0 client, in order for the client to be authorized to access the resource. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, AD FS will deliver the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +Ensure that the value of the RedirectUri parameter matches exactly the redirection URI that will be specified by the OAuth 2.0 client when requesting authorization, including trailing slashes (/), if required. +Use more secure schemes, such as https, when you specify a redirection URI. + +For Windows Store applications that authenticate using the Windows Web Authentication Broker, use the 'ms-app://' scheme when registering a redirect URI. +For example, ms-app://s-1-15-2-1101140336-4090662585-1905587327-262951538-2732256205-1306401843-4235927180/ is a redirect URI for a Windows Store application. +If you are developing a Windows Store application, you can obtain the redirect URI for your application using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ClientId*, *Description*, *Name*, and *RedirectUri* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns the new AdfsClient object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsClient](./Disable-AdfsClient.md) + +[Enable-AdfsClient](./Enable-AdfsClient.md) + +[Get-AdfsClient](./Get-AdfsClient.md) + +[Remove-AdfsClient](./Remove-AdfsClient.md) + +[Set-AdfsClient](./Set-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsDeviceRegistrationUpnSuffix.md b/docset/winserver2025-ps/adfs/Add-AdfsDeviceRegistrationUpnSuffix.md new file mode 100644 index 0000000000..14893c830a --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsDeviceRegistrationUpnSuffix.md @@ -0,0 +1,109 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsdeviceregistrationupnsuffix?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsDeviceRegistrationUpnSuffix +--- + +# Add-AdfsDeviceRegistrationUpnSuffix + +## SYNOPSIS +Adds a custom UPN suffix. + +## SYNTAX + +``` +Add-AdfsDeviceRegistrationUpnSuffix [-UpnSuffix] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsDeviceRegistrationUpnSuffix** cmdlet adds a custom user principal name (UPN) suffix that you can use when you register a device with Active Directory Federation Services (AD FS). + +In many environments, additional UPN suffixes for users are added after an Active Directory Federation Services (AD FS) deployment is complete. +Run this cmdlet to support device registration for users of the new UPN suffix. +The cmdlet configures a Secure Sockets Layer (SSL) binding that corresponds to the UPN suffix. +The UPN suffix must have a corresponding registration name in the AD FS SSL certificate, for example `enterpriseregistration`.upn suffix. +You can use a wild-card SSL certificate that covers all possible registration names. + +## EXAMPLES + +### Example 1: Add a UPN suffix for registering a device +``` +PS C:\> Add-AdfsDeviceRegistrationUpnSuffix -UpnSuffix "Northamerica.Contoso.com" +``` + +This command adds the UPN suffix Northamerica.Contoso.com to the list of suffixes that AD FS responds to for device registration requests after the initial deployment of the device registration service. + +## PARAMETERS + +### -UpnSuffix +Specifies a UPN suffix. +The cmdlet adds and configures the UPN suffix that you specify as a valid registration UPN suffix. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *UpnSuffix* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsDeviceRegistrationUpnSuffix](./Get-AdfsDeviceRegistrationUpnSuffix.md) + +[Remove-AdfsDeviceRegistrationUpnSuffix](./Remove-AdfsDeviceRegistrationUpnSuffix.md) + +[Set-AdfsDeviceRegistrationUpnSuffix](./Set-AdfsDeviceRegistrationUpnSuffix.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsFarmNode.md b/docset/winserver2025-ps/adfs/Add-AdfsFarmNode.md new file mode 100644 index 0000000000..cd0bc9e0a3 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsFarmNode.md @@ -0,0 +1,256 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsfarmnode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsFarmNode +--- + +# Add-AdfsFarmNode + +## SYNOPSIS +Adds this computer to an existing federation server farm. + +## SYNTAX + +### AdfsFarmJoinWidGmsa (Default) +``` +Add-AdfsFarmNode [-OverwriteConfiguration] [-CertificateThumbprint ] + -GroupServiceAccountIdentifier [-Credential ] -PrimaryComputerName + [-PrimaryComputerPort ] [-WhatIf] [-Confirm] [] +``` + +### ADFSFarmJoinWidSvcAcct +``` +Add-AdfsFarmNode [-OverwriteConfiguration] [-CertificateThumbprint ] + -ServiceAccountCredential [-Credential ] -PrimaryComputerName + [-PrimaryComputerPort ] [-WhatIf] [-Confirm] [] +``` + +### ADFSFarmJoinSqlSvcAcct +``` +Add-AdfsFarmNode [-CertificateThumbprint ] -ServiceAccountCredential + [-Credential ] -SQLConnectionString [-FarmBehavior ] [-WhatIf] [-Confirm] + [] +``` + +### AdfsFarmJoinSqlGmsa +``` +Add-AdfsFarmNode [-CertificateThumbprint ] -GroupServiceAccountIdentifier + [-Credential ] -SQLConnectionString [-FarmBehavior ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-AdfsFarmNode** cmdlet adds this computer to an existing federation server farm. + +## EXAMPLES + +### Example 1: Add a farm node +``` +PS C:\> $fscredential = Get-Credential +PS C:\> Add-AdfsFarmNode -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" +``` + +This example adds the local server computer as a node in an existing federation server farm that uses a Microsoft SQL Server database installed on a computer named SQLHost. + +### Example 2: Add a farm node and overwrite the existing configuration +``` +PS C:\> $fscredential = Get-Credential +PS C:\> Add-AdfsFarmNode -OverwriteConfiguration -PrimaryComputerName "PrimaryWIDHost" -PrimaryComputerPort 80 -ServiceAccountCredential $fscredential -CertificateThumbprint "8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed" +``` + +This example overwrites an existing AD FS configuration database and adds the local server computer as a node in an existing federation server farm that uses Windows Internal Database (WID) and whose primary node is installed on a computer named PrimaryWIDHost. + +Note that the *PrimaryComputerPort* is required even if the default HTTP port of 80 is used and that the *CertificateThumbprint* parameter is only required if it is not already configured as a binding in IIS. +Also, when specifying a value for the *CertificateThumbprint* parameter, the value you use must specify the thumbprint of a certificate that is currently installed in the local machine My store, and the certificate must be the same certificate that is used as the SSL certificate on the primary node. + +## PARAMETERS + +### -CertificateThumbprint +Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a **PSCredential** object. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FarmBehavior +```yaml +Type: Int32 +Parameter Sets: ADFSFarmJoinSqlSvcAcct, AdfsFarmJoinSqlGmsa +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the Group Managed Service Account under which the Active Directory Federation Services (AD FS) service runs. + +```yaml +Type: String +Parameter Sets: AdfsFarmJoinWidGmsa, AdfsFarmJoinSqlGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OverwriteConfiguration +This parameter must be used to remove an existing AD FS configuration database and overwrite it with a new database. + +```yaml +Type: SwitchParameter +Parameter Sets: AdfsFarmJoinWidGmsa, ADFSFarmJoinWidSvcAcct +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerName +Specifies the name of the primary federation server in a federation server farm. +The cmdlet adds the computer to the federation server farm that has the primary federation server that you specify. + +```yaml +Type: String +Parameter Sets: AdfsFarmJoinWidGmsa, ADFSFarmJoinWidSvcAcct +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerPort +Specifies the primary computer port. +The computer uses the HTTP port that you specify to connect with the primary computer in order to synchronize configuration settings. +Specify a value of 80 for this parameter, or specify an alternate value if the HTTP port on the primary computer is not 80. +If this parameter is not specified, a default port value of 443 is assumed. + +```yaml +Type: Int32 +Parameter Sets: AdfsFarmJoinWidGmsa, ADFSFarmJoinWidSvcAcct +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies the Active Directory account under which the AD FS service runs. +All nodes in the farm must use the same service account. + +```yaml +Type: PSCredential +Parameter Sets: ADFSFarmJoinWidSvcAcct, ADFSFarmJoinSqlSvcAcct +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SQLConnectionString +Specifies the SQL Server database that will store the AD FS configuration settings. +If not specified, AD FS uses Windows Internal Database to store configuration settings. + +```yaml +Type: String +Parameter Sets: ADFSFarmJoinSqlSvcAcct, AdfsFarmJoinSqlGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[Remove-AdfsFarmNode](./Remove-AdfsFarmNode.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Add-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..ddd7c2efe8 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,372 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsLocalClaimsProviderTrust +--- + +# Add-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Creates a local claims provider trust. + +## SYNTAX + +``` +Add-AdfsLocalClaimsProviderTrust -Name -Identifier [-AcceptanceTransformRules ] + [-AcceptanceTransformRulesFile ] [-Enabled ] [-Notes ] + [-OrganizationalAccountSuffix ] [-Force] [-Type ] [-PassThru] [-WhatIf] [-Confirm] + -LdapServerConnection -UserObjectClass -UserContainer + -AnchorClaimLdapAttribute -AnchorClaimType + [-LdapAuthenticationMethod ] + [-LdapAttributeToClaimMapping ] [] +``` + +## DESCRIPTION +The **Add-AdfsLocalClaimsProviderTrust** cmdlet creates a local claims provider trust. +This trust is based on a Lightweight Directory Access Protocol (LDAP) v3 compliant directory other than the Active Directory domain of which the Active Directory Federation Services (AD FS) server is a member. +This includes other, untrusted, Active Directory forests or domains, Active Directory Lightweight Directory Services directories, and non-Active Directory LDAP directories. + +## EXAMPLES + +### Example 1: Create an LDAP local claims provider trust +``` +PS C:\> $Credential = Get-Credential +PS C:\ > $LdapConn = New-AdfsLdapServerConnection -HostName "DomainContoller03.contoso.com" -Port 389 -SslMode None -AuthenticationMethod Basic -Credential $Credential +PS C:\ > $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" +PS C:\> Add-AdfsLocalClaimsProviderTrust -Name "testldap" -Identifier "urn:testldap" -Type ldap -LdapServerConnection $LdapConn -UserObjectClass user -UserContainer "CN=Users,DC=,DC=,DC=com" -LdapAuthenticationMethod Basic -AnchorClaimLdapAttribute userPrincipalName -AnchorClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -AcceptanceTransformRules "c:[] => issue(claim=c);" -Enabled $True -OrganizationalAccountSuffix "TSQA.contoso.com" - LdapAttributeToClaimMapping $DisplayName +``` + +The first command prompts you for a user name and password by using the **Get-Credential** cmdlet. +The command stores the results in the $Credential variable. + +The second command creates an LDAP connection by using the **New-AdfsLdapServerConnection** cmdlet. +DomainContoller03.contoso.com is the fully qualified domain name of a domain controller in the other forest. +The command stores the result in the $LdapConn variable. + +The third command creates a mapping of an LDAP directory attribute to a claim type by using the **New-AdfsLdapAttributeToClaimMapping** cmdlet. + +The final command creates an LDAP claims provider trust to authenticate users in another, untrusted Active Directory forest. + +## PARAMETERS + +### -AcceptanceTransformRules +Specifies the set of claim rules to configure on the local claims provider trust. +These rules determine the information that is accepted from the partner represented by the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AcceptanceTransformRulesFile +Specifies the full path of a file that contains the set of claim rules to configure on the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AnchorClaimLdapAttribute +Specifies the LDAP attribute to which the user name that the user enters isl be matched to find the correct user account in the LDAP directory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AnchorClaimType +Specifies the claim type of the anchor claim in AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether the trust is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies the ID, as a URI, of the claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LdapAttributeToClaimMapping +Specifies a mapping of LDAP directory attributes to claim types. +Each mapping causes an AD FS claim with the corresponding claim type and LDAP attribute value to be available for AD FS processing rules. +To obtain a mapping, use the **New-AdfsLdapAttributeToClaimMapping** cmdlet. + +```yaml +Type: LdapAttributeToClaimMapping[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LdapAuthenticationMethod +Specifies the authentication method the local claims provider trust uses. +In Windows Server 2016, the only supported method is Basic (username/password). + +```yaml +Type: LdapAuthenticationMethod +Parameter Sets: (All) +Aliases: +Accepted values: Basic, Kerberos, Negotiate + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LdapServerConnection +Specifies an array of LDAP server connections that the claims provider trust uses. +To obtain an **LdapServerConnection** object, use the **New-AdfsLdapServerConnection** cmdlet. + +```yaml +Type: LdapServerConnection[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationalAccountSuffix +Specifies an array of organizational account suffixes that administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Type +Specifies the type of the claims provider trust. +The acceptable values for this parameter are: ActiveDirectory and LDAP. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserContainer +Specifies a user container. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserObjectClass +Specifies a user object class. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AdfsLocalClaimsProviderTrust](./Disable-AdfsLocalClaimsProviderTrust.md) + +[Enable-AdfsLocalClaimsProviderTrust](./Enable-AdfsLocalClaimsProviderTrust.md) + +[Get-AdfsLocalClaimsProviderTrust](./Get-AdfsLocalClaimsProviderTrust.md) + +[New-AdfsLdapAttributeToClaimMapping](./New-AdfsLdapAttributeToClaimMapping.md) + +[Remove-AdfsLocalClaimsProviderTrust](./Remove-AdfsLocalClaimsProviderTrust.md) + +[Set-AdfsLocalClaimsProviderTrust](./Set-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsNativeClientApplication.md b/docset/winserver2025-ps/adfs/Add-AdfsNativeClientApplication.md new file mode 100644 index 0000000000..cc5423cb18 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsNativeClientApplication.md @@ -0,0 +1,233 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsnativeclientapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsNativeClientApplication +--- + +# Add-AdfsNativeClientApplication + +## SYNOPSIS +Adds a native client application role to an application in AD FS. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Add-AdfsNativeClientApplication [-ApplicationGroupIdentifier] [-Name] [-Identifier] + [[-RedirectUri] ] [-Description ] [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### ApplicationGroupObject +``` +Add-AdfsNativeClientApplication [-ApplicationGroup] [-Name] [-Identifier] + [[-RedirectUri] ] [-Description ] [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-AdfsNativeClientApplication** cmdlet adds a native client application role to an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ApplicationGroup +Specifies an application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of an application group. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an identifier. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. +The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS. + +The redirection URI specified by the client must already be registered with AD FS. +It must correspond to the client identifier for that OAuth 2.0 client. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. +This includes trailing slashes '/', if they are required. +We recommended the use of more secure schemes such as https in a redirection URI. + +For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the `ms-app://` scheme for a redirection URI. +If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *ApplicationGroup* parameter. + +### System.String + +String objects are received by the *ApplicationGroupIdentifier*, *Description*, *Identifier*, *Name*, and *RedirectUri* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +Returns the new NativeClientApplication object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AdfsNativeClientApplication](./Get-AdfsNativeClientApplication.md) + +[Remove-AdfsNativeClientApplication](./Remove-AdfsNativeClientApplication.md) + +[Set-AdfsNativeClientApplication](./Set-AdfsNativeClientApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Add-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..ddbcf16344 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,298 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Add-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service. + +## SYNTAX + +``` +Add-AdfsNonClaimsAwareRelyingPartyTrust [-Name] [-Identifier] + [-AlwaysRequireAuthentication] [-Enabled ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-Notes ] [-PassThru] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-ClaimsProviderName ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet creates a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Add a non-claims-aware relying party trust for an application +``` +PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");" +``` + +This command adds a non-claims-aware relying party trust for the application named ExpenseReport and allows all authenticated users to access this application through the Web Application Proxy. + +### Example 2: Add a non-claims-aware relying party trust that restricts access to an application +``` +PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "c:[type=="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"]=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");" +``` + +This command adds a non-claims-aware relying party trust for the application named ExpenseReport and restricts access to this application, through the Web Application Proxy, to only users from their workplace-joined devices. + +## PARAMETERS + +### -AccessControlPolicyName +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies rules for additional authentication on the relying party. +For more information about the claims language for rules, see [Understanding Claim Rule Language in AD FS 2.0 & Higher](https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx) on TechNet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies the file that contains all the rules for additional authentication for the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates that access requires authentication, even if this relying party has previously authenticated credentials for access. +Specify this parameter to require users to always supply credentials to access sensitive resources. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimsProviderName +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether to enable this relying party trust. +Specify a value of $True for this parameter to allow authentication and authorization to the relying party. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique identifiers for the non-claims-aware relying party trust. +No other trust can use an identifier from this list. +As common practice, you can use Uniform Resource Identifiers (URIs) as unique identifiers for a relying party trust, or you can use any string. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the authorization rules for issuing claims to the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies the file that contains the authorization rules for issuing claims to the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet adds the Web Application Proxy relying party trust that has the display name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes for the relying party trust. +Use this parameter to store information such as owners and contacts when you manage a large number of applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AdfsNonClaimsAwareRelyingPartyTrust](./Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Enable-AdfsNonClaimsAwareRelyingPartyTrust](./Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Get-AdfsNonClaimsAwareRelyingPartyTrust](./Get-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Remove-AdfsNonClaimsAwareRelyingPartyTrust](./Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Set-AdfsNonClaimsAwareRelyingPartyTrust](./Set-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..c28db692d5 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrust.md @@ -0,0 +1,914 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsRelyingPartyTrust +--- + +# Add-AdfsRelyingPartyTrust + +## SYNOPSIS +Adds a new relying party trust to the Federation Service. + +## SYNTAX + +### AllProperties +``` +Add-AdfsRelyingPartyTrust -Name -Identifier [-EncryptClaims ] [-Enabled ] + [-EncryptionCertificate ] [-AutoUpdateEnabled ] [-WSFedEndpoint ] + [-AdditionalWSFedEndpoint ] [-ClaimAccepted ] [-SamlEndpoint ] + [-RequestSigningCertificate ] [-EncryptedNameIdRequired ] + [-SignedSamlRequestsRequired ] [-Notes ] [-SignatureAlgorithm ] + [-SigningCertificateRevocationCheck ] [-TokenLifetime ] [-AlwaysRequireAuthentication] + [-RequestMFAFromClaimsProviders] [-AllowedAuthenticationClassReferences ] + [-EncryptionCertificateRevocationCheck ] [-NotBeforeSkew ] [-ProtocolProfile ] + [-ClaimsProviderName ] [-EnableJWT ] [-SamlResponseSignature ] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-PassThru] [-MonitoringEnabled ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] + [] +``` + +### MetadataFile +``` +Add-AdfsRelyingPartyTrust -Name -MetadataFile [-EncryptClaims ] + [-Enabled ] [-AutoUpdateEnabled ] [-EncryptedNameIdRequired ] + [-SignedSamlRequestsRequired ] [-Notes ] [-SignatureAlgorithm ] + [-SigningCertificateRevocationCheck ] [-TokenLifetime ] [-AlwaysRequireAuthentication] + [-RequestMFAFromClaimsProviders] [-AllowedAuthenticationClassReferences ] + [-EncryptionCertificateRevocationCheck ] [-NotBeforeSkew ] [-ProtocolProfile ] + [-ClaimsProviderName ] [-EnableJWT ] [-SamlResponseSignature ] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-PassThru] [-MonitoringEnabled ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] + [] +``` + +### MetadataUrl +``` +Add-AdfsRelyingPartyTrust -Name -MetadataUrl [-EncryptClaims ] [-Enabled ] + [-AutoUpdateEnabled ] [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] + [-Notes ] [-SignatureAlgorithm ] [-SigningCertificateRevocationCheck ] + [-TokenLifetime ] [-AlwaysRequireAuthentication] [-RequestMFAFromClaimsProviders] + [-AllowedAuthenticationClassReferences ] [-EncryptionCertificateRevocationCheck ] + [-NotBeforeSkew ] [-ProtocolProfile ] [-ClaimsProviderName ] [-EnableJWT ] + [-SamlResponseSignature ] [-AllowedClientTypes ] + [-IssueOAuthRefreshTokensTo ] [-RefreshTokenProtectionEnabled ] + [-PassThru] [-MonitoringEnabled ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsRelyingPartyTrust** cmdlet adds a new relying party trust to the Federation Service. +You can specify a relying party trust manually, or you can provide a federation metadata document to bootstrap initial configuration. + +## EXAMPLES + +### Example 1: Add a relying party trust +``` +PS C:\> Add-ADFSRelyingPartyTrust -Name "Fabrikam" -MetadataURL "https://fabrikam.com/federationmetadata/2007-06/federationmetadata.xml" +``` + +This command adds a relying party trust named Fabrikam for federation. + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of an access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies the additional authorization rules to require additional authentication based on user, device and location attributes after the completion of the first step of authentication. +Note: These rules must only be configured after there is at least one authentication provider enabled for additional authentication. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains the additional authentication rules to require additional authentication when a user is attempting to access this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalWSFedEndpoint +Specifies an array of alternate return addresses for the application. +This is typically used when the application wants to indicate to AD FS what the return URL should be on successful token generation. +AD FS requires that all acceptable URLs are entered as trusted information by the administrator. + +```yaml +Type: String[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedAuthenticationClassReferences +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedClientTypes +Specifies allowed client types. +The acceptable values for this parameter are: + +- None +- Public +- Confidential + +```yaml +Type: AllowedClientTypes +Parameter Sets: (All) +Aliases: +Accepted values: None, Public, Confidential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates to always require authentication. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Indicates whether changes to the federation metadata by the *MetadataURL* parameter apply automatically to the configuration of the trust relationship. +If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically. + +Note: When auto-update is enabled, fields that can be overwritten by metadata become read only. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimAccepted +Specifies an array of claims that this relying party accepts. + +```yaml +Type: ClaimDescription[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ClaimsProviderName +Specifies an array of claims provider names. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRules +Specifies the delegation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRulesFile +Specifies a file that contains the delegation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether the relying party trust is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableJWT +Indicates whether the JSON Web Token (JWT) format should be used to issue a token on a WS-Federation request. +By default, SAML tokens are issued over WS-Federation. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptClaims +Indicates whether the claims that are sent to the relying party are encrypted. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptedNameIdRequired +Indicates whether the relying party requires that the **NameID** claim be encrypted. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificate +Specifies the certificate to be used for encrypting claims that are issued to this relying party. +Encrypting claims is optional. + +```yaml +Type: X509Certificate2 +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificateRevocationCheck +Specifies the type of validation that should occur for the encryption certificate it is used for encrypting claims to the relying party. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies the unique identifiers for this relying party trust. +No other trust can use an identifier from this list. +Uniform Resource Identifiers (URIs) are often used as unique identifiers for a relying party trust, but you can use any string of characters. + +```yaml +Type: String[] +Parameter Sets: AllProperties +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRules +Specifies the impersonation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRulesFile +Specifies the file that contains the impersonation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the issuance authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies the file that contains the issuance authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies the issuance transform rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies the file that contains the issuance transform rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssueOAuthRefreshTokensTo +Specifies the refresh token issuance device types. +The acceptable values for this parameter are: + +- NoDevice +- WorkplaceJoinedDevices +- AllDevices + +```yaml +Type: RefreshTokenIssuanceDeviceTypes +Parameter Sets: (All) +Aliases: +Accepted values: NoDevice, WorkplaceJoinedDevices, AllDevices + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataFile +Specifies a file path, such as c:\metadata.xml, that contains the federation metadata for this relying party trust. + +```yaml +Type: String +Parameter Sets: MetadataFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies a URL at which the federation metadata for this relying party trust is available. + +```yaml +Type: Uri +Parameter Sets: MetadataUrl +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether periodic monitoring of this relying party federation metadata is enabled. +The *MetadataUrl* parameter specifies the URL of the relying party federation metadata. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this relying party trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the skew, as in integer, for the time stamp that marks the beginning of the validity period. +The higher this number is, the further back in time the validity period begins with respect to the time that the claims are issued for the relying party. +By default, this value is 0. +Specify a positive value if validation fails on the relying party because the validity period has not yet begun. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes for this relying party trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtocolProfile +Specifies which protocol profiles the relying party supports. +The acceptable values for this parameter are: + +- SAML +- WsFederation +- WsFed-SAML + +The default value is WsFed-SAML. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: WsFed-SAML, WSFederation, SAML + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RefreshTokenProtectionEnabled +Indicates that refresh token protection is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestMFAFromClaimsProviders +Indicates whether to use the request MFA from claims providers option. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RequestSigningCertificate +Specifies an array of certificates to be used to verify the signature on a request from the relying party. + +```yaml +Type: X509Certificate2[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SamlEndpoint +Specifies an array of Security Assertion Markup Language (SAML) protocol endpoints for this relying party. + +```yaml +Type: SamlEndpoint[] +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SamlResponseSignature +Specifies the response signature or signatures that the relying party expects. +The acceptable values for this parameter are: + +- AssertionOnly +- MessageAndAssertion +- MessageOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: AssertionOnly, MessageAndAssertion, MessageOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignatureAlgorithm +Specifies the signature algorithm that the relying party uses for signing and verification. +The acceptable values for this parameter are: + +- https://www.w3.org/2000/09/xmldsig#rsa-sha1 +- https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: https://www.w3.org/2000/09/xmldsig#rsa-sha1, https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignedSamlRequestsRequired +Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. +If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateRevocationCheck +Specifies the type of certificate validation that occur when signatures on requests from the relying party are verified. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the duration, in minutes, for which the claims that are issued to the relying party are valid. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WSFedEndpoint +Specifies the WS-Federation Passive URL for this relying party. + +```yaml +Type: Uri +Parameter Sets: AllProperties +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AccessControlPolicyName*, *AdditionalAuthenticationRules*, *DelegationAuthorizationRules*, *ImpersonationAuthorizationRules*, *IssuanceAuthorizationRules*, and *IssuanceTransformRules* parameters. + +### System.Object + +Objects are received by the *AccessControlPolicyParameters* parameter. + +### System.Management.Automation.SwitchParameter + +SwitchParameter objects are received by the *AlwaysRequireAuthentication* and *RequestMFAFromClaimsProviders* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +ClaimDescription Objects are received by the *ClaimAccepted* parameter. + +### System.Security.Cryptography.X509Certificates.X509Certificate2 + +X509Certificate2 objects are received by the *RequestSigningCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.SamlEndpoint + +SamlEndpoint objects are received by the *SamlEndpoint* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the new RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately accessed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party accesses the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrustsGroup.md b/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrustsGroup.md new file mode 100644 index 0000000000..84930730d0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsRelyingPartyTrustsGroup.md @@ -0,0 +1,365 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsrelyingpartytrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsRelyingPartyTrustsGroup +--- + +# Add-AdfsRelyingPartyTrustsGroup + +## SYNOPSIS +Creates a relying party trusts group. + +## SYNTAX + +### MetadataFile +``` +Add-AdfsRelyingPartyTrustsGroup -MetadataFile [-Force] [-PassThru] [-MonitoringEnabled ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] + [] +``` + +### MetadataUrl +``` +Add-AdfsRelyingPartyTrustsGroup -MetadataUrl [-AutoUpdateEnabled ] [-Force] [-PassThru] + [-MonitoringEnabled ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsRelyingPartyTrustsGroup** cmdlet creates a relying party trusts group based on metadata that contains multiple entities. + +## EXAMPLES + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of an access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +Specifies the parameters of an access control policy. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies additional authentication rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains additional authentication rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Specifies whether automatic updates are enabled. + +```yaml +Type: Boolean +Parameter Sets: MetadataUrl +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRules +Specifies delegation authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRulesFile +Specifies a file that contains delegation authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRules +Specifies impersonation authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRulesFile +Specifies a file that contains impersonation authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies issuance authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies a file that contains issuance authorization rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies issuance transform rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies a file that contains issuance transform rules for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataFile +Specifies a file that contains federation metadata for the relying party trusts group. + +```yaml +Type: String +Parameter Sets: MetadataFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies the URL of federation metadata for the relying party trusts group. + +```yaml +Type: Uri +Parameter Sets: MetadataUrl +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether monitoring is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsRelyingPartyTrustsGroup](./Get-AdfsRelyingPartyTrustsGroup.md) + +[Remove-AdfsRelyingPartyTrustsGroup](./Remove-AdfsRelyingPartyTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsScopeDescription.md b/docset/winserver2025-ps/adfs/Add-AdfsScopeDescription.md new file mode 100644 index 0000000000..21c2c5a40e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsScopeDescription.md @@ -0,0 +1,131 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsscopedescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsScopeDescription +--- + +# Add-AdfsScopeDescription + +## SYNOPSIS +Adds a scope description in AD FS. + +## SYNTAX + +``` +Add-AdfsScopeDescription [-Name] [-Description ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-AdfsScopeDescription** cmdlet adds a scope description that represents the scope of access granted to resources and applications in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the scope description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *Description* and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthScopeDescription + +Returns the new OAuthScopeDescription object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AdfsScopeDescription](./Get-AdfsScopeDescription.md) + +[Remove-AdfsScopeDescription](./Remove-AdfsScopeDescription.md) + +[Set-AdfsScopeDescription](./Set-AdfsScopeDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsServerApplication.md b/docset/winserver2025-ps/adfs/Add-AdfsServerApplication.md new file mode 100644 index 0000000000..4d262dc27f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsServerApplication.md @@ -0,0 +1,327 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfsserverapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsServerApplication +--- + +# Add-AdfsServerApplication + +## SYNOPSIS +Adds a server application role to an application in AD FS. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Add-AdfsServerApplication [-ApplicationGroupIdentifier] [-Name] [-Identifier] + [[-RedirectUri] ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-JWKSUri ] [-LogoutUri ] [-JWKSFile ] [-GenerateClientSecret] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### ApplicationGroupObject +``` +Add-AdfsServerApplication [-ApplicationGroup] [-Name] [-Identifier] + [[-RedirectUri] ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-JWKSUri ] [-LogoutUri ] [-JWKSFile ] [-GenerateClientSecret] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsServerApplication** cmdlet adds a server application role to an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ADUserPrincipalName +Specifies the Active Directory account that corresponds to the confidential client that is registered. +The only client authentication method available for use with Active Directory accounts is Windows Integrated Authentication (WIA). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ApplicationGroup +Specifies an application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies an application group ID. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -GenerateClientSecret +Indicates that this cmdlet generates a secret value for the client. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -JWKSFile +Specifies a file that contains a JSON Web Token (JWT). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSUri +Specifies the URI of a JWT. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificate +Specifies an array of signing certificates for JWT. +This public certificate is used to validate signatures for JWTs issued by this client for authenticating itself against AD FS by using the private key JWT client authentication method. + +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificateRevocationCheck +Specifies revocation checks to perform to validate signatures for JWTs sent by confidential clients. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: RevocationSetting +Parameter Sets: (All) +Aliases: +Accepted values: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. +The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS. + +The redirection URI specified by the client must already be registered with AD FS. +It must correspond to the client identifier for that OAuth 2.0 client. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. +This includes trailing slashes '/', if they are required. +We recommended the use of more secure schemes such as https in a redirection URI. + +For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the `ms-app://` scheme for a redirection URI. +If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsServerApplication](./Get-AdfsServerApplication.md) + +[Remove-AdfsServerApplication](./Remove-AdfsServerApplication.md) + +[Set-AdfsServerApplication](./Set-AdfsServerApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsTrustedFederationPartner.md b/docset/winserver2025-ps/adfs/Add-AdfsTrustedFederationPartner.md new file mode 100644 index 0000000000..9cbc59fa8e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsTrustedFederationPartner.md @@ -0,0 +1,123 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfstrustedfederationpartner?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsTrustedFederationPartner +--- + +# Add-AdfsTrustedFederationPartner + +## SYNOPSIS +Adds configuration settings for trusted federation partners in AD FS. + +## SYNTAX + +``` +Add-AdfsTrustedFederationPartner [-Name] [-FederationPartnerHostName] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsTrustedFederationPartner** cmdlet adds a federation partner that is trusted by this instance of Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -FederationPartnerHostName +Specifies the URI of the federation partner. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the federation partner. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsTrustedFederationPartner](./Get-AdfsTrustedFederationPartner.md) + +[Remove-AdfsTrustedFederationPartner](./Remove-AdfsTrustedFederationPartner.md) + +[Set-AdfsTrustedFederationPartner](./Set-AdfsTrustedFederationPartner.md) + diff --git a/docset/winserver2025-ps/adfs/Add-AdfsWebApiApplication.md b/docset/winserver2025-ps/adfs/Add-AdfsWebApiApplication.md new file mode 100644 index 0000000000..13bbb5fb20 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsWebApiApplication.md @@ -0,0 +1,546 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfswebapiapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsWebApiApplication +--- + +# Add-AdfsWebApiApplication + +## SYNOPSIS +Adds a Web API application role to an application in AD FS. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Add-AdfsWebApiApplication [-ApplicationGroupIdentifier] -Name -Identifier + [-AllowedAuthenticationClassReferences ] [-ClaimsProviderName ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-NotBeforeSkew ] + [-Description ] [-TokenLifetime ] [-AlwaysRequireAuthentication] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-RequestMFAFromClaimsProviders] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### ApplicationGroupObject +``` +Add-AdfsWebApiApplication [-ApplicationGroup] -Name -Identifier + [-AllowedAuthenticationClassReferences ] [-ClaimsProviderName ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-NotBeforeSkew ] + [-Description ] [-TokenLifetime ] [-AlwaysRequireAuthentication] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-RequestMFAFromClaimsProviders] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-AdfsWebApiApplication** cmdlet adds a Web API application role to an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of an access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +Specifies the parameters of an access control policy. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies additional authentication rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains all the rules for additional authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedAuthenticationClassReferences +Specifies an array of allow authentication class references. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedClientTypes +Specifies allowed client types. +The acceptable values for this parameter are: + +- None +- Public +- Confidential + +```yaml +Type: AllowedClientTypes +Parameter Sets: (All) +Aliases: +Accepted values: None, Public, Confidential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates that this Web API application role always requires authentication, even if it previously authenticated credentials for access. +Specify this parameter to require users to always supply credentials to access sensitive resources. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationGroup +Specifies an application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of an application group. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -ClaimsProviderName +Specifies an array of claims provider names that you can configure for a relying party trust for Home Realm Discovery (HRD) scenario. + +If claims provider names are specified for a relying party, the home realm discovery page shows only those claims providers for this relying party. +If only one claims provider name is specified, home realm discovery page is not shown. +The user is redirected to this claims provider for authentication. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRules +Specifies delegation authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRulesFile +Specifies a file that contains all the rules for delegation authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of identifiers. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRules +Specifies the impersonation authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRulesFile +Specifies a file that contains all the rules for impersonation authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the issuance authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies a file that contains all the rules for issuance authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies the issuance transform rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies a file that contains all the rules for issuance transform for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssueOAuthRefreshTokensTo +Specifies the refresh token issuance device types. +The acceptable values for this parameter are: + +- NoDevice +- WorkplaceJoinedDevices +- AllDevices + +```yaml +Type: RefreshTokenIssuanceDeviceTypes +Parameter Sets: (All) +Aliases: +Accepted values: NoDevice, WorkplaceJoinedDevices, AllDevices + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the not before skew value. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RefreshTokenProtectionEnabled +Indicates whether refresh token protection is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestMFAFromClaimsProviders +Indicates that the request MFA from claims providers option is used. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the token lifetime. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AccessControlPolicyName*, *AdditionalAuthenticationRules*, *ApplicationGroupIdentifier*, *DelegationAuthorizationRules*, *ImpersonationAuthorizationRules*, *IssuanceAuthorizationRules*, and *IssuanceTransformRules* parameters. + +### System.Object + +Objects are received by the *AccessControlPolicyParameters* parameter. + +### System.Management.Automation.SwitchParameter + +SwitchParameter objects are received by the *AlwaysRequireAuthentication* and *RequestMFAFromClaimsProviders* parameters. + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *ApplicationGroup* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +Returns the new WebApiApplication object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AdfsWebApiApplication](./Get-AdfsWebApiApplication.md) + +[Remove-AdfsWebApiApplication](./Remove-AdfsWebApiApplication.md) + +[Set-AdfsWebApiApplication](./Set-AdfsWebApiApplication.md) diff --git a/docset/winserver2025-ps/adfs/Add-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Add-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..c17b03a8bc --- /dev/null +++ b/docset/winserver2025-ps/adfs/Add-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,290 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/add-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Add-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Adds a relying party trust for the Web Application Proxy. + +## SYNTAX + +``` +Add-AdfsWebApplicationProxyRelyingPartyTrust [-Name] [-Identifier] + [-AlwaysRequireAuthentication] [-Enabled ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-NotBeforeSkew ] [-Notes ] [-PassThru] + [-TokenLifetime ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet adds a relying party trust for Web Application Proxy. +Authentication and authorization policies for access to internal web applications through the proxy require Web Application Proxy relying party trust. +By default, when you deploy Web Application Proxy, a relying party trust exists. + +The Web Application Proxy relying party trust is useful to manage global network access from outside the corporate network. +By setting authentication and authorization policies, an administrator can restrict access to internal web applications and services that are published through the Web Application Proxy. + +## EXAMPLES + +### Example 1: Add a relying party trust +``` +PS C:\> Add-AdfsWebApplicationProxyRelyingPartyTrust +``` + +This command adds the Web Application Proxy relying party trust. +When you first deploy the Web Application Proxy role service, the trust exists by default. +Use this example only if you deleted the Web Application Proxy relying party trust. + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of the access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +Specifies the parameters of the access control policy. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies rules for additional authentication on the proxy. +For more information about the claims language for rules, see [Understanding Claim Rule Language in AD FS 2.0 & Higher](https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx) on TechNet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains rules for additional authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates that the proxy requires authentication for access, even if the proxy has previously authenticated credentials for access. +Specify this parameter to require users to always supply credentials to access sensitive resources. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enabled +Indicates whether to enable this relying party trust. +Specify a value of $True for this parameter to allow authentication and authorization to the proxy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique identifiers. +The proxy uses the identifiers that you specify to specify its corresponding relying party trust when it initiates sign-in requests to obtain tokens for itself. +No other trust can use an identifier from this list. +As common practice, you can use Uniform Resource Identifiers (URIs) as unique identifiers for a relying party trust, or use any string. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet adds the Web Application Proxy relying party trust that has the friendly name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the skew, as an integer, for the time stamp that marks the beginning of the validity period. +The higher this number is, the further back in time the validity period begins with respect to the time that the claims are issued for the relying party. +By default, this value is 0. +Specify a positive value if validation fails on the Web Application Proxy relying party because the validity period has not yet begun. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes. +The cmdlet stores the notes that you specify for the Web Application Proxy relying party trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the duration, in minutes, for which the claims that are issued to the relying party are valid. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AdfsWebApplicationProxyRelyingPartyTrust](./Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Enable-AdfsWebApplicationProxyRelyingPartyTrust](./Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Get-AdfsWebApplicationProxyRelyingPartyTrust](./Get-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Remove-AdfsWebApplicationProxyRelyingPartyTrust](./Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Set-AdfsWebApplicationProxyRelyingPartyTrust](./Set-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/Disable-AdfsApplicationGroup.md new file mode 100644 index 0000000000..5b301d4194 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsApplicationGroup.md @@ -0,0 +1,166 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsApplicationGroup +--- + +# Disable-AdfsApplicationGroup + +## SYNOPSIS +Disables an application group. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Disable-AdfsApplicationGroup [-TargetApplicationGroupIdentifier] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Disable-AdfsApplicationGroup [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationGroupObject +``` +Disable-AdfsApplicationGroup [-TargetApplicationGroup] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Disable-AdfsApplicationGroup** cmdlet disables an application group in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplicationGroup +Specifies an application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetApplicationGroupIdentifier +Specifies the ID of the application group. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of an application group. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *TargetApplicationGroup* parameter. + +### System.String + +String objects are received by the *TargetApplicationGroupIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns the disabled ApplicationGroup object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Enable-AdfsApplicationGroup](./Enable-AdfsApplicationGroup.md) + +[Get-AdfsApplicationGroup](./Get-AdfsApplicationGroup.md) + +[New-AdfsApplicationGroup](./New-AdfsApplicationGroup.md) + +[Remove-AdfsApplicationGroup](./Remove-AdfsApplicationGroup.md) + +[Set-AdfsApplicationGroup](./Set-AdfsApplicationGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsCertificateAuthority.md b/docset/winserver2025-ps/adfs/Disable-AdfsCertificateAuthority.md new file mode 100644 index 0000000000..6d158d76e5 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsCertificateAuthority.md @@ -0,0 +1,94 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfscertificateauthority?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsCertificateAuthority +--- + +# Disable-AdfsCertificateAuthority + +## SYNOPSIS +Disables a certificate authority. + +## SYNTAX + +``` +Disable-AdfsCertificateAuthority [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsCertificateAuthority** cmdlet disables a certificate authority in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsCertificateAuthority + +Returns the disabled AdfsCertificatAuthority object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AdfsCertificateAuthority](./Get-AdfsCertificateAuthority.md) + +[Set-AdfsCertificateAuthority](./Set-AdfsCertificateAuthority.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Disable-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..712b1fbd00 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsClaimsProviderTrust.md @@ -0,0 +1,203 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsClaimsProviderTrust +--- + +# Disable-AdfsClaimsProviderTrust + +## SYNOPSIS +Disables a claims provider trust in the Federation Service. + +## SYNTAX + +### IdentifierObject +``` +Disable-AdfsClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### TokenSigningCertificates +``` +Disable-AdfsClaimsProviderTrust -TargetCertificate [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Disable-AdfsClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Disable-AdfsClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsClaimsProviderTrust** cmdlet disables a claims provider trust in the Federation Service. +When disabled all tokens issued by this claims provider are not accepted by the AD FS service. + +## EXAMPLES + +### Example 1: Disable a claims provider trust +``` +PS C:\> Disable-AdfsClaimsProviderTrust -TargetName "Fabrikam claims provider" +``` + +This command disables the claims provider trust named Fabrikam claims provider. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the token-signing certificate of the claims provider trust to disable. + +```yaml +Type: X509Certificate2 +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies a **ClaimsProviderTrust** object. +The cmdlet enables the claims provider trust that you specify. +To obtain a **ClaimsProviderTrust** object, use the **Get-AdfsClaimsProviderTrust** cmdlet. + +```yaml +Type: ClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the claims provider trust to disable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the claims provider trust to disable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TargetCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +ClaimsProviderTrust objects are received by the *TargetClaimsProviderTrust* parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the disabled ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsClient.md b/docset/winserver2025-ps/adfs/Disable-AdfsClient.md new file mode 100644 index 0000000000..7f46b0d760 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsClient.md @@ -0,0 +1,172 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsClient +--- + +# Disable-AdfsClient + +## SYNOPSIS +Disables an OAuth 2.0 client that is currently registered with AD FS. + +## SYNTAX + +### Name (Default) +``` +Disable-AdfsClient [[-TargetName] ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ClientId +``` +Disable-AdfsClient [-TargetClientId] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Disable-AdfsClient [-TargetClient] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsClient** cmdlet disables an OAuth 2.0 client that is currently registered with Active Directory Federation Services (AD FS). +After you disable the client, AD FS no longer authorizes requests to access resources from that OAuth 2.0 client. + +## EXAMPLES + +### Example 1: Disable an OAuth 2.0 client +``` +PS C:\> Disable-AdfsClient -TargetName "Payroll Application" +``` + +This command disables the OAuth 2.0 client that is currently registered with AD FS. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClient +Specifies the registered OAuth 2.0 client to disable. + +```yaml +Type: AdfsClient +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClientId +Specifies the client identifier of the registered OAuth 2.0 client to disable. + +```yaml +Type: String +Parameter Sets: ClientId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the registered OAuth 2.0 client to disable. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +AdfsClient objects are received by the *TargetClient* parameter. + +### System.String + +String objects are received by the *TargetClientId* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns the disabled AdfsClient object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClient](./Add-AdfsClient.md) + +[Enable-AdfsClient](./Enable-AdfsClient.md) + +[Get-AdfsClient](./Get-AdfsClient.md) + +[Remove-AdfsClient](./Remove-AdfsClient.md) + +[Set-AdfsClient](./Set-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsDeviceRegistration.md b/docset/winserver2025-ps/adfs/Disable-AdfsDeviceRegistration.md new file mode 100644 index 0000000000..ad78e8c94d --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsDeviceRegistration.md @@ -0,0 +1,84 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsdeviceregistration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsDeviceRegistration +--- + +# Disable-AdfsDeviceRegistration + +## SYNOPSIS +Marks the Device Registration Service as disabled on an AD FS server. + +## SYNTAX + +``` +Disable-AdfsDeviceRegistration [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsDeviceRegistration** cmdlet marks the Device Registration Service as disabled on an Active Directory Federation Services (AD FS) server. +To completely disable the Device Registration Service, you must run this command on each AD FS server in your AD FS farm. + +## EXAMPLES + +### Example 1: Disable Windows Server Device Registration Service +``` +PS C:\> Disable-AdfsDeviceRegistration +``` + +This command marks the Device Registration Service as disabled on the Active Directory Federation Services (AD FS) server. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Enable-AdfsDeviceRegistration](./Enable-AdfsDeviceRegistration.md) + +[Get-AdfsDeviceRegistration](./Get-AdfsDeviceRegistration.md) + +[Set-AdfsDeviceRegistration](./Set-AdfsDeviceRegistration.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsEndpoint.md b/docset/winserver2025-ps/adfs/Disable-AdfsEndpoint.md new file mode 100644 index 0000000000..4fd77ce833 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsEndpoint.md @@ -0,0 +1,164 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsendpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsEndpoint +--- + +# Disable-AdfsEndpoint + +## SYNOPSIS +Disables an endpoint of AD FS. + +## SYNTAX + +### Address +``` +Disable-AdfsEndpoint [[-TargetAddressPath] ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### TargetObject +``` +Disable-AdfsEndpoint [-TargetEndpoint] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### FullUrl +``` +Disable-AdfsEndpoint [-TargetFullUrl] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsEndpoint** cmdlet disables an endpoint of Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Disable an endpoint +``` +PS C:\> Disable-AdfsEndpoint -TargetAddressPath "/adfs/services/trust/13/Windows" +``` + +This command disables the WS-Trust 1.3 endpoint on the current federation server. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAddressPath +Specifies the address path of the endpoint. +The cmdlet disables the endpoint that you specify. +An example of such a path is /adfs/portal/updatepassword. + +```yaml +Type: String +Parameter Sets: Address +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetEndpoint +Specifies the endpoint to disable. +This value is typically taken from the pipeline. + +```yaml +Type: Endpoint +Parameter Sets: TargetObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetFullUrl +Specifies the full URL of the endpoint to disable. + +```yaml +Type: Uri +Parameter Sets: FullUrl +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.Endpoint +A class that represents an endpoint for the Federation Service. + +## OUTPUTS + +### None + +## NOTES +* Endpoints provide access to the federation server functionality of AD FS, such as token issuance and the publishing of federation metadata. Depending on the type of endpoint, you can enable or disable the endpoint or control whether the endpoint is published to Web Application Proxy. + +## RELATED LINKS + +[Enable-AdfsEndpoint](./Enable-AdfsEndpoint.md) + +[Get-AdfsEndpoint](./Get-AdfsEndpoint.md) + +[Set-AdfsEndpoint](./Set-AdfsEndpoint.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Disable-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..b8532b689b --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,162 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsLocalClaimsProviderTrust +--- + +# Disable-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Disables a local claims provider trust. + +## SYNTAX + +### IdentifierObject +``` +Disable-AdfsLocalClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Disable-AdfsLocalClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Disable-AdfsLocalClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsLocalClaimsProviderTrust** cmdlet disables a local claims provider trust. + +## EXAMPLES + +### Example 1: Disable a local claims provider trust +``` +PS C:\> Disable-AdfsLocalClaimsProviderTrust -TargetName "testldap" +``` + +This command disables a local claims provider trust named testldap. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies the local claims provider trust to disable. +To obtain a **LocalClaimsProviderTrust** object, use the **Get-AdfsLocalClaimsProviderTrust** cmdlet. + +```yaml +Type: LocalClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the local claims provider trust to disable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the local claims provider trust to disable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + +[Enable-AdfsLocalClaimsProviderTrust](./Enable-AdfsLocalClaimsProviderTrust.md) + +[Get-AdfsLocalClaimsProviderTrust](./Get-AdfsLocalClaimsProviderTrust.md) + +[Remove-AdfsLocalClaimsProviderTrust](./Remove-AdfsLocalClaimsProviderTrust.md) + +[Set-AdfsLocalClaimsProviderTrust](./Set-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Disable-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..d5908dac96 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,179 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Disable-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Disables a relying party trust for a non-claims-aware web application or service from the Federation Service. + +## SYNTAX + +### IdentifierName (Default) +``` +Disable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] [-TargetName] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Disable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] -TargetIdentifier [-WhatIf] [-Confirm] + [] +``` + +### IdentifierObject +``` +Disable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] + -TargetNonClaimsAwareRelyingPartyTrust [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Disable-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet disables a relying party trust for a non-claims-aware web application or service from the Federation Service. +When you disable a relying party trust, no authentication is allowed. +Non-claims-aware relying party trusts for applications that are published through the Web Application Proxy that are disabled prevent clients from reaching the application. + +A non-claims aware relying party trust is a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Disable a relying party trust by using a name +``` +PS C:\> Disable-AdfsNonClaimsAwareRelyingPartyTrust -TargetName "ExpenseReport" +45495 +``` + +This command disables the expense report relying party trust named ExpenseReport. + +### Example 2: Disable a report relying party trust by using an identifier +``` +PS C:\> Disable-AdfsNonClaimsAwareRelyingPartyTrust -TargetIdentifier "https://Contosoexpense/" +``` + +This command disables the expense report relying party trust that has the identifier https://Contosoexpense. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the non-claims-aware relying party trust to disable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the non-claims-aware relying party trust to disable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetNonClaimsAwareRelyingPartyTrust +Specifies a **NonClaimsAwareRelyingPartyTrust** object. +The cmdlet disables the non-claims-aware relying party trust that you specify. +To obtain a **NonClaimsAwareRelyingPartyTrust**, use the **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet. + +```yaml +Type: NonClaimsAwareRelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsNonClaimsAwareRelyingPartyTrust](./Add-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Enable-AdfsNonClaimsAwareRelyingPartyTrust](./Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Get-AdfsNonClaimsAwareRelyingPartyTrust](./Get-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Remove-AdfsNonClaimsAwareRelyingPartyTrust](./Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Set-AdfsNonClaimsAwareRelyingPartyTrust](./Set-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Disable-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..e1a7bfa9cc --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsRelyingPartyTrust.md @@ -0,0 +1,167 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsRelyingPartyTrust +--- + +# Disable-AdfsRelyingPartyTrust + +## SYNOPSIS +Disables a relying party trust of the Federation Service. + +## SYNTAX + +### Identifier +``` +Disable-AdfsRelyingPartyTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Disable-AdfsRelyingPartyTrust -TargetRelyingParty [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Disable-AdfsRelyingPartyTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsRelyingPartyTrust** cmdlet disables a relying party trust of the Federation Service. +When disabled, AD FS does not issue tokens when users attempt to access this relying party. + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the relying party trust to disable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the relying party trust to disable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingParty +Specifies the relying party trust to disable. +This value is typically taken from the pipeline. + +```yaml +Type: RelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +RelyingPartytrust objects are received by the *TargetRelyingParty* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the disabled RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Disable-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Disable-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..d42df1e440 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Disable-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,108 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/disable-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Disable-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Disables the relying party trust for the Web Application Proxy. + +## SYNTAX + +``` +Disable-AdfsWebApplicationProxyRelyingPartyTrust [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet disables the relying party trust object for the Web Application Proxy. +Use this cmdlet to temporarily deny all access to web applications through the proxy. +Use the **Enable-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet to resume access. + +The Web Application Proxy relying party trust is useful to manage global network access from outside the corporate network. +By setting authentication and authorization policies, an administrator can restrict access to internal web applications and services that are published through the Web Application Proxy. + +## EXAMPLES + +### Example 1: Disable access through the proxy +``` +PS C:\> Disable-AdfsWebApplicationProxyRelyingPartyTrust +``` + +This command disables the relying party trust for the proxy, which disables external access to web applications through the proxy. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApplicationProxyRelyingPartyTrust](./Add-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Enable-AdfsWebApplicationProxyRelyingPartyTrust](./Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Get-AdfsWebApplicationProxyRelyingPartyTrust](./Get-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Remove-AdfsWebApplicationProxyRelyingPartyTrust](./Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Set-AdfsWebApplicationProxyRelyingPartyTrust](./Set-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/Enable-AdfsApplicationGroup.md new file mode 100644 index 0000000000..041e706a8e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsApplicationGroup.md @@ -0,0 +1,166 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsApplicationGroup +--- + +# Enable-AdfsApplicationGroup + +## SYNOPSIS +Enables an application group in AD FS. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Enable-AdfsApplicationGroup [-TargetApplicationGroupIdentifier] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Enable-AdfsApplicationGroup [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationGroupObject +``` +Enable-AdfsApplicationGroup [-TargetApplicationGroup] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Enable-AdfsApplicationGroup** cmdlet enables an application group in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplicationGroup +Specifies the target application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetApplicationGroupIdentifier +Specifies the target application group identifier. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the target name. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *TargetApplicationGroup* parameter. + +### System.String + +String objects are received by the *TargetApplicationGroupIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns the disabled ApplicationGroup object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsApplicationGroup](./Disable-AdfsApplicationGroup.md) + +[Get-AdfsApplicationGroup](./Get-AdfsApplicationGroup.md) + +[New-AdfsApplicationGroup](./New-AdfsApplicationGroup.md) + +[Remove-AdfsApplicationGroup](./Remove-AdfsApplicationGroup.md) + +[Set-AdfsApplicationGroup](./Set-AdfsApplicationGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Enable-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..17a92f5629 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsClaimsProviderTrust.md @@ -0,0 +1,202 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsClaimsProviderTrust +--- + +# Enable-AdfsClaimsProviderTrust + +## SYNOPSIS +Enables a claims provider trust in the Federation Service. + +## SYNTAX + +### IdentifierObject +``` +Enable-AdfsClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### TokenSigningCertificates +``` +Enable-AdfsClaimsProviderTrust -TargetCertificate [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Enable-AdfsClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierName +``` +Enable-AdfsClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsClaimsProviderTrust** cmdlet enables a claims provider trust in the Federation Service. + +## EXAMPLES + +### Example 1: Enable a claims provider trust +``` +PS C:\> Enable-AdfsClaimsProviderTrust -TargetName "Fabrikam claims provider" +``` + +This command enables a claims provider trust with the name Fabrikam claims provider. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the token-signing certificate of the claims provider trust to enable. + +```yaml +Type: X509Certificate2 +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies a **ClaimsProviderTrust** object. +The cmdlet enables the claims provider trust that you specify. +To obtain a **ClaimsProviderTrust** object, use the **Get-AdfsClaimsProviderTrust** cmdlet. + +```yaml +Type: ClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the claims provider trust to enable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the claims provider trust to enable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TargetCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +ClaimsProviderTrust objects are received by the *TargetClaimsProviderTrust* parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the disabled ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which web servers that host one or more web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately accessed by the web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party accesses the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsClient.md b/docset/winserver2025-ps/adfs/Enable-AdfsClient.md new file mode 100644 index 0000000000..f7e5770e63 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsClient.md @@ -0,0 +1,173 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsClient +--- + +# Enable-AdfsClient + +## SYNOPSIS +Enables the use of an OAuth 2.0 client registration by AD FS. + +## SYNTAX + +### Name (Default) +``` +Enable-AdfsClient [[-TargetName] ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ClientId +``` +Enable-AdfsClient [-TargetClientId] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Enable-AdfsClient [-TargetClient] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsClient** cmdlet enables the use of an OAuth 2.0 client registration by Active Directory Federation Services (AD FS). +Use this cmdlet to enable a registered OAuth 2.0 client that is currently disabled. +If AD FS receives a request for authorization from an OAuth 2.0 client that is registered with AD FS but not enabled, it will deny access to the resource. + +## EXAMPLES + +### Example 1: Enable an OAuth 2.0 client +``` +PS C:\> Enable-AdfsClient -TargetName "Payroll Application" +``` + +This command enables the registered OAuth 2.0 client identified by the name Payroll Application. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClient +Specifies the registered OAuth 2.0 client to enable. + +```yaml +Type: AdfsClient +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClientId +Specifies the client identifier for the registered OAuth 2.0 client to enable. + +```yaml +Type: String +Parameter Sets: ClientId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the registered OAuth 2.0 client to enable. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +AdfsClient objects are received by the *TargetClient* parameter. + +### System.String + +String objects are received by the *TargetClientId* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns the enabled AdfsClient object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClient](./Add-AdfsClient.md) + +[Disable-AdfsClient](./Disable-AdfsClient.md) + +[Get-AdfsClient](./Get-AdfsClient.md) + +[Remove-AdfsClient](./Remove-AdfsClient.md) + +[Set-AdfsClient](./Set-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsDeviceRegistration.md b/docset/winserver2025-ps/adfs/Enable-AdfsDeviceRegistration.md new file mode 100644 index 0000000000..eb1abbf686 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsDeviceRegistration.md @@ -0,0 +1,123 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsdeviceregistration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsDeviceRegistration +--- + +# Enable-AdfsDeviceRegistration + +## SYNOPSIS +This cmdlet has been deprecated. + +## SYNTAX + +``` +Enable-AdfsDeviceRegistration [-Credential ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +This cmdlet has been deprecated for AD FS 2016. +For more information, see [Configure On-Premises Conditional Access using registered devices](/windows-server/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises). + +The **Enable-AdfsDeviceRegistration** cmdlet configures a server in an Active Directory Federation Services (AD FS) farm to host the Device Registration Service. +To completely enable the Device Registration Service, you must run this command on each AD FS server in your AD FS farm. +You must run the **Initialize-ADDeviceRegistration** cmdlet before you run this cmdlet. + +## EXAMPLES + +### Example 1: Enable the device registration service +``` +PS C:\> Enable-AdfsDeviceRegistration +Message Context Status +------- ------- ------ +The configuration completed successfully. DeploymentSucceeded Success +``` + +This command enables the Device Registration Service on the AD FS server. +Note that you must perform this action on every AD FS server in the farm. + +## PARAMETERS + +### -Credential +Specifies a **PSCredential** object. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AdfsDeviceRegistration](./Disable-AdfsDeviceRegistration.md) + +[Get-AdfsDeviceRegistration](./Get-AdfsDeviceRegistration.md) + +[Initialize-ADDeviceRegistration](./Initialize-ADDeviceRegistration.md) + +[Set-AdfsDeviceRegistration](./Set-AdfsDeviceRegistration.md) diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsEndpoint.md b/docset/winserver2025-ps/adfs/Enable-AdfsEndpoint.md new file mode 100644 index 0000000000..1e0e0e3935 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsEndpoint.md @@ -0,0 +1,163 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsendpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsEndpoint +--- + +# Enable-AdfsEndpoint + +## SYNOPSIS +Enables an endpoint in AD FS. + +## SYNTAX + +### Address +``` +Enable-AdfsEndpoint [[-TargetAddressPath] ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### TargetObject +``` +Enable-AdfsEndpoint [-TargetEndpoint] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### FullUrl +``` +Enable-AdfsEndpoint [-TargetFullUrl] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsEndpoint** cmdlet enables an endpoint in Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Enable an endpoint +``` +PS C:\> Enable-AdfsEndpoint -TargetAddress "/adfs/services/trust/13/Windows" +``` + +This command enables the WS-Trust 1.3 endpoint for AD FS. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAddressPath +Specifies the address path of the endpoint. +The cmdlet enables the endpoint that you specify. + +```yaml +Type: String +Parameter Sets: Address +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetEndpoint +Specifies the endpoint to enable. +This value is typically taken from the pipeline. + +```yaml +Type: Endpoint +Parameter Sets: TargetObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetFullUrl +Specifies the full URL of the endpoint to enable. + +```yaml +Type: Uri +Parameter Sets: FullUrl +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.Endpoint +A class structure that represents the endpoints for the Federation Service. + +## OUTPUTS + +### None + +## NOTES +* Endpoints provide access to the federation server functionality of AD FS, such as token issuance and the publishing of federation metadata. Depending on the type of endpoint, you can enable or disable the endpoint or control whether the endpoint is published to Web Application Proxy. + +## RELATED LINKS + +[Disable-AdfsEndpoint](./Disable-AdfsEndpoint.md) + +[Get-AdfsEndpoint](./Get-AdfsEndpoint.md) + +[Set-AdfsEndpoint](./Set-AdfsEndpoint.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Enable-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..09b5c20731 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,162 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsLocalClaimsProviderTrust +--- + +# Enable-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Enables a local claims provider trust. + +## SYNTAX + +### IdentifierObject +``` +Enable-AdfsLocalClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### Identifier +``` +Enable-AdfsLocalClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Enable-AdfsLocalClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsLocalClaimsProviderTrust** cmdlet enables a local claims provider trust. + +## EXAMPLES + +### Example 1: Enable a local claims provider trust +``` +PS C:\> Enable-AdfsLocalClaimsProviderTrust -TargetName "testldap" +``` + +This command enables a local claims provider trust named testldap. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies the local claims provider trust to enable. +To obtain a **LocalClaimsProviderTrust** object, use the **Get-AdfsLocalClaimsProviderTrust** cmdlet. + +```yaml +Type: LocalClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the local claims provider trust to enable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the local claims provider trust to enable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + +[Disable-AdfsLocalClaimsProviderTrust](./Disable-AdfsLocalClaimsProviderTrust.md) + +[Get-AdfsLocalClaimsProviderTrust](./Get-AdfsLocalClaimsProviderTrust.md) + +[Remove-AdfsLocalClaimsProviderTrust](./Remove-AdfsLocalClaimsProviderTrust.md) + +[Set-AdfsLocalClaimsProviderTrust](./Set-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Enable-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..a7bf231d8e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,178 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Enable-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Enables a relying party trust for a non-claims-aware web application or service from the Federation Service. + +## SYNTAX + +### IdentifierName (Default) +``` +Enable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] [-TargetName] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Enable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] -TargetIdentifier [-WhatIf] [-Confirm] + [] +``` + +### IdentifierObject +``` +Enable-AdfsNonClaimsAwareRelyingPartyTrust [-PassThru] + -TargetNonClaimsAwareRelyingPartyTrust [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Enable-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet enables a relying party trust for a non-claims-aware web application or service from the Federation Service. +When you disable a relying party trust, no authentication is allowed. +Non-claims-aware relying party trusts for applications that are published through the Web Application Proxy must be enabled to allow clients outside the network to reach the application through the proxy. + +A non-claims aware relying party trust is a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Enable a non-claims-aware relying party trust by using a name +``` +PS C:\> Enable-AdfsNonClaimsAwareRelyingPartyTrust -TargetName "ExpenseReport" +``` + +This command enables the non-claims-aware relying party trust for the application named ExpenseReport. + +### Example 2: Enable a non-claims-aware relying party trust by using an identifier +``` +PS C:\> Enable-AdfsNonClaimsAwareRelyingPartyTrust -TargetIdentifier "https://Contosoexpense/" +``` + +This command enables the non-claims-aware relying party trust for the expense report application that has the identifier https://Contosoexpense. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the non-claims-aware relying party trust to enable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the non-claims-aware relying party trust to enable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetNonClaimsAwareRelyingPartyTrust +Specifies a **NonClaimsAwareRelyingPartyTrust** object. +The cmdlet enables the non-claims-aware relying party trust that you specify. +To obtain a **NonClaimsAwareRelyingPartyTrust**, use the **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet. + +```yaml +Type: NonClaimsAwareRelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsNonClaimsAwareRelyingPartyTrust](./Add-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Disable-AdfsNonClaimsAwareRelyingPartyTrust](./Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Get-AdfsNonClaimsAwareRelyingPartyTrust](./Get-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Remove-AdfsNonClaimsAwareRelyingPartyTrust](./Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Set-AdfsNonClaimsAwareRelyingPartyTrust](./Set-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Enable-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..9c8707d3e3 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsRelyingPartyTrust.md @@ -0,0 +1,177 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsRelyingPartyTrust +--- + +# Enable-AdfsRelyingPartyTrust + +## SYNOPSIS +Enables a relying party trust of the Federation Service. + +## SYNTAX + +### Identifier +``` +Enable-AdfsRelyingPartyTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Enable-AdfsRelyingPartyTrust -TargetRelyingParty [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Enable-AdfsRelyingPartyTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsRelyingPartyTrust** cmdlet enables a relying party trust of the Federation Service. + +## EXAMPLES + +### Example 1: Enable a relying party trust +``` +PS C:\> Enable-ADFSRelyingPartyTrust -TargetName "Fabrikam01" +``` + +This command enables the relying party trust named Fabrikam01. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the relying party trust to enable. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the relying party trust to enable. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingParty +Specifies a **RelyingPartyTrust** object. +The cmdlet disables the relying party trust that you specify. +To obtain a **RelyingPartyTrust** object, use the **Get-AdfsRelyingPartyTrust** cmdlet. + +```yaml +Type: RelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +RelyingPartytrust objects are received by the *TargetRelyingParty* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the enabled RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately accessed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party accesses the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Enable-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Enable-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..a59f68406e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Enable-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,107 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/enable-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Enable-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Enables the relying party trust object for the Web Application Proxy. + +## SYNTAX + +``` +Enable-AdfsWebApplicationProxyRelyingPartyTrust [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet enables the relying party trust object for the web application proxy. +Use this cmdlet if you have temporarily disabled all external access by using the **Disable-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet. + +The Web Application Proxy relying party trust is useful to manage global network access from outside the corporate network. +By setting authentication and authorization policies, an administrator can restrict access to internal web applications and services that have been published through the Web Application Proxy. + +## EXAMPLES + +### Example 1: Enable relying party trust for the web application proxy +``` +PS C:\> Enable-AdfsWebApplicationProxyRelyingPartyTrust +``` + +This command enables the relying party trust object for the web application proxy. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApplicationProxyRelyingPartyTrust](./Add-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Disable-AdfsWebApplicationProxyRelyingPartyTrust](./Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Get-AdfsWebApplicationProxyRelyingPartyTrust](./Get-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Remove-AdfsWebApplicationProxyRelyingPartyTrust](./Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Set-AdfsWebApplicationProxyRelyingPartyTrust](./Set-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Export-AdfsAuthenticationProviderConfigurationData.md b/docset/winserver2025-ps/adfs/Export-AdfsAuthenticationProviderConfigurationData.md new file mode 100644 index 0000000000..de4349847c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Export-AdfsAuthenticationProviderConfigurationData.md @@ -0,0 +1,121 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/export-adfsauthenticationproviderconfigurationdata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-AdfsAuthenticationProviderConfigurationData +--- + +# Export-AdfsAuthenticationProviderConfigurationData + +## SYNOPSIS +Returns a file containing the tenant ID for which the AD FS farm is configured for Azure MFA, as well as the well-known client ID for Azure MFA. + +## SYNTAX + +``` +Export-AdfsAuthenticationProviderConfigurationData -Name -FilePath [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Export-AdfsAuthenticationProviderConfigurationData** cmdlet returns a file containing the tenant ID for which the Active Directory Federation Services (AD FS) farm is configured for Azure MFA, as well as the well-known client ID for Azure MFA. + +Before you use this cmdlet, verify that the external authentication provider supports a custom configuration. + +## EXAMPLES + +### Example 1: Export configuration data +``` +PS C:\> Export-AdfsAuthenticationProviderConfigurationData -Name "ContosoExternalAuthProvider" -FilePath "C:\share\test.txt" +``` + +This command exports configuration data for the authentication provider named ContosoExternalAuthProvider to the file C:\share\test.txt. + +### Example 2: Determine which certificate Azure MFA is using +``` +PS C:\> New-AdfsAzureMfaTenantCertificate -TenantID - FilePath amfacert.cer +``` + +This command determines which certificate Azure MFA is using, after AD FS is configured for Azure MFA. + +## PARAMETERS + +### -FilePath +Specifies the path and filename of the text file to which the configuration will be output. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the authentication provider to export, for example, AzureMfaAuthentication. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Import-AdfsAuthenticationProviderConfigurationData](./Import-AdfsAuthenticationProviderConfigurationData.md) + diff --git a/docset/winserver2025-ps/adfs/Export-AdfsDeploymentSQLScript.md b/docset/winserver2025-ps/adfs/Export-AdfsDeploymentSQLScript.md new file mode 100644 index 0000000000..296512c9e2 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Export-AdfsDeploymentSQLScript.md @@ -0,0 +1,109 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/export-adfsdeploymentsqlscript?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-AdfsDeploymentSQLScript +--- + +# Export-AdfsDeploymentSQLScript + +## SYNOPSIS +Generates SQL scripts to create the AD FS database and to grant permissions. + +## SYNTAX + +``` +Export-AdfsDeploymentSQLScript -DestinationFolder -ServiceAccountName [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Export-AdfsDeploymentSQLScript** cmdlet generates the SQL scripts that you can use separately to create the Active Directory Federation Services (AD FS) database and to grant permissions. + +## EXAMPLES + +### Example 1: Export SQL deployment scripts +``` +PS C:\> Export-AdfsDeploymentSQLScript -DestinationFolder ".\ScriptFolder" -ServiceAccountName "ContosoDomain\PattiFuller" +``` + +This command exports SQL deployment scripts for AD FS installation on behalf of the specified AD FS service account. + +## PARAMETERS + +### -DestinationFolder +Specifies the folder in which the cmdlet saves the generated SQL scripts. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountName +Specifies the name of the Active Directory® Domain Services account under which the AD FS service runs. +All nodes in the farm must use the same service account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adfs/Export-AdfsWebContent.md b/docset/winserver2025-ps/adfs/Export-AdfsWebContent.md new file mode 100644 index 0000000000..1bdd0cafb1 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Export-AdfsWebContent.md @@ -0,0 +1,123 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/export-adfswebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-AdfsWebContent +--- + +# Export-AdfsWebContent + +## SYNOPSIS +Exports properties of all web content objects in a specific locale to a specified file. + +## SYNTAX + +``` +Export-AdfsWebContent [[-Locale] ] -FilePath [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Export-AdfsWebContent** cmdlet exports properties of all web content objects in a specific locale, including global and relying party web contents, to a specified file. +If you do not specify a locale, the cmdlet exports the web content of the invariant locale. +The **Set-AdfsGlobalWebContent** and **Set-AdfsRelyingPartyWebContent** cmdlets add customized web content. + +Use this cmdlet to implement localization of custom messages for the Active Directory Federation Services (AD FS) sign-in experience. +Export the web content to a .resx file, localize the file, and then import the localized .resx file by using the **Import-AdfsWebContent** cmdlet. + +## EXAMPLES + +### Example 1: Export web content for the invariant locale +``` +PS C:\> Export-AdfsWebContent -FilePath "C:\WebContent\Invariant.resx" +``` + +This command exports all the customized web content for the invariant locale to the specified file. + +### Example 2: Export web content for a specified locale +``` +PS C:\> Export-AdfsWebContent -Locale en-us -FilePath "C:\WebContent\EnUs.resx" +``` + +This command exports all the customized web content for the en-us locale to the specified file. + +## PARAMETERS + +### -FilePath +Specifies a file path. +The cmdlet exports properties of web content objects to the file that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Locale +Specifies a locale. +The cmdlet exports properties of web content objects for the local that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Import-AdfsWebContent](./Import-AdfsWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Export-AdfsWebTheme.md b/docset/winserver2025-ps/adfs/Export-AdfsWebTheme.md new file mode 100644 index 0000000000..06d093f639 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Export-AdfsWebTheme.md @@ -0,0 +1,164 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/export-adfswebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-AdfsWebTheme +--- + +# Export-AdfsWebTheme + +## SYNOPSIS +Exports a web theme to a folder. + +## SYNTAX + +### IdentifierName +``` +Export-AdfsWebTheme -Name -DirectoryPath [-WhatIf] [-Confirm] [] +``` + +### RelyingPartyName +``` +Export-AdfsWebTheme -RelyingPartyName -DirectoryPath [-WhatIf] [-Confirm] + [] +``` + +### IdentifierObject +``` +Export-AdfsWebTheme -WebTheme -DirectoryPath [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Export-AdfsWebTheme** cmdlet exports a web theme object to a folder. +The cmdlet creates necessary folders that correspond to the web theme settings. +Use this cmdlet to create web themes based on existing themes, such as the default theme available with Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Export a web theme +``` +PS C:\> Export-AdfsWebTheme -Name "Theme01" -DirectoryPath "C:\WebTheme" +``` + +This command exports a web theme named Theme01 to the folder C:\WebTheme. +The command places all files, including cascading style sheets, JavaScript files, and images, in folders in the specified folder. + +## PARAMETERS + +### -DirectoryPath +Specifies the path of a folder. +The cmdlet exports the web theme to the folder that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet exports the web theme that has the name that you specify. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -RelyingPartyName +Specifies the name of the relying party. + +```yaml +Type: String +Parameter Sets: RelyingPartyName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WebTheme +Specifies an **AdfsWebTheme** object. +The cmdlet exports the theme that you specify. +To obtain an **AdfsWebTheme** object, use the **Get-AdfsWebTheme** cmdlet. + +```yaml +Type: WebThemeBase +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsWebTheme](./Get-AdfsWebTheme.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + +[Remove-AdfsWebTheme](./Remove-AdfsWebTheme.md) + +[Set-AdfsWebTheme](./Set-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAccessControlPolicy.md b/docset/winserver2025-ps/adfs/Get-AdfsAccessControlPolicy.md new file mode 100644 index 0000000000..c2a91f2472 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAccessControlPolicy.md @@ -0,0 +1,75 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsaccesscontrolpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAccessControlPolicy +--- + +# Get-AdfsAccessControlPolicy + +## SYNOPSIS +Gets an AD FS access control policy. + +## SYNTAX + +``` +Get-AdfsAccessControlPolicy [-Name ] [-Identifier ] [] +``` + +## DESCRIPTION +The **Get-AdfsAccessControlPolicy** cmdlet gets an Active Directory Federation Services (AD FS) access control policy. + +## EXAMPLES + +## PARAMETERS + +### -Identifier +Specifies an array of IDs. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies an array of policy names. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[New-AdfsAccessControlPolicy](./New-AdfsAccessControlPolicy.md) + +[Remove-AdfsAccessControlPolicy](./Remove-AdfsAccessControlPolicy.md) + +[Set-AdfsAccessControlPolicy](./Set-AdfsAccessControlPolicy.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAdditionalAuthenticationRule.md b/docset/winserver2025-ps/adfs/Get-AdfsAdditionalAuthenticationRule.md new file mode 100644 index 0000000000..db03dbf931 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAdditionalAuthenticationRule.md @@ -0,0 +1,61 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsadditionalauthenticationrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAdditionalAuthenticationRule +--- + +# Get-AdfsAdditionalAuthenticationRule + +## SYNOPSIS +Retrieves the global rules that trigger additional authentication providers to be invoked. + +## SYNTAX + +``` +Get-AdfsAdditionalAuthenticationRule [] +``` + +## DESCRIPTION +The **Get-AdfsAdditionalAuthenticationRule** cmdlet retrieves the global rules that govern all applications that trigger additional authentication providers to be invoked. +When the claim engine evaluates the additional authentication rules and determines that multiple factor authentication is required, the user is prompted to perform additional authentication. +Use this rule only when all your applications are capable of performing web based credential collection through Active Directory Federation Services (AD FS). +Applications that use protocols like WS-Trust will fail to obtain a security token if the trigger is true as a result of evaluation of the rules. + +## EXAMPLES + +### Example 1: Retrieve the global additional authentication rules +``` +PS C:\> Get-AdfsAdditionalAuthenticationRule +c:[Type == "http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser", Value == "false"] +=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn"); + +c:[Type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"] +=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn"); +``` + +This command retrieves the global additional authentication rules configured for AD FS. +The output of the command shows that multiple factor authentication is required for all extranet access and all devices that are not joined to a workplace. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Set-AdfsAdditionalAuthenticationRule](./Set-AdfsAdditionalAuthenticationRule.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/Get-AdfsApplicationGroup.md new file mode 100644 index 0000000000..fe2e38d90f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsApplicationGroup.md @@ -0,0 +1,116 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsApplicationGroup +--- + +# Get-AdfsApplicationGroup + +## SYNOPSIS +Gets an application group. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Get-AdfsApplicationGroup [[-ApplicationGroupIdentifier] ] [] +``` + +### Name +``` +Get-AdfsApplicationGroup [-Name] [] +``` + +### ApplicationGroupObject +``` +Get-AdfsApplicationGroup [-ApplicationGroup] [] +``` + +## DESCRIPTION +The **Get-AdfsApplicationGroup** cmdlet gets an Active Directory Federation Services (AD FS) application group. + +## EXAMPLES + +## PARAMETERS + +### -ApplicationGroup +Specifies an application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of an application group. + +```yaml +Type: String[] +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of application groups. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *ApplicationGroup* parameter. + +### System.String + +String objects are received by the *ApplicationGroupIdentifier* and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns one or more ApplicationGroup objects that represent the Application Groups for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsApplicationGroup](./Disable-AdfsApplicationGroup.md) + +[Enable-AdfsApplicationGroup](./Enable-AdfsApplicationGroup.md) + +[New-AdfsApplicationGroup](./New-AdfsApplicationGroup.md) + +[Remove-AdfsApplicationGroup](./Remove-AdfsApplicationGroup.md) + +[Set-AdfsApplicationGroup](./Set-AdfsApplicationGroup.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsApplicationPermission.md b/docset/winserver2025-ps/adfs/Get-AdfsApplicationPermission.md new file mode 100644 index 0000000000..127ecad3ef --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsApplicationPermission.md @@ -0,0 +1,108 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsapplicationpermission?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsApplicationPermission +--- + +# Get-AdfsApplicationPermission + +## SYNOPSIS +Gets permission for an application. + +## SYNTAX + +### Identifier (Default) +``` +Get-AdfsApplicationPermission [[-Identifiers] ] [] +``` + +### ClientRoleIdentifier +``` +Get-AdfsApplicationPermission [[-ClientRoleIdentifiers] ] [] +``` + +### ServerRoleIdentifier +``` +Get-AdfsApplicationPermission [[-ServerRoleIdentifiers] ] [] +``` + +## DESCRIPTION +The **Get-AdfsApplicationPermission** cmdlet gets permission for an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ClientRoleIdentifiers +Specifies an array of client role identifiers. + +```yaml +Type: String[] +Parameter Sets: ClientRoleIdentifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Identifiers +Specifies an array of identifiers. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServerRoleIdentifiers +Specifies an array of server role identifiers. + +```yaml +Type: String[] +Parameter Sets: ServerRoleIdentifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ClientRoleIdentifiers*, *Identifiers*, and *ServerRoleIdentifiers* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthPermission + +Returns one or more OAuthPermission objects that represent the application permissions for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Grant-AdfsApplicationPermission](./Grant-AdfsApplicationPermission.md) + +[Revoke-AdfsApplicationPermission](./Revoke-AdfsApplicationPermission.md) + +[Set-AdfsApplicationPermission](./Set-AdfsApplicationPermission.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAttributeStore.md b/docset/winserver2025-ps/adfs/Get-AdfsAttributeStore.md new file mode 100644 index 0000000000..5257c941ef --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAttributeStore.md @@ -0,0 +1,69 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsattributestore?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAttributeStore +--- + +# Get-AdfsAttributeStore + +## SYNOPSIS +Gets the attribute stores of the Federation Service. + +## SYNTAX + +``` +Get-AdfsAttributeStore [[-Name] ] [] +``` + +## DESCRIPTION +The **Get-AdfsAttributeStore** cmdlet gets an attribute store of the Federation Service. +If you do not specify any parameters, the cmdlet gets all attribute stores of the Federation Service. + +## EXAMPLES + +## PARAMETERS + +### -Name +Specifies an array of names of attribute stores that this cmdlet gets. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +A string object is received by the *Name* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AttributeStore + +Returns one or more AttributeStore objects that represent the attribute stores of the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsAttributeStore](./Add-AdfsAttributeStore.md) + +[Remove-AdfsAttributeStore](./Remove-AdfsAttributeStore.md) + +[Set-AdfsAttributeStore](./Set-AdfsAttributeStore.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProvider.md b/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProvider.md new file mode 100644 index 0000000000..f525e606f9 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProvider.md @@ -0,0 +1,101 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsauthenticationprovider?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAuthenticationProvider +--- + +# Get-AdfsAuthenticationProvider + +## SYNOPSIS +Gets a list of all authentication providers in AD FS. + +## SYNTAX + +``` +Get-AdfsAuthenticationProvider [[-Name] ] [] +``` + +## DESCRIPTION +The **Get-AdfsAuthenticationProvider** cmdlet gets a list of all authentication providers currently registered in Active Directory Federation Services (AD FS). +The read-only list includes built-in and external authentication providers and associated properties. + +## EXAMPLES + +### Example 1: Get all registered authentication providers +``` +PS C:\> Get-AdfsAuthenticationProvider +AdminName : Forms Authentication +AllowedForPrimaryExtranet : True +AllowedForPrimaryIntranet : True +AllowedForAdditionalAuthentication : False +AuthenticationMethods : {urn:oasis:names:tc:SAML:1.0:am:password, urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password} +Descriptions : {} +DisplayNames : {} +Name : FormsAuthentication +IdentityClaims : {} +IsCustom : False +RequiresIdentity : False + +AdminName : Windows Authentication +AllowedForPrimaryExtranet : False +AllowedForPrimaryIntranet : True +AllowedForAdditionalAuthentication : False +AuthenticationMethods : {urn:ietf:rfc:1510, urn:federation:authentication:windows, urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos...} Descriptions : {} +DisplayNames : {} +Name : WindowsAuthentication +IdentityClaims : {} +IsCustom : False +RequiresIdentity : False + +AdminName : Certificate Authentication +AllowedForPrimaryExtranet : True +AllowedForPrimaryIntranet : True +AllowedForAdditionalAuthentication : True +AuthenticationMethods : {urn:ietf:rfc:2246, urn:oasis:names:tc:SAML:1.0:am:X509-PKI, urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, urn:oasis:names:tc:SAML:2.0:ac:classes:X509...} Descriptions : {} +DisplayNames : {} +Name : CertificateAuthentication +IdentityClaims : {} +IsCustom : False +RequiresIdentity : False +``` + +This command gets all authentication providers currently registered in AD FS. + +## PARAMETERS + +### -Name +Specifies the name of an authentication provider to retrieve from AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Register-AdfsAuthenticationProvider](./Register-AdfsAuthenticationProvider.md) + +[Unregister-AdfsAuthenticationProvider](./Unregister-AdfsAuthenticationProvider.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProviderWebContent.md b/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProviderWebContent.md new file mode 100644 index 0000000000..915316fea8 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAuthenticationProviderWebContent.md @@ -0,0 +1,79 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsauthenticationproviderwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAuthenticationProviderWebContent +--- + +# Get-AdfsAuthenticationProviderWebContent + +## SYNOPSIS +Retrieves web content objects for authentication providers. + +## SYNTAX + +``` +Get-AdfsAuthenticationProviderWebContent [-Locale ] [-Name ] [] +``` + +## DESCRIPTION +The **Get-AdfsAuthenticationProviderWebContent** cmdlet retrieves web content objects for all authentication providers, or a specified authentication provider in a locale. +Specify an authentication provider by its name. +If you do not supply an authentication provider name, the cmdlet retrieves all authentication provider web content objects. +If you do not specify the locale, the cmdlet retrieves web content for all locales. +The cmdlet does not return any information if you do not use the Set-AdfsAuthenticationProviderWebContent cmdlet to customize the authentication provider web content. + +## EXAMPLES + +## PARAMETERS + +### -Locale +Specifies a locale. +The cmdlet gets the provider web content associated for the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies a array of names. +The cmdlet gets the provider web content associated for the names that you specify. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Remove-AdfsAuthenticationProviderWebContent](./Remove-AdfsAuthenticationProviderWebContent.md) + +[Set-AdfsAuthenticationProviderWebContent](./Set-AdfsAuthenticationProviderWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsAzureMfaConfigured.md b/docset/winserver2025-ps/adfs/Get-AdfsAzureMfaConfigured.md new file mode 100644 index 0000000000..68bc38d8f2 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsAzureMfaConfigured.md @@ -0,0 +1,70 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsazuremfaconfigured?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsAzureMfaConfigured +--- + +# Get-AdfsAzureMfaConfigured + +## SYNOPSIS +Gets whether Azure MFA is enabled. + +## SYNTAX + +``` +Get-AdfsAzureMfaConfigured [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-AdfsAzureMfaConfigured** cmdlet returns $True if Azure Multi-Factor Authentication (MFA) is enabled on an Active Directory Federation Services (AD FS) farm. + +## EXAMPLES + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsCertificate.md b/docset/winserver2025-ps/adfs/Get-AdfsCertificate.md new file mode 100644 index 0000000000..e10d050efc --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsCertificate.md @@ -0,0 +1,104 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfscertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsCertificate +--- + +# Get-AdfsCertificate + +## SYNOPSIS +Retrieves the certificates from AD FS. + +## SYNTAX + +### ByType (Default) +``` +Get-AdfsCertificate [[-CertificateType] ] [] +``` + +### ByReference +``` +Get-AdfsCertificate [-Thumbprint] [] +``` + +## DESCRIPTION +The **Get-AdfsCertificate** cmdlet retrieves the certificates that Active Directory Federation Services (AD FS) uses for token signing, token decrypting, card signing, and securing service communications. + +## EXAMPLES + +### Example 1: Get the token-signing certificates +``` +PS C:\> Get-AdfsCertificate -CertificateType "Token-Signing" +``` + +This command retrieves the token-signing certificates for AD FS. + +## PARAMETERS + +### -CertificateType +Specifies the type of the certificate to retrieve. +The acceptable values for this parameter are: + +- Infocard-Signing +- Service-Communications +- Token-Encryption +- Token-Signing + +```yaml +Type: String[] +Parameter Sets: ByType +Aliases: +Accepted values: Service-Communications, Token-Decrypting, Token-Signing + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Thumbprint +Specifies the thumbprint of the certificate to retrieve. + +```yaml +Type: String[] +Parameter Sets: ByReference +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate + +Returns one or more ServiceCertificate objects that represent the certificate objects for AD FS. + +## NOTES +* You can use the **Get-AdfsCertificate** cmdlet without any parameters to get all the certificates. + +## RELATED LINKS + +[Add-AdfsCertificate](./Add-AdfsCertificate.md) + +[Remove-AdfsCertificate](./Remove-AdfsCertificate.md) + +[Set-AdfsCertificate](./Set-AdfsCertificate.md) + +[Update-AdfsCertificate](./Update-AdfsCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsCertificateAuthority.md b/docset/winserver2025-ps/adfs/Get-AdfsCertificateAuthority.md new file mode 100644 index 0000000000..fb5d53a133 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsCertificateAuthority.md @@ -0,0 +1,47 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfscertificateauthority?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsCertificateAuthority +--- + +# Get-AdfsCertificateAuthority + +## SYNOPSIS +Gets a certificate authority. + +## SYNTAX + +``` +Get-AdfsCertificateAuthority [] +``` + +## DESCRIPTION +The **Get-AdfsCertificateAuthority** cmdlet gets a certificate authority in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsCertificateAuthority + +Returns an AdfsCertificateAuthority object that represents the certificate authority of the Federation Service. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsCertificateAuthority](./Disable-AdfsCertificateAuthority.md) + +[Set-AdfsCertificateAuthority](./Set-AdfsCertificateAuthority.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsClaimDescription.md b/docset/winserver2025-ps/adfs/Get-AdfsClaimDescription.md new file mode 100644 index 0000000000..41734c45d1 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsClaimDescription.md @@ -0,0 +1,120 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsclaimdescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsClaimDescription +--- + +# Get-AdfsClaimDescription + +## SYNOPSIS +Gets claim descriptions from the Federation Service. + +## SYNTAX + +### Name (Default) +``` +Get-AdfsClaimDescription [[-Name] ] [] +``` + +### Identifier +``` +Get-AdfsClaimDescription -ClaimType [] +``` + +### ShortName +``` +Get-AdfsClaimDescription -ShortName [] +``` + +## DESCRIPTION +The **Get-AdfsClaimDescription** cmdlet gets claim descriptions from the Federation Service. +Claim descriptions describe the claims that the Federation Service uses. +Claim descriptions also describe how claims are published in federation metadata. +You can use this cmdlet without parameters to get all claim descriptions in the Federation Service. + +## EXAMPLES + +### Example 1: Get a claim description +```powershell +PS C:\> Get-AdfsClaimDescription | Where-Object {$_.IsOffered} +``` + +This command gets the list of claim descriptions that the Federation Service offers. + +## PARAMETERS + +### -ClaimType +Specifies an array of claim type URNs or URIs of the claim. +The cmdlet gets the claim descriptions for the claims that you specify. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of claim descriptions to get. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -ShortName +Specifies the unique short name ID for the claim description that is used for issuing and consuming JWT tokens. + +```yaml +Type: String[] +Parameter Sets: ShortName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ClaimType*, *Name*, and *ShortName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +Returns one or more ClaimDescription objects that represent the claim description resources for the Federation Service. + +## NOTES +* Use claim descriptions to configure the list of claims available to be offered or accepted by Active Directory Federation Services (AD FS). + +## RELATED LINKS + +[Add-AdfsClaimDescription](./Add-AdfsClaimDescription.md) + +[Remove-AdfsClaimDescription](./Remove-AdfsClaimDescription.md) + +[Set-AdfsClaimDescription](./Set-AdfsClaimDescription.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..f7eae8424c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrust.md @@ -0,0 +1,128 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsClaimsProviderTrust +--- + +# Get-AdfsClaimsProviderTrust + +## SYNOPSIS +Gets the claims provider trusts in the Federation Service. + +## SYNTAX + +### ClaimsProviderName (Default) +``` +Get-AdfsClaimsProviderTrust [[-Name] ] [] +``` + +### TokenSigningCertificates +``` +Get-AdfsClaimsProviderTrust [-Certificate] [] +``` + +### Identifier +``` +Get-AdfsClaimsProviderTrust [-Identifier] [] +``` + +## DESCRIPTION +The **Get-AdfsClaimsProviderTrust** cmdlet gets the claims provider trusts in the Federation Service. +You can use this cmdlet with no parameters to get all the claims provider trust objects. + +## EXAMPLES + +### Example 1: Get claims provider trusts +``` +PS C:\> Get-AdfsClaimsProviderTrust -Name "Fabrikam claims provider" +``` + +This command gets the property settings for the claims provider trust named Fabrikam claims provider. + +## PARAMETERS + +### -Certificate +Specifies an array of token-signing certificates of the claims provider trust to get. + +```yaml +Type: X509Certificate2[] +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique IDs of the claims provider trust to get. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of display names of the claims provider trust to get. + +```yaml +Type: String[] +Parameter Sets: ClaimsProviderName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *Certificate* parameter. + +### System.String + +String objects are received by the *Identifier* and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns one or more ClaimsProviderTrust objects that represent the claims provider trusts for the Federation Service. + +## NOTES +* If you do not specify the *Name* parameter, the cmdlet lists all claims providers. The claims provider collects and authenticates a user's credentials, builds up claims for that user, and packages the claims into security tokens or Information Cards. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens or Information Cards on their behalf. When you configure Active Directory Federation Services (AD FS), the role of the claims provider is to enable its users to access resources that are hosted in a relying party organization by establishing one side of the federation trust relationship. After the federation trust is established, tokens and Information Cards can be presented to the relying party across the trust. + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrustsGroup.md b/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrustsGroup.md new file mode 100644 index 0000000000..5d8c62e25b --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsClaimsProviderTrustsGroup.md @@ -0,0 +1,58 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsclaimsprovidertrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsClaimsProviderTrustsGroup +--- + +# Get-AdfsClaimsProviderTrustsGroup + +## SYNOPSIS +Gets an AD FS claims provider trust group. + +## SYNTAX + +``` +Get-AdfsClaimsProviderTrustsGroup [[-Identifier] ] [] +``` + +## DESCRIPTION +The **Get-AdfsClaimsProviderTrustsGroup** cmdlet gets an Active Directory Federation Services (AD FS) claims provider trust group. + +## EXAMPLES + +## PARAMETERS + +### -Identifier +Specifies an array of IDs. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrustsGroup](./Add-AdfsClaimsProviderTrustsGroup.md) + +[Remove-AdfsClaimsProviderTrustsGroup](./Remove-AdfsClaimsProviderTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsClient.md b/docset/winserver2025-ps/adfs/Get-AdfsClient.md new file mode 100644 index 0000000000..0c9d721159 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsClient.md @@ -0,0 +1,176 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsClient +--- + +# Get-AdfsClient + +## SYNOPSIS +Retrieves registration information for an OAuth 2.0 client. + +## SYNTAX + +### Name (Default) +``` +Get-AdfsClient [[-Name] ] [] +``` + +### ClientId +``` +Get-AdfsClient [-ClientId] [] +``` + +### InputObject +``` +Get-AdfsClient [-InputObject] [] +``` + +## DESCRIPTION +The **Get-AdfsClient** cmdlet retrieves registration information for an OAuth 2.0 client that was previously registered with Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Retrieve registration information for all clients +``` +PS C:\> Get-AdfsClient + + + +RedirectUri : {ms-app://windows.immersivecontrolpanel/} +Name : Device Registration Client +Description : Client for the Device Registration Service +ClientId : dd762716-544d-4aeb-a526-687b73838a22 +BuiltIn : True +Enabled : True +ClientType : Public + +RedirectUri : {https://168f3ee4-63fc-4723-a61a-6473f6cb515c/redir} +Name : Windows Server Work Folders Client +Description : Client for syncing user files to a Work Folders sync share +ClientId : 168f3ee4-63fc-4723-a61a-6473f6cb515c +BuiltIn : True +Enabled : True +ClientType : Public +``` + +This command retrieves registration information for all OAuth 2.0 clients currently registered withAD FS. + +### Example 2: Retrieve registration information by client name +``` +PS C:\> Get-AdfsClient -Name "Device Registration Client" + + + +RedirectUri : {ms-app://windows.immersivecontrolpanel/} +Name : Device Registration Client +Description : Client for the Device Registration Service +ClientId : dd762716-544d-4aeb-a526-687b73838a22 +BuiltIn : True +Enabled : True +ClientType : Public +``` + +This command retrieves registration information for the OAuth 2.0 client named Device Registration Client. + +### Example 3: Retrieve registration information by client ID +``` +PS C:\> Get-AdfsClient -ClientId "dd762716-544d-4aeb-a526-687b73838a22" + + + +RedirectUri : {ms-app://windows.immersivecontrolpanel/} +Name : Device Registration Client +Description : Client for the Device Registration Service +ClientId : dd762716-544d-4aeb-a526-687b73838a22 +BuiltIn : True +Enabled : True +ClientType : Public +``` + +This command retrieves registration information for the OAuth 2.0 client specified by the client identifier dd762716-544d-4aeb-a526-687b73838a22. + +## PARAMETERS + +### -ClientId +Specifies an array of client identifiers for the OAuth 2.0 client for which to retrieve registration information. + +```yaml +Type: String[] +Parameter Sets: ClientId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +Specifies an object of type **AdfsClient** that represents an OAuth 2.0 client for which to retrieve registration information. + +```yaml +Type: AdfsClient +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the OAuth 2.0 client for which to retrieve registration information. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ClientId* and *Name* parameters. + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +AdfsClient objects are received by the *InputObject* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns one or more AdfsClient objects that represent the Adfs Clients for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClient](./Add-AdfsClient.md) + +[Disable-AdfsClient](./Disable-AdfsClient.md) + +[Enable-AdfsClient](./Enable-AdfsClient.md) + +[Remove-AdfsClient](./Remove-AdfsClient.md) + +[Set-AdfsClient](./Set-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistration.md b/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistration.md new file mode 100644 index 0000000000..6fbadcae3c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistration.md @@ -0,0 +1,71 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsdeviceregistration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsDeviceRegistration +--- + +# Get-AdfsDeviceRegistration + +## SYNOPSIS +Gets the administrative polices of the Device Registration Service. + +## SYNTAX + +``` +Get-AdfsDeviceRegistration [] +``` + +## DESCRIPTION +The **Get-AdfsDeviceRegistration** cmdlet gets the administrative polices that are used by the Device Registration Service in Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Get settings of the Device Registration Service +``` +PS C:\> Get-AdfsDeviceRegistration + + +DrsObjectDN : CN=DeviceRegistrationService,CN=Device Registration Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com +DevicesPerUser : 10 +MaximumInactiveDays : 90 +IsEnabledOnPremises : True +IsEnabledInCloud : False +DeviceObjectLocation : CN=RegisteredDevices,DC=contoso,DC=com +``` + +This command gets the current settings for the Device Registration Service in AD FS. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### DeviceRegistrationServiceObject +This cmdlet generates a **DeviceRegistrationServiceObject** object that represents the Device Registration Service. +The object includes the following properties: + +- DevicesPerUser Type: **Int** +- MaximumInactiveDays Type: **Int** +- IsEnabledOnPremises: Type: **bool** +- IsEnabledInCloud: Type: **bool** +- DeviceObjectLocation: Type: **string** +- DrsObjectDN: Type: **string** + +## NOTES + +## RELATED LINKS + +[Disable-AdfsDeviceRegistration](./Disable-AdfsDeviceRegistration.md) + +[Enable-AdfsDeviceRegistration](./Enable-AdfsDeviceRegistration.md) + +[Set-AdfsDeviceRegistration](./Set-AdfsDeviceRegistration.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistrationUpnSuffix.md b/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistrationUpnSuffix.md new file mode 100644 index 0000000000..29d88bb507 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsDeviceRegistrationUpnSuffix.md @@ -0,0 +1,60 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsdeviceregistrationupnsuffix?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsDeviceRegistrationUpnSuffix +--- + +# Get-AdfsDeviceRegistrationUpnSuffix + +## SYNOPSIS +Gets the UPN suffixes that can be used with device registration. + +## SYNTAX + +``` +Get-AdfsDeviceRegistrationUpnSuffix [] +``` + +## DESCRIPTION +The **Get-AdfsDeviceRegistrationUpnSuffix** cmdlet gets all of the user principal name (UPN) suffixes that you can use when you register a device with Active Directory Federation Services (AD FS). +The cmdlet returns a list of UPN suffixes and indicates whether a UPN suffix was discovered or manually configured by the administrator, and if the server has a valid SSL binding configured for the UPN suffix. + +## EXAMPLES + +### Example 1: Get the UPN suffixes for the device registration service +``` +PS C:\> Get-AdfsDeviceRegistrationUpnSuffix | Format-List +Upn : contoso.com +SslPort : 443 +IsSetAsSslBinding : True +IsCustom : False +``` + +This command gets information on the UPN suffixes that are accepted by the Device Registration Service in AD FS. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Commands.GetAdfsDeviceRegistrationUpnSuffix+DrsBinding + +Returns one or more DrsBinding objects that represent the device registration service UPN suffix resources for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsDeviceRegistrationUpnSuffix](./Add-AdfsDeviceRegistrationUpnSuffix.md) + +[Remove-AdfsDeviceRegistrationUpnSuffix](./Remove-AdfsDeviceRegistrationUpnSuffix.md) + +[Set-AdfsDeviceRegistrationUpnSuffix](./Set-AdfsDeviceRegistrationUpnSuffix.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsEndpoint.md b/docset/winserver2025-ps/adfs/Get-AdfsEndpoint.md new file mode 100644 index 0000000000..e2353c10f0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsEndpoint.md @@ -0,0 +1,110 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsendpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsEndpoint +--- + +# Get-AdfsEndpoint + +## SYNOPSIS +Retrieves an endpoint in AD FS. + +## SYNTAX + +### Address (Default) +``` +Get-AdfsEndpoint [[-AddressPath] ] [] +``` + +### FullUrl +``` +Get-AdfsEndpoint [-FullUrl] [] +``` + +## DESCRIPTION +The **Get-AdfsEndpoint** cmdlet retrieves a specified endpoint from Active Directory Federation Services (AD FS). +The collection of **AdfsEndpoint** objects is a list of all the supported endpoints that are on the server. +You can use this list to view the configuration of endpoints and enable or disable them. +To see the full list of endpoints, use this cmdlet with no parameters. + +## EXAMPLES + +### Example 1: Get an endpoint +``` +PS C:\> Get-AdfsEndpoint -AddressPath "/adfs/services/trust/13/Windows" +``` + +This command gets the WS-Trust 1.3 endpoint. + +## PARAMETERS + +### -AddressPath +Specifies an array of address paths that do not include the AD FS service name. +The cmdlet gets endpoints that correspond to the paths that you specify. +An example of such a path is /adfs/portal/updatepassword. + +```yaml +Type: String[] +Parameter Sets: Address +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -FullUrl +Specifies the full URL of the endpoint to retrieve. + +```yaml +Type: Uri[] +Parameter Sets: FullUrl +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +System.Uri[] + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.Endpoint +AddressPath string +ClientCredentialType string +Enabled bool +FullUrl uri +Protocol string +Proxy bool +SecurityMode string +Version string + +### Microsoft.IdentityServer.PowerShell.Resources.Endpoint +This cmdlet returns class structure that represents the endpoints for the Federation Service. + +## NOTES +* Endpoints provide access to the federation server functionality of AD FS, such as token issuance and the publication of federation metadata. Depending on the type of endpoint, you can enable or disable the endpoint or control whether the endpoint is published to Web Application Proxy. + +## RELATED LINKS + +[Disable-AdfsEndpoint](./Disable-AdfsEndpoint.md) + +[Enable-AdfsEndpoint](./Enable-AdfsEndpoint.md) + +[Set-AdfsEndpoint](./Set-AdfsEndpoint.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsFarmInformation.md b/docset/winserver2025-ps/adfs/Get-AdfsFarmInformation.md new file mode 100644 index 0000000000..56f547228f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsFarmInformation.md @@ -0,0 +1,79 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsfarminformation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsFarmInformation +--- + +# Get-AdfsFarmInformation + +## SYNOPSIS +Gets AD FS behavior level and farm node information. + +## SYNTAX + +``` +Get-AdfsFarmInformation [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-AdfsFarmInformation** cmdlet gets the current Active Directory Federation Services (AD FS) behavior level and farm node information. + +## EXAMPLES + +### Example 1: Get farm information +``` +PS C:\> Get-AdfsFarmInformation +``` + +This cmdlet gets AD FS behavior level and farm node information. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Set-AdfsFarmInformation](./Set-AdfsFarmInformation.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsGlobalAuthenticationPolicy.md b/docset/winserver2025-ps/adfs/Get-AdfsGlobalAuthenticationPolicy.md new file mode 100644 index 0000000000..62a4ba7915 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsGlobalAuthenticationPolicy.md @@ -0,0 +1,57 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsglobalauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsGlobalAuthenticationPolicy +--- + +# Get-AdfsGlobalAuthenticationPolicy + +## SYNOPSIS +Displays the AD FS global policy. + +## SYNTAX + +``` +Get-AdfsGlobalAuthenticationPolicy [] +``` + +## DESCRIPTION +The **Get-AdfsGlobalAuthenticationPolicy** cmdlet displays the global authentication policy, which includes the providers currently allowed as additional providers in the **AdditionalAuthenticationProvider** property. + +## EXAMPLES + +### Example 1: Display the global authentication policy +``` +PS C:\> Get-AdfsGlobalAuthenticationPolicy + + +AdditionalAuthenticationProvider : {MultiFactorAuthentication} +DeviceAuthenticationEnabled : True +PrimaryIntranetAuthenticationProvider : {WindowsAuthentication} +PrimaryExtranetAuthenticationProvider : {FormsAuthentication, CertificateAuthentication} +WindowsIntegratedFallbackEnabled : True +``` + +This command displays the global authentication policy. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Set-AdfsGlobalAuthenticationPolicy](./Set-AdfsGlobalAuthenticationPolicy.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsGlobalWebContent.md b/docset/winserver2025-ps/adfs/Get-AdfsGlobalWebContent.md new file mode 100644 index 0000000000..12521b7f1f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsGlobalWebContent.md @@ -0,0 +1,118 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsglobalwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsGlobalWebContent +--- + +# Get-AdfsGlobalWebContent + +## SYNOPSIS +Gets global web content objects. + +## SYNTAX + +``` +Get-AdfsGlobalWebContent [-Locale ] [] +``` + +## DESCRIPTION +The **Get-AdfsGlobalWebContent** cmdlet gets all global web content objects or the global web content object that corresponds to the locale that you specify. +If you do not specify the *Locale* parameter, the cmdlet gets global web content objects for all locales. + +## EXAMPLES + +### Example 1: Get global web content for all locales +``` +PS C:\> Get-AdfsGlobalWebContent + + +Locale : +CompanyName : +HelpDeskLink : +HelpDeskLinkText : +HomeLink : +HomeLinkText : +PrivacyLink : +PrivacyLinkText : +CertificatePageDescriptionText : +SignInPageDescriptionText : +SignOutPageDescriptionText : +ErrorPageDescriptionText : +ErrorPageGenericErrorMessage : +ErrorPageAuthorizationErrorMessage : You have been denied access. +ErrorPageDeviceAuthenticationErrorMessage : +ErrorPageSupportEmail : +UpdatePasswordPageDescriptionText : +SignInPageAdditionalAuthenticationDescriptionText : +``` + +This command gets the global web content for all locales. + +### Example 2: Get the global web content for a locale +``` +PS C:\> Get-AdfsGlobalWebContent -Locale en-us +``` + +This command gets the global web content for the en-us locale. +If you did not specify a locale when you modified properties of the global web content by using the **Set-AdfsGlobalWebContent** cmdlet, the cmdlet returns no additional information. + +## PARAMETERS + +### -Locale +Specifies an array of locales. +The cmdlet gets the global web content associated with the locales that you specify. + +```yaml +Type: CultureInfo[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsGlobalWebContent;Microsoft.IdentityServer.Management.Resources.AdfsGlobalWebContent[] +This cmdlet generates a **System.IdentityServer.Management.Resources.AdfsGlobalWebContent** object that represents global web content. +The object includes the following properties: + +- Locale: **System.Globalization.CultureInfo** +- CompanyName: **System.String** +- HelpDeskLink: **System.Uri** +- HelpDeskLinkText: **System.String** +- HomeLink: **System.Uri** +- HomeLinkText: **System.String** +- PrivacyLink: **System.Uri** +- PrivacyLinkText: **System.String** +- SignInPageDescriptionText: **System.String** +- SignOutPageDescriptionText: **System.String** +- ErrorPageDescriptionText: **System.String** +- ErrorPageGenericErrorMessage: **System.String** +- ErrorPageAuthorizationErrorMessage: **System.String** +- ErrorPageDeviceAuthenticationErrorMessage: **System.String** +- ErrorPageSupportEmail: **System.String** +- UpdatePasswordPageDescriptionText: **System.String** +- CertificatePageDescriptionText: **System.String** +- SignInPageAdditionalAuthenticationDescriptionText: **System.String** + +## NOTES + +## RELATED LINKS + +[Set-AdfsGlobalWebContent](./Set-AdfsGlobalWebContent.md) + +[Remove-AdfsGlobalWebContent](./Remove-AdfsGlobalWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Get-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..d5aa7c0f81 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,86 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsLocalClaimsProviderTrust +--- + +# Get-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Gets local claims provider trusts. + +## SYNTAX + +### ClaimsProviderName (Default) +``` +Get-AdfsLocalClaimsProviderTrust [[-Name] ] [] +``` + +### Identifier +``` +Get-AdfsLocalClaimsProviderTrust [-Identifier] [] +``` + +## DESCRIPTION +The **Get-AdfsLocalClaimsProviderTrust** cmdlet gets local claims provider trusts. +Specify names or IDs of trusts to get. + +## EXAMPLES + +## PARAMETERS + +### -Identifier +Specifies an array of IDs of the local claims provider trusts to get. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of the local claims provider trusts to get. + +```yaml +Type: String[] +Parameter Sets: ClaimsProviderName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + +[Disable-AdfsLocalClaimsProviderTrust](./Disable-AdfsLocalClaimsProviderTrust.md) + +[Enable-AdfsLocalClaimsProviderTrust](./Enable-AdfsLocalClaimsProviderTrust.md) + +[Remove-AdfsLocalClaimsProviderTrust](./Remove-AdfsLocalClaimsProviderTrust.md) + +[Set-AdfsLocalClaimsProviderTrust](./Set-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsNativeClientApplication.md b/docset/winserver2025-ps/adfs/Get-AdfsNativeClientApplication.md new file mode 100644 index 0000000000..4103aad195 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsNativeClientApplication.md @@ -0,0 +1,157 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsnativeclientapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsNativeClientApplication +--- + +# Get-AdfsNativeClientApplication + +## SYNOPSIS +Gets native client application roles from an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Get-AdfsNativeClientApplication [[-Identifier] ] [] +``` + +### Name +``` +Get-AdfsNativeClientApplication [-Name] [] +``` + +### ApplicationObject +``` +Get-AdfsNativeClientApplication [-Application] [] +``` + +### ApplicationGroupIdentifier +``` +Get-AdfsNativeClientApplication [-ApplicationGroupIdentifier] [] +``` + +### ApplicationGroupObject +``` +Get-AdfsNativeClientApplication [-ApplicationGroup] [] +``` + +## DESCRIPTION +The **Get-AdfsNativeClientApplication** cmdlet gets native client application roles from an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Application +Specifies the native client application to get. + +```yaml +Type: NativeClientApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroup +Specifies the application group from which to get native client applications. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of the application group from which to get native client applications. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of IDs of native client applications get. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of native client applications get. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +NativeClientApplication objects are received by the *Application* parameter. + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *ApplicationGroup* parameter. + +### System.String + +String objects are received by the *Identifier* and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +Returns one or more NativeClientApplication objects that represent the native client application resources for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsNativeClientApplication](./Add-AdfsNativeClientApplication.md) + +[Remove-AdfsNativeClientApplication](./Remove-AdfsNativeClientApplication.md) + +[Set-AdfsNativeClientApplication](./Set-AdfsNativeClientApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Get-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..d91a301691 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,131 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Get-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Gets the properties of a relying party trust for a non-claims-aware web application or service. + +## SYNTAX + +### __AllParameterSets (Default) +``` +Get-AdfsNonClaimsAwareRelyingPartyTrust [] +``` + +### Identifier +``` +Get-AdfsNonClaimsAwareRelyingPartyTrust -TargetIdentifier [] +``` + +### IdentifierName +``` +Get-AdfsNonClaimsAwareRelyingPartyTrust [-TargetName] [] +``` + +### IdentifierObject +``` +Get-AdfsNonClaimsAwareRelyingPartyTrust + -TargetNonClaimsAwareRelyingPartyTrust [] +``` + +## DESCRIPTION +The **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet gets the properties of a relying party trust for a non-claims-aware web application or service. + +A non-claims aware relying party trust is a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Get the properties of a non-claims-aware relying party trust by using a name +``` +PS C:\> Get-AdfsNonClaimsAwareRelyingPartyTrust -TargetName "ExpenseReport" +``` + +This command gets the properties of the non-claims-aware relying party trust for the application named ExpenseReport. + +### Example 2: Get the properties of a non-claims-aware relying party trust by using an identifier +``` +PS C:\> Get-AdfsNonClaimsAwareRelyingPartTrust -TargetIdentifier "https://Contosoexpense/" +``` + +This command gets the properties of the non-claims-aware relying party trust for the expense report application that has the identifier https://Contosoexpense. + +## PARAMETERS + +### -TargetIdentifier +Specifies the identifier of the non-claims-aware relying party trust to get. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the non-claims-aware relying party trust to get. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetNonClaimsAwareRelyingPartyTrust +Specifies a **NonClaimsAwareRelyingPartyTrust** object. +The cmdlet enables the non-claims-aware relying party trust that you specify. +To obtain a **NonClaimsAwareRelyingPartyTrust**, use the **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet. + +```yaml +Type: NonClaimsAwareRelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsNonClaimsAwareRelyingPartyTrust](./Add-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Disable-AdfsNonClaimsAwareRelyingPartyTrust](./Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Enable-AdfsNonClaimsAwareRelyingPartyTrust](./Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Remove-AdfsNonClaimsAwareRelyingPartyTrust](./Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Set-AdfsNonClaimsAwareRelyingPartyTrust](./Set-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsProperties.md b/docset/winserver2025-ps/adfs/Get-AdfsProperties.md new file mode 100644 index 0000000000..9d07a8a6c5 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsProperties.md @@ -0,0 +1,217 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsproperties?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsProperties +--- + +# Get-AdfsProperties + +## SYNOPSIS +Gets all the associated properties for the AD FS service. + +## SYNTAX + +``` +Get-AdfsProperties [] +``` + +## DESCRIPTION +The **Get-AdfsProperties** cmdlet gets all the associated properties for the Active Directory Federation Services (AD FS) service. + +## EXAMPLES + +### Example 1: Get the associated properties +``` +PS C:\> Get-AdfsProperties + + +AcceptableIdentifiers : {} +AddProxyAuthorizationRules : exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) => +issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true"); +c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^AD AUTHORITY$" ] +=> +issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustManagerSid({0})", +param=c.Value ); +c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$" ] +=> +issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustProvisioned({0})", +param=c.Value ); +ArtifactDbConnection : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial Catalog=AdfsArtifactStore;Integrated Security=True +AuthenticationContextOrder : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, +urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, urn:oasis:names:tc:SAML:2.0:ac:classes:X509...} +AutoCertificateRollover : False +CertificateCriticalThreshold : 2 +CertificateDuration : 365 +CertificateGenerationThreshold : 20 +CertificatePromotionThreshold : 5 +CertificateRolloverInterval : 720 +CertificateSharingContainer : CN=e6ddcbbc-5dc9-4ef2-9354-5e9ba1cac82d,CN=ADFS,CN=Microsoft,CN=Program Data,DC=contoso,DC=com +CertificateThresholdMultiplier : 1440 +ClientCertRevocationCheck : None +ContactPerson : Microsoft.IdentityServer.Management.Resources.ContactPerson +DisplayName : Contoso Corp. +IntranetUseLocalClaimsProvider : False +ExtendedProtectionTokenCheck : Allow +FederationPassiveAddress : /adfs/ls/ +HostName : sts.contoso.com +HttpPort : 80 +HttpsPort : 443 +TlsClientPort : 49443 +Identifier : https://sts.contoso.com/adfs/services/trust +InstalledLanguage : en-US +LogLevel : {Errors, Information, Verbose, Warnings} +MonitoringInterval : 1440 +NetTcpPort : 1501 +NtlmOnlySupportedClientAtProxy : True +OrganizationInfo : +PreventTokenReplays : False +ProxyTrustTokenLifetime : 21600 +ReplayCacheExpirationInterval : 60 +SignedSamlRequestsRequired : False +SamlMessageDeliveryWindow : 5 +SignSamlAuthnRequests : False +SsoLifetime : 480 +PersistentSsoLifetimeMins : 10080 +PersistentSsoEnabled : True +PersistentSsoCutoffTime : 1/1/0001 12:00:00 AM +KmsiEnabled : False +LoopDetectionEnabled : True +LoopDetectionTimeIntervalInSeconds : 20 +LoopDetectionMaximumTokensIssuedInInterval : 5 +SendClientRequestIdAsQueryStringParameter : True +WIASupportedUserAgents : {MSIE 6.0, MSIE 7.0, MSIE 8.0, MSIE 9.0...} +ExtranetLockoutThreshold : 2 +ExtranetLockoutEnabled : True +ExtranetObservationWindow : 01:00:00 +``` + +This command retrieves the associated properties from AD FS. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ServiceProperties +AcceptableIdentifiers uri[] +AddProxyAuthorizationRules string +AllowLocalAdminsServiceAdministration bool +AllowSystemServiceAdministration bool +ArtifactDbConnection string +AuditLevel string[] +AuthenticationContextOrder uri[] +AutoCertificateRollover bool +BrowserSsoEnabled bool +BrowserSsoSupportedUserAgents string[] +CertificateCriticalThreshold int +CertificateDuration int +CertificateGenerationThreshold int +CertificatePromotionThreshold int +CertificateRolloverInterval int +CertificateSharingContainer string +CertificateThresholdMultiplier int +ClientCertRevocationCheck Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting +ContactPerson Microsoft.IdentityServer.Management.Resources.ContactPerson +CurrentFarmBehavior int +DelegateServiceAdministration string +DeviceUsageWindowInDays int +DisplayName string +EnableIdpInitiatedSignonPage bool +EnableOauthDeviceFlow bool +EnableOauthLogout bool +ExtendedProtectionTokenCheck Microsoft.IdentityServer.PolicyModel.Configuration.ProtectionPolicySetting +ExtranetLockoutEnabled bool +ExtranetLockoutRequirePDC bool +ExtranetLockoutThreshold int +ExtranetObservationWindow timespan +FederationPassiveAddress string +GlobalRelyingPartyClaimsIssuancePolicy string +HostName string +HttpPort int +HttpsPort int +Identifier uri +IdTokenIssuer uri +IgnoreTokenBinding bool +InstalledLanguage string +IntranetUseLocalClaimsProvider bool +KmsiEnabled bool +KmsiLifetimeMins int +LocalAuthenticationTypesEnabled bool +LogLevel string[] +LoopDetectionEnabled bool +LoopDetectionMaximumTokensIssuedInInterval int +LoopDetectionTimeIntervalInSeconds int +MonitoringInterval int +NetTcpPort int +NtlmOnlySupportedClientAtProxy bool +OrganizationInfo Microsoft.IdentityServer.Management.Resources.Organization +PasswordValidationDelayInMinutes int +PersistentSsoCutoffTime datetime +PersistentSsoEnabled bool +PersistentSsoLifetimeMins int +PreventTokenReplays bool +ProxyTrustTokenLifetime int +RelayStateForIdpInitiatedSignOnEnabled bool +ReplayCacheExpirationInterval int +SamlMessageDeliveryWindow int +SendClientRequestIdAsQueryStringParameter bool +SignedSamlRequestsRequired bool +SignSamlAuthnRequests bool +SsoLifetime int +TlsClientPort int +WiaEvaluationMethod Microsoft.IdentityServer.WiaEvaluationMethodState +WIASupportedUserAgents string[] + +### Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting + +RevocationSetting +{ + None = 0, + CheckEndCert = 1, + CheckEndCertCacheOnly = 2, + CheckChain = 3, + CheckChainCacheOnly = 4, + CheckChainExcludeRoot = 5, + CheckChainExcludeRootCacheOnly = 6, +} + +### Microsoft.IdentityServer.Management.Resources.ContactPerson +ContactType string +EmailAddresses string[] +GivenName string +PhoneNumbers string[] +Surname string + +### Microsoft.IdentityServer.PolicyModel.Configuration.ProtectionPolicySetting +Allow string +Require string +None string + +### Microsoft.IdentityServer.Management.Resources.Organization +DisplayName string +Name string +OrganizationUrl string + +### Microsoft.IdentityServer.WiaEvaluationMethodState + +WiaEvaluationMethodState +{ + WiaCapabilityDetection, + WiaUserAgentDetection +} + +## NOTES + +## RELATED LINKS + +[Set-AdfsProperties](./Set-AdfsProperties.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsRegistrationHosts.md b/docset/winserver2025-ps/adfs/Get-AdfsRegistrationHosts.md new file mode 100644 index 0000000000..c28a3c8a8d --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsRegistrationHosts.md @@ -0,0 +1,58 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsregistrationhosts?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsRegistrationHosts +--- + +# Get-AdfsRegistrationHosts + +## SYNOPSIS +The Get-AdfsRegistrationHosts cmdlet is deprecated. +Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet. + +## SYNTAX + +``` +Get-AdfsRegistrationHosts [-PassThru] [] +``` + +## DESCRIPTION +The **Get-AdfsRegistrationHosts** cmdlet is deprecated in this release. +Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet. + +## EXAMPLES + +## PARAMETERS + +### -PassThru +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Set-AdfsRegistrationHosts](./Set-AdfsRegistrationHosts.md) + +[Get-AdfsDeviceRegistrationUpnSuffix](./Get-AdfsDeviceRegistrationUpnSuffix.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..e0009d1f08 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrust.md @@ -0,0 +1,141 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsRelyingPartyTrust +--- + +# Get-AdfsRelyingPartyTrust + +## SYNOPSIS +Gets the relying party trusts of the Federation Service. + +## SYNTAX + +### RelyingPartyName (Default) +``` +Get-AdfsRelyingPartyTrust [[-Name] ] [] +``` + +### Identifier +``` +Get-AdfsRelyingPartyTrust [-Identifier] [] +``` + +### PrefixIdentifier +``` +Get-AdfsRelyingPartyTrust [-PrefixIdentifier] [] +``` + +## DESCRIPTION +The **Get-AdfsRelyingPartyTrust** cmdlet gets the relying party trusts of the Federation Service. +You can use this cmdlet with no parameters to get all relying party trust objects. + +## EXAMPLES + +### Example 1: Get property settings for a relying party trust by using a name +``` +PS C:\> Get-AdfsRelyingPartyTrust -Name "FabrikamApp" +``` + +This command gets the property settings for the relying party trust named FabrikamApp. + +### Example 2: Get property settings for a relying party trust by using an identifier +``` +PS C:\> Get-AdfsRelyingPartyTrust -Identifier "https://FabrikamApp.CentralServer.org" +``` + +This command gets the property settings for a relying party trust that has the identifier `https://FabrikamApp.CentralServer.org`. + +### Example 3: Get property settings for an updated relying party trust +``` +PS C:\> Get-AdfsRelyingPartyTrust | Where-Object{ $_.LastUpdateTime -le (get-date).subtract((new-timespan -hours 24))} +``` + +This command gets the property settings for relying party trusts that have been updated in the last 24 hours. + +## PARAMETERS + +### -Identifier +Specifies an array of unique identifiers of the relying party trust to get. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies the display name of the relying party trust to get. + +```yaml +Type: String[] +Parameter Sets: RelyingPartyName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PrefixIdentifier +Specifies a prefix identifier of the relying party trust to get. +The Federation Service uses prefix matching to support wildcard-type filtering and perform matches based on a specific prefix URL. +The Federation Service performs matches by using string data type evaluation. +Matches are not case-sensitive. + +```yaml +Type: String +Parameter Sets: PrefixIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *Identifier*, *Name*, and *PrefixIdentifier* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns one or more RelyingPartyTrust objects that represent the relying party trust resources for the Federation Service. + +## NOTES +* If no *Identifier* parameter is provided, the cmdlet returns all **RelyingPartyTrust** objects. A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately consumed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party consumes the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server at the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrustsGroup.md b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrustsGroup.md new file mode 100644 index 0000000000..9fa0469f9e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyTrustsGroup.md @@ -0,0 +1,58 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsrelyingpartytrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsRelyingPartyTrustsGroup +--- + +# Get-AdfsRelyingPartyTrustsGroup + +## SYNOPSIS +Gets a relying party trust group. + +## SYNTAX + +``` +Get-AdfsRelyingPartyTrustsGroup [[-Identifier] ] [] +``` + +## DESCRIPTION +The **Get-AdfsRelyingPartyTrustsGroup** cmdlet gets a relying party trust groups in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Identifier +Specifies an array of IDs of groups to get. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrustsGroup](./Add-AdfsRelyingPartyTrustsGroup.md) + +[Remove-AdfsRelyingPartyTrustsGroup](./Remove-AdfsRelyingPartyTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebContent.md b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebContent.md new file mode 100644 index 0000000000..77e7902418 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebContent.md @@ -0,0 +1,108 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsrelyingpartywebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsRelyingPartyWebContent +--- + +# Get-AdfsRelyingPartyWebContent + +## SYNOPSIS +Gets web content objects for relying parties. + +## SYNTAX + +``` +Get-AdfsRelyingPartyWebContent [-Locale ] [-RelyingPartyName ] [] +``` + +## DESCRIPTION +The **Get-AdfsRelyingPartyWebContent** cmdlet gets web content objects for relying parties. +Specify a relying party by name. +If you do not specify a name, the cmdlet gets all relying party web content objects. +If you do not specify a locale, the cmdlet gets web content for all locales. + +## EXAMPLES + +### Example 1: Get all web content objects +``` +PS C:\> Get-AdfsRelyingPartyWebContent +``` + +This command gets web content objects for all relying parties and locales. + +### Example 2: Get web content objects for a specified relying party +``` +PS C:\> Get-AdfsRelyingPartyWebContent -Name "RelyingParty01" +``` + +This command gets web content objects for the relying party named RelyingParty01 for all locales. + +### Example 3: Get the web content object for a specified relying party and locale +``` +PS C:\> Get-AdfsRelyingPartyWebContent -Locale en-us -Name "RelyingParty01" +``` + +This command gets web content objects for the relying party named RelyingParty01 for the specified locale. + +## PARAMETERS + +### -Locale +Specifies a locale. +The cmdlet gets relying party web content for the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RelyingPartyName +Specifies an array of names of relying parties. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Name + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsRelyingPartyWebContent, Microsoft.IdentityServer.Management.Resources.AdfsRelyingPartyWebContent[] +This cmdlet generates a **System.IdentityServer.Management.Resources.AdfsRelyingPartyWebContent** object that represents web content of a relying party, or an array of such objects. +The object includes the following properties: + +- Locale: **System.Globalization.CultureInfo** +- Name: **System.String** +- ErrorPageGenericErrorMessage: **System.String** +- ErrorPageAuthorizationErrorMessage: **System.String** +- ErrorPageDeviceAuthenticationErrorMessage: **System.String** + +## NOTES + +## RELATED LINKS + +[Remove-AdfsRelyingPartyWebContent](./Remove-AdfsRelyingPartyWebContent.md) + +[Set-AdfsRelyingPartyWebContent](./Set-AdfsRelyingPartyWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebTheme.md b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebTheme.md new file mode 100644 index 0000000000..99e0e1bc28 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsRelyingPartyWebTheme.md @@ -0,0 +1,65 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsrelyingpartywebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsRelyingPartyWebTheme +--- + +# Get-AdfsRelyingPartyWebTheme + +## SYNOPSIS +Gets properties of web themes applied to relying party trusts. + +## SYNTAX + +``` +Get-AdfsRelyingPartyWebTheme [-RelyingPartyName ] [] +``` + +## DESCRIPTION +The **Get-AdfsRelyingPartyWebTheme** cmdlet gets properties of any web themes applied to relying party trusts and the names of the trusts to which these themes are applied. + +## EXAMPLES + +### Example 1: Get a web theme +``` +PS C:\> Get-AdfsRelyingPartyWebTheme -TargetRelyingPartyName "urn:app1" +``` + +This command gets the relying party web theme for the relying party named urn:app1. + +## PARAMETERS + +### -RelyingPartyName +Specifies an array of names of relying parties for which to get web themes. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Name + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Remove-AdfsRelyingPartyWebTheme](./Remove-AdfsRelyingPartyWebTheme.md) + +[Set-AdfsRelyingPartyWebTheme](./Set-AdfsRelyingPartyWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsScopeDescription.md b/docset/winserver2025-ps/adfs/Get-AdfsScopeDescription.md new file mode 100644 index 0000000000..d9ea8575db --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsScopeDescription.md @@ -0,0 +1,68 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsscopedescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsScopeDescription +--- + +# Get-AdfsScopeDescription + +## SYNOPSIS +Gets a description for a scope in AD FS. + +## SYNTAX + +``` +Get-AdfsScopeDescription [[-Name] ] [] +``` + +## DESCRIPTION +The **Get-AdfsScopeDescription** cmdlet gets scope descriptions that represent the scope of access granted to resources and applications in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Name +Specifies an array of names of scope description to get. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *Name* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthScopeDescription + +Returns one or more OAuthScopeDescription objects that represent the scope descriptions for the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsScopeDescription](./Add-AdfsScopeDescription.md) + +[Remove-AdfsScopeDescription](./Remove-AdfsScopeDescription.md) + +[Set-AdfsScopeDescription](./Set-AdfsScopeDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsServerApplication.md b/docset/winserver2025-ps/adfs/Get-AdfsServerApplication.md new file mode 100644 index 0000000000..c567db0502 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsServerApplication.md @@ -0,0 +1,186 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfsserverapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsServerApplication +--- + +# Get-AdfsServerApplication + +## SYNOPSIS +Gets configuration settings for a server application role for an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Get-AdfsServerApplication [[-Identifier] ] [] +``` + +### Name +``` +Get-AdfsServerApplication [-Name] [] +``` + +### ApplicationObject +``` +Get-AdfsServerApplication [-Application] [] +``` + +### ApplicationGroupIdentifier +``` +Get-AdfsServerApplication [-ApplicationGroupIdentifier] [] +``` + +### ApplicationGroupObject +``` +Get-AdfsServerApplication [-ApplicationGroup] [] +``` + +## DESCRIPTION +The **Get-AdfsServerApplication** cmdlet gets configuration settings for a server application role for an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Application +Specifies the server application to get. + +```yaml +Type: ServerApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroup +Specifies the application group from which to get server applications. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of the application group from which to get server applications. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of IDs of the application groups from which to get server applications. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of the application groups from which to get server applications. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +Microsoft.IdentityServer.Management.Resources.ServerApplication +Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ServerApplication +ADUserPrincipalName string +ApplicationGroupIdentifier string +ClientSecret string +Description string +Enabled bool +Identifier string +JWKSUri uri +JWTSigningCertificateRevocationCheck Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting +JWTSigningKeys System.Collections.Generic.IDictionary[string,System.Object] +Name string +RedirectUri string[] + +### Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting + +RevocationSetting +{ + None = 0, + CheckEndCert = 1, + CheckEndCertCacheOnly = 2, + CheckChain = 3, + CheckChainCacheOnly = 4, + CheckChainExcludeRoot = 5, + CheckChainExcludeRootCacheOnly = 6, +} + +## NOTES +Microsoft.IdentityServer.Management.Resources.ServerApplication inherits from Microsoft.IdentityServer.Management.Resources.ClientApplication object and implements the Microsoft.IdentityServer.Management.Resources.IApplication interface. + +Microsoft.IdentityServer.Management.Resources.ClientApplication + +ApplicationGroupIdentifier string +Description string +Enabled bool +Identifier string +Name string +RedirectUri string[] + +Microsoft.IdentityServer.Management.Resources.IApplication + +ApplicationGroupIdentifier string +Enabled bool +Name string + +## RELATED LINKS + +[Add-AdfsServerApplication](./Add-AdfsServerApplication.md) + +[Remove-AdfsServerApplication](./Remove-AdfsServerApplication.md) + +[Set-AdfsServerApplication](./Set-AdfsServerApplication.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsSslCertificate.md b/docset/winserver2025-ps/adfs/Get-AdfsSslCertificate.md new file mode 100644 index 0000000000..2a8fa9cc2f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsSslCertificate.md @@ -0,0 +1,54 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfssslcertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsSslCertificate +--- + +# Get-AdfsSslCertificate + +## SYNOPSIS +Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service. + +## SYNTAX + +``` +Get-AdfsSslCertificate [] +``` + +## DESCRIPTION +The **Get-AdfsSslCertificate** cmdlet gets the host name, port, and certificate hash for all SSL bindings configured for Active Directory Federation Services (AD FS) and, if enabled, the device registration service. + +## EXAMPLES + +### Example 1: Get information for SSL bindings +``` +PS C:\> Get-AdfsSslCertificate +HostName PortNumber CertificateHash +-------- ---------- --------------- +sts.contoso100.com 443 4195EE03C2721F7478B67E94BD83BB373FE22D98 +localhost 443 4195EE03C2721F7478B67E94BD83BB373FE22D98 +sts.contoso100.com 49443 4195EE03C2721F7478B67E94BD83BB373FE22D98 +EnterpriseRegistration.contoso... 443 4195EE03C2721F7478B67E94BD83BB373FE22D98 +``` + +This command gets the host names, ports, and certificate hashes for all configured SSL bindings. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Set-AdfsSslCertificate](./Set-AdfsSslCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsSyncProperties.md b/docset/winserver2025-ps/adfs/Get-AdfsSyncProperties.md new file mode 100644 index 0000000000..910c5d2c74 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsSyncProperties.md @@ -0,0 +1,50 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfssyncproperties?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsSyncProperties +--- + +# Get-AdfsSyncProperties + +## SYNOPSIS +Gets synchronization properties the configuration database of AD FS. + +## SYNTAX + +``` +Get-AdfsSyncProperties [] +``` + +## DESCRIPTION +The **Get-ADFSSyncProperties** cmdlet gets the synchronization properties for the configuration database of Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Get synchronization properties +``` +PS C:\> Get-ADFSSyncProperties +``` + +This command gets the synchronization properties for the configuration database. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Set-AdfsSyncProperties](./Set-AdfsSyncProperties.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsTrustedFederationPartner.md b/docset/winserver2025-ps/adfs/Get-AdfsTrustedFederationPartner.md new file mode 100644 index 0000000000..90413042ae --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsTrustedFederationPartner.md @@ -0,0 +1,81 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfstrustedfederationpartner?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsTrustedFederationPartner +--- + +# Get-AdfsTrustedFederationPartner + +## SYNOPSIS +Gets a trusted federation partner in AD FS. + +## SYNTAX + +### Name (Default) +``` +Get-AdfsTrustedFederationPartner [[-Name] ] [] +``` + +### FederationPartnerHostName +``` +Get-AdfsTrustedFederationPartner [-FederationPartnerHostName] [] +``` + +## DESCRIPTION +The **Get-AdfsTrustedFederationPartner** cmdlet gets federation partners that are trusted by this instance of Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -FederationPartnerHostName +Specifies an array of URIs of federation partners to get. + +```yaml +Type: Uri[] +Parameter Sets: FederationPartnerHostName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of federation partners to get. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsTrustedFederationPartner](./Add-AdfsTrustedFederationPartner.md) + +[Remove-AdfsTrustedFederationPartner](./Remove-AdfsTrustedFederationPartner.md) + +[Set-AdfsTrustedFederationPartner](./Set-AdfsTrustedFederationPartner.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsWebApiApplication.md b/docset/winserver2025-ps/adfs/Get-AdfsWebApiApplication.md new file mode 100644 index 0000000000..68f7f16386 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsWebApiApplication.md @@ -0,0 +1,176 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfswebapiapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsWebApiApplication +--- + +# Get-AdfsWebApiApplication + +## SYNOPSIS +Gets Web API application roles in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Get-AdfsWebApiApplication [[-Identifier] ] [] +``` + +### Name +``` +Get-AdfsWebApiApplication [-Name] [] +``` + +### PrefixIdentifier +``` +Get-AdfsWebApiApplication [-PrefixIdentifier] [] +``` + +### ApplicationObject +``` +Get-AdfsWebApiApplication [-Application] [] +``` + +### ApplicationGroupIdentifier +``` +Get-AdfsWebApiApplication [-ApplicationGroupIdentifier] [] +``` + +### ApplicationGroupObject +``` +Get-AdfsWebApiApplication [-ApplicationGroup] [] +``` + +## DESCRIPTION +The **Get-AdfsWebApiApplication** cmdlet gets Web API application roles in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Application +Specifies a Web API application to get. + +```yaml +Type: WebApiApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroup +Specifies an application group for which to get Web API applications. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ApplicationGroupIdentifier +Specifies the ID of an application group for which to get Web API applications. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID of a Web API application to get. + +```yaml +Type: String[] +Parameter Sets: Identifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of names of Web API applications to get. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PrefixIdentifier +Specifies the prefix identifier of Web API applications to get. + +```yaml +Type: String +Parameter Sets: PrefixIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +WebApiApplication objects are received by the *Application* parameter. + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *ApplicationGroup* parameter. + +### System.String + +String objects are received by the *ApplicationGroupIdentifier*, *Identifier*, and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +Returns one or more WebApiApplication objects that represent the web API applications of the Federation Service. + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApiApplication](./Add-AdfsWebApiApplication.md) + +[Remove-AdfsWebApiApplication](./Remove-AdfsWebApiApplication.md) + +[Set-AdfsWebApiApplication](./Set-AdfsWebApiApplication.md) diff --git a/docset/winserver2025-ps/adfs/Get-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Get-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..5f54ce9eaa --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,84 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Get-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Gets the relying party trust object for the Web Application Proxy. + +## SYNTAX + +``` +Get-AdfsWebApplicationProxyRelyingPartyTrust [] +``` + +## DESCRIPTION +The **Get-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet gets the Web Application Proxy relying party trust object for the proxy. + +The Web Application Proxy relying party trust is useful to manage global network access from outside the corporate network. +By setting authentication and authorization policies, an administrator can restrict access to internal web applications and services that are published through the Web Application Proxy. + +## EXAMPLES + +### Example 1: Get the relying party trust object +``` +PS C:\> Get-AdfsWebApplicationProxyRelyingPartyTrust + +AlwaysRequireAuthentication : False +Enabled : True +Identifier : {urn:AppProxy:com} +IssuanceAuthorizationRules : @RuleTemplate="AllowAllAuthzRule" => issue(Type = "http://schemas.contoso.com/authorization/claims/permit", Value="true"); +IssuanceTransformRules : @RuleTemplate="PassThroughClaims" +@RuleName="Pass Through Application Identifier" +c:[Type == "http://schemas.contoso.com/2012/01/requestcontext/claims/relyingpartytrustid"] => issue(claim = c); +@RuleTemplate="PassThroughClaims" +@RuleName="Pass Through Device Registration Identifier" +c:[Type == "http://schemas.contoso.com/2012/01/devicecontext/claims/registrationid"] => issue(claim = c); +@RuleTemplate="PassThroughClaims" +@RuleName="Pass Through UPN" +c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(claim = c); +@RuleTemplate="PassThroughClaims" +@RuleName="Pass Through Activity ID" +c:[Type == "http://schemas.contoso.com/2012/01/requestcontext/claims/client-request-id"] => issue(claim = c); + +AdditionalAuthenticationRules : +Name : urn:AppProxy:com +NotBeforeSkew : 0 +Notes : +RelyingPartyType : WebApplicationProxy +TokenLifetime : 0 +``` + +This command gets the Web Application Proxy relying party trust object. +The command displays authentication and authorization rules added previously. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApplicationProxyRelyingPartyTrust](./Add-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Disable-AdfsWebApplicationProxyRelyingPartyTrust](./Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Enable-AdfsWebApplicationProxyRelyingPartyTrust](./Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Remove-AdfsWebApplicationProxyRelyingPartyTrust](./Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Set-AdfsWebApplicationProxyRelyingPartyTrust](./Set-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsWebConfig.md b/docset/winserver2025-ps/adfs/Get-AdfsWebConfig.md new file mode 100644 index 0000000000..53b99d493b --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsWebConfig.md @@ -0,0 +1,66 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfswebconfig?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsWebConfig +--- + +# Get-AdfsWebConfig + +## SYNOPSIS +Gets AD FS web customization configuration settings. + +## SYNTAX + +``` +Get-AdfsWebConfig [] +``` + +## DESCRIPTION +The **Get-AdfsWebConfig** cmdlet gets Active Directory Federation Services (AD FS) web customization configuration settings. + +## EXAMPLES + +### Example 1: Get configuration settings +``` +PS C:\> Get-AdfsWebConfig + +ActiveThemeName : Default +CDCCookieReader : +CDCCookieWriter : +HRDCookieLifetime : 30 +HRDCookieEnabled : True +ContextCookieEnabled : True +``` + +This command gets the web customization configuration settings. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsWebConfig +This cmdlet generates an **AdfsWebConfig** object that represents AD FS web customization configuration settings. +This object contains the following properties: + +- ActiveThemeName: **System.String** +- CDCCookieReader: **System.Uri** +- CDCCookieWriter: **System.Uri** +- HRDCookieLifetime: **System.Int32** +- HRDCookieEnabled: **System.Boolean** +- ContextCookieEnabled: **System.Boolean** + +## NOTES + +## RELATED LINKS + +[Set-AdfsWebConfig](./Set-AdfsWebConfig.md) + diff --git a/docset/winserver2025-ps/adfs/Get-AdfsWebTheme.md b/docset/winserver2025-ps/adfs/Get-AdfsWebTheme.md new file mode 100644 index 0000000000..3f8c2cb523 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Get-AdfsWebTheme.md @@ -0,0 +1,110 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/get-adfswebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AdfsWebTheme +--- + +# Get-AdfsWebTheme + +## SYNOPSIS +Gets web themes. + +## SYNTAX + +``` +Get-AdfsWebTheme [-Name ] [] +``` + +## DESCRIPTION +The **Get-AdfsWebTheme** cmdlet gets **AdfsWebTheme** objects. +Specify a web theme by name. +If you do not specify a name, the cmdlet gets all the **AdfsWebTheme** objects. + +## EXAMPLES + +### Example 1: Get all web themes +``` +PS C:\> Get-AdfsWebTheme + +Name : Default +IsBuiltinTheme : True +StyleSheet : {[, System.Byte[]]} +RTLStyleSheet : {42, 32, 123, 13...} +Logo : {[, System.Byte[]]} +Illustration : {[, System.Byte[]]} +AdditionalFileResources : {[/adfs/portal/script/onload.js, System.Byte[]], [/adfs/portal/images/idp/localsts.png, System.Byte[]], [/adfs/portal/images/idp/idp.png, +System.Byte[]], [/adfs/portal/images/idp/otherorganizations.png, System.Byte[]]} +``` + +This command gets all the available web themes in Active Directory Federation Services (AD FS). + +### Example 2: Get a named web theme +``` +PS C:\> Get-AdfsWebTheme -Name "Theme01" +Name : Theme01 +IsBuiltinTheme : False +StyleSheet : {[, System.Byte[]]} +RTLStyleSheet : {42, 32, 123, 13...} +Logo : {[, System.Byte[]]} +Illustration : {[, System.Byte[]]} +AdditionalFileResources : {[/adfs/portal/script/onload.js, System.Byte[]], [/adfs/portal/images/idp/localsts.png, System.Byte[]], [/adfs/portal/images/idp/idp.png, +System.Byte[]], [/adfs/portal/images/idp/otherorganizations.png, System.Byte[]]} +``` + +This command gets the theme named Theme01. + +## PARAMETERS + +### -Name +Specifies a name. +The cmdlet gets the web theme that has the name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsWebTheme;Microsoft.IdentityServer.Management.Resources.AdfsWebTheme[] +This cmdlet generates a web customization object, **System.IdentityServer.Management.Resources.AdfsWebTheme**, or an array of these objects. +This object includes the following properties: + +- Name: **System.String** +- IsBuiltinTheme: **System.Boolean** +- StyleSheet: **IDictionary\** +- RTLStyleSheet: **byte\[\]** +- Logo: **IDictionary\** +- Illustration: **IDictionary\** +- AdditionalFileResources: **IDictionary\** + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebTheme](./Export-AdfsWebTheme.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + +[Remove-AdfsWebTheme](./Remove-AdfsWebTheme.md) + +[Set-AdfsWebTheme](./Set-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Grant-AdfsApplicationPermission.md b/docset/winserver2025-ps/adfs/Grant-AdfsApplicationPermission.md new file mode 100644 index 0000000000..52ad6308a7 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Grant-AdfsApplicationPermission.md @@ -0,0 +1,188 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/grant-adfsapplicationpermission?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Grant-AdfsApplicationPermission +--- + +# Grant-AdfsApplicationPermission + +## SYNOPSIS +Grants application permission. + +## SYNTAX + +### ClientRoleIdentifier (Default) +``` +Grant-AdfsApplicationPermission [-ClientRoleIdentifier] [-ServerRoleIdentifier] + [[-ScopeNames] ] [-Description ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### PermitAllRegisteredClients +``` +Grant-AdfsApplicationPermission [-AllowAllRegisteredClients] [-ServerRoleIdentifier] + [[-ScopeNames] ] [-Description ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Grant-AdfsApplicationPermission** cmdlet grants application permission in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -AllowAllRegisteredClients +Indicates whether to allow all registered clients. + +```yaml +Type: SwitchParameter +Parameter Sets: PermitAllRegisteredClients +Aliases: +Accepted values: true + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ClientRoleIdentifier +Specifies a client role identifier. + +```yaml +Type: String +Parameter Sets: ClientRoleIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ScopeNames +Specifies an array of scope names. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServerRoleIdentifier +Specifies a server role identifier. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter + +SwitchParameter objects are received by the *AllowAllRegisteredClients* parameter. + +### System.String + +String objects are received by the *ClientRoleIdentifier*, *Description*, *ScopeNames*, and *ServerRoleIdentifier* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthPermission + +Returns the new OAuthPermission object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AdfsApplicationPermission](./Get-AdfsApplicationPermission.md) + +[Revoke-AdfsApplicationPermission](./Revoke-AdfsApplicationPermission.md) + +[Set-AdfsApplicationPermission](./Set-AdfsApplicationPermission.md) + diff --git a/docset/winserver2025-ps/adfs/Import-AdfsAuthenticationProviderConfigurationData.md b/docset/winserver2025-ps/adfs/Import-AdfsAuthenticationProviderConfigurationData.md new file mode 100644 index 0000000000..cbfae4fdfe --- /dev/null +++ b/docset/winserver2025-ps/adfs/Import-AdfsAuthenticationProviderConfigurationData.md @@ -0,0 +1,118 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/import-adfsauthenticationproviderconfigurationdata?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Import-AdfsAuthenticationProviderConfigurationData +--- + +# Import-AdfsAuthenticationProviderConfigurationData + +## SYNOPSIS +Imports the custom configuration for an authentication provider. + +## SYNTAX + +``` +Import-AdfsAuthenticationProviderConfigurationData -Name -FilePath [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Import-AdfsAuthenticationProviderConfigurationData** cmdlet imports custom configuration for an authentication provider from a file. +Before you use this cmdlet, verify that the external authentication provider supports a custom configuration. + +Use this cmdlet when the information specific to the authentication provider changes after you initially register the authentication provider. +In some situations, the security key to access the authentication service can change and you must update the information in the Active Directory Federation Services (AD FS) configuration store for the authentication provider to function correctly. + +## EXAMPLES + +### Example 1: Import authentication provider configuration data +``` +PS C:\> Import-AdfsAuthenticationProviderConfigurationData -Name "ContosoExternalAuthProvider" -FilePath "C:\share\test.txt" +``` + +This command imports the authentication provider configuration data. +This command also overwrites existing configuration data for the specified authentication provider with the data from the file. + +## PARAMETERS + +### -FilePath +Specifies a file path. +The cmdlet imports the configuration data from a file that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the authentication provider to import. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Export-AdfsAuthenticationProviderConfigurationData](./Export-AdfsAuthenticationProviderConfigurationData.md) + diff --git a/docset/winserver2025-ps/adfs/Import-AdfsWebContent.md b/docset/winserver2025-ps/adfs/Import-AdfsWebContent.md new file mode 100644 index 0000000000..1880702655 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Import-AdfsWebContent.md @@ -0,0 +1,123 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/import-adfswebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Import-AdfsWebContent +--- + +# Import-AdfsWebContent + +## SYNOPSIS +Imports properties from a resource file into global and relying party web content objects. + +## SYNTAX + +``` +Import-AdfsWebContent [[-Locale] ] -FilePath [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Import-AdfsWebContent** cmdlet imports properties from a .resx resource file into global and relying party web content objects. +If no corresponding web content object exists, the cmdlet creates an object. +If you do not specify a locale, the cmdlet imports web content for the invariant locale. + +Use this cmdlet to implement localization of custom messages for the Active Directory Federation Services (AD FS) sign-in experience. +Export the web content by using the **Export-AdfsWebContent** cmdlet to a .resx file, localize the file, and then import the localized .resx file. + +## EXAMPLES + +### Example 1: Import web content for the invariant locale +``` +PS C:\> Import-AdfsWebContent -FilePath "C:\WebContent\Invariant.resx" +``` + +This command imports the customized web content for the invariant locale into the AD FS configuration store from the specified file. + +### Example 2: Import web content for a specified locale +``` +PS C:\> Import-AdfsWebContent -Locale en-us -FilePath "C:\WebContent\EnUs.resx" +``` + +This command imports the customized web content for the en-us locale into the AD FS configuration store from the specified file. + +## PARAMETERS + +### -FilePath +Specifies a file path. +The cmdlet imports properties from the file that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Locale +Specifies a locale. +The cmdlet imports properties of web content objects for the local that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebContent](./Export-AdfsWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Initialize-ADDeviceRegistration.md b/docset/winserver2025-ps/adfs/Initialize-ADDeviceRegistration.md new file mode 100644 index 0000000000..7442d43090 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Initialize-ADDeviceRegistration.md @@ -0,0 +1,192 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/initialize-addeviceregistration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Initialize-ADDeviceRegistration +--- + +# Initialize-ADDeviceRegistration + +## SYNOPSIS +Initializes the Device Registration Service configuration in the Active Directory forest. + +## SYNTAX + +``` +Initialize-ADDeviceRegistration -ServiceAccountName [-DeviceLocation ] + [-RegistrationQuota ] [-MaximumRegistrationInactivityPeriod ] [-Credential ] + [-Force] [-DiscoveryName ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Initialize-ADDeviceRegistration** cmdlet initializes the Device Registration Service configuration in the Active Directory forest. +To run this cmdlet, you must be logged in with enterprise administrator permissions and your Active Directory forest must have the Windows Server 2012 R2 schema. +To join devices to a workplace, you must run the **Enable-AdfsDeviceRegistration** cmdlet on each Active Directory Federation Services (AD FS) server after this cmdlet has been run successfully. + +## EXAMPLES + +### Example 1: Initialize the Device Registration Service +``` +PS C:\> Initialize-ADDeviceRegistration -ServiceAccountName "CONTOSO\svc_adfs" -DeviceLocation "Contoso.com" -RegistrationQuota 10 -MaximumRegistrationInactivityPeriod 90 -Credential ContosoAdmin +``` + +This command initializes the Device Registration Service in the Active Directory forest. + +## PARAMETERS + +### -Credential +Specifies a **PSCredential** object based on a user name and password. +This account must be a member of the Enterprise Admins group. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. +For more information, type `Get-Help Get-Credential`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeviceLocation +Specifies the domain in which to store the device objects. +Specify a domain in the current forest. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DiscoveryName +Specifies a discovery name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaximumRegistrationInactivityPeriod +Specifies the maximum number of days to elapse before a device object is deleted due to inactivity. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RegistrationQuota +Specifies the maximum number of devices that an individual user can register. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountName +Specifies the account to which to grant read and write access to the Device Registration service configuration and containers in Active Directory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Enable-AdfsDeviceRegistration](./Enable-AdfsDeviceRegistration.md) + diff --git a/docset/winserver2025-ps/adfs/Install-AdfsFarm.md b/docset/winserver2025-ps/adfs/Install-AdfsFarm.md new file mode 100644 index 0000000000..62678a61fd --- /dev/null +++ b/docset/winserver2025-ps/adfs/Install-AdfsFarm.md @@ -0,0 +1,385 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/install-adfsfarm?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-AdfsFarm +--- + +# Install-AdfsFarm + +## SYNOPSIS +Creates the first node of a new federation server farm. + +## SYNTAX + +### ADFSFarmCreateLocalDatabase (Default) +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [-WhatIf] [-Confirm] + [] +``` + +### ADFSFarmCreateLocalDatabaseDisableAutoCertRollover +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential + -SigningCertificateThumbprint [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [-WhatIf] [-Confirm] [] +``` + +### ADFSFarmCreateSharedDatabaseDisableAutoCertRollover +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential + -SigningCertificateThumbprint -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [-WhatIf] [-Confirm] + [] +``` + +### AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier + -SigningCertificateThumbprint [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [-WhatIf] [-Confirm] [] +``` + +### AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier + -SigningCertificateThumbprint -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [-WhatIf] [-Confirm] + [] +``` + +### ADFSFarmCreateSharedDatabase +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential + -SQLConnectionString [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [-WhatIf] [-Confirm] [] +``` + +### AdfsFarmCreateLocalDatabaseGmsa +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [-WhatIf] [-Confirm] + [] +``` + +### AdfsFarmCreateSharedDatabaseGmsa +``` +Install-AdfsFarm [-CertificateThumbprint ] [-Credential ] -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier -SQLConnectionString + [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Install-AdfsFarm** cmdlet creates the first node of a new federation server farm. + +## EXAMPLES + +### Example 1: Create the first node in a federation server farm using WID on the local server +``` +PS C:\> $fscredential = Get-Credential +PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential +``` + +Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer. + +In this example, a certificate thumbprint value is supplied for the *CertificateThumbprint* parameter. +This certificate will be used as the SSL certificate and the service communications certificate. +Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates. + +To specify certificates for token signing and token decryption, specify thumbprint values for the *SigningCertificateThumbprint* and *DecryptionCertificateThumbprint* parameters. + +### Example 2: Create the first node in a federation server farm using a group Managed Services Account +``` +PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -GroupServiceAccountIdentifier CONTOSO\GroupAccount01 +``` + +This example creates the first node in a federation server farm that uses a group Managed Service Account as the service account. +In this example, a certificate thumbprint value is supplied for the *CertificateThumbprint* parameter. +This certificate will be used as the SSL certificate and the service communications certificate. +Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates. +To specify certificates for token signing and token decryption, specify thumbprint values for the *SigningCertificateThumbprint* and *DecryptionCertificateThumbprint* parameters. + +### Example 3: Create the first node in a federation server farm that uses SQL Server on a remote computer +``` +PS C:\> $fscredential = Get-Credential +PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" +``` + +Creates the first node in a federation server farm that uses a Microsoft SQL Server database on a remote computer named SQLHost. + +In this example, a certificate thumbprint value is supplied for the *CertificateThumbprint* parameter. +This certificate will be used as the SSL certificate and the service communications certificate. +Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates. + +To specify certificates for token signing and token decryption, specify thumbprint values for the *SigningCertificateThumbprint* and *DecryptionCertificateThumbprint* parameters. + +### Example 4: Overwrite an AD FS configuration and create the first node in a federation server farm +``` +PS C:\> $fscredential = Get-Credential +PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -OverwriteConfiguration -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad +``` + +Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named SQLHost. + +In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the *SigningCertificateThumbprint* and *DecryptionCertificateThumbprint* parameters respectively. + + + +## PARAMETERS + +### -AdminConfiguration (Currently not supported) +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateThumbprint +Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a **PSCredential** object. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DecryptionCertificateThumbprint +Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. +If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the *SigningCertificateThumbprint* parameter. +This value should match the thumbprint of a valid certificate in the Local Computer certificate store. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationServiceDisplayName +Specifies a display name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationServiceName +Specifies a Federation Service name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the Group Managed Service Account under which the Active Directory Federation Services (AD FS) service runs. + +```yaml +Type: String +Parameter Sets: AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateLocalDatabaseGmsa, AdfsFarmCreateSharedDatabaseGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OverwriteConfiguration +Overwrites an existing AD FS configuration database with a new database. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies the Active Directory account under which the AD FS service runs. + +```yaml +Type: PSCredential +Parameter Sets: ADFSFarmCreateLocalDatabase, ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabase +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateThumbprint +Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. +If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the *DecryptionCertificateThumbprint* parameter. +This value should match the thumbprint of a valid certificate in the Local Computer certificate store. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SQLConnectionString +Specifies the SQL Server database that will store the AD FS configuration settings. +If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa, ADFSFarmCreateSharedDatabase, AdfsFarmCreateSharedDatabaseGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SSLPort +Specifies an SSL port. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TlsClientPort +Specifies a TLS client port. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adfs/Invoke-AdfsFarmBehaviorLevelRaise.md b/docset/winserver2025-ps/adfs/Invoke-AdfsFarmBehaviorLevelRaise.md new file mode 100644 index 0000000000..fde9624ab6 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Invoke-AdfsFarmBehaviorLevelRaise.md @@ -0,0 +1,184 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/invoke-adfsfarmbehaviorlevelraise?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Invoke-AdfsFarmBehaviorLevelRaise +--- + +# Invoke-AdfsFarmBehaviorLevelRaise + +## SYNOPSIS +Raises the behavior level of a farm. + +## SYNTAX + +### AdfsUpgradeServiceAccount (Default) +``` +Invoke-AdfsFarmBehaviorLevelRaise [-Member ] [-Credential ] + [-ServiceAccountCredential ] [-Force] [-WhatIf] [-Confirm] [] +``` + +### AdfsUpgradeGmsaAccount +``` +Invoke-AdfsFarmBehaviorLevelRaise [-Member ] [-Credential ] + [-GroupServiceAccountIdentifier ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Invoke-AdfsFarmBehaviorLevelRaise** cmdlet raises the behavior level of an Active Directory Federation Services (AD FS) farm to enable the new features that are available in later versions of the Windows operating system. + +To raise the behavior level of a farm that uses SQL Server as the policy database, specify the *Credential* parameter. + +## EXAMPLES + +### Example 1: Raise the farm behavior level +``` +PS C:\> Invoke-AdfsFarmBehaviorLevelRaise +``` + +This command raises the farm behavior level from Windows Server 2012 R2 to the Windows Server 2016 level. +The command applies to the latest version available on your forest. +You not have to specify the level. + +### Example 2: Raise the farm behavior level for a farm that uses SQL Server +``` +PS C:\> $Credentials = Get-Credential +PS C:\> Invoke-AdfsFarmBehaviorLevelRaise -Credential $Credentials +``` + +The first command prompts you for user name and password by using the **Get-Credential** cmdlet. +The command stores the credentials in the $Credentials variable. + +The second command raises the farm behavior level from Windows Server 2012 R2 to the Windows Server 2016 level. +The cmdlet specifies the necessary credentials stored in $Credentials. + +## PARAMETERS + +### -Credential +Specifies credentials necessary to run this cmdlet for an AD FS farm that uses SQL Server as the policy database. +The credentials provided must be an administrator on each AD FS server. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the ID of a group Managed Service Account. + +```yaml +Type: String +Parameter Sets: AdfsUpgradeGmsaAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Member +Specifies an array of members. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies credentials for a service account. + +```yaml +Type: PSCredential +Parameter Sets: AdfsUpgradeServiceAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Restore-AdfsFarmBehaviorLevel](./Restore-AdfsFarmBehaviorLevel.md) + +[Test-AdfsFarmBehaviorLevelRaise](./Test-AdfsFarmBehaviorLevelRaise.md) + +[Test-AdfsFarmBehaviorLevelRestore](./Test-AdfsFarmBehaviorLevelRestore.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsAccessControlPolicy.md b/docset/winserver2025-ps/adfs/New-AdfsAccessControlPolicy.md new file mode 100644 index 0000000000..045a046118 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsAccessControlPolicy.md @@ -0,0 +1,241 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsaccesscontrolpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsAccessControlPolicy +--- + +# New-AdfsAccessControlPolicy + +## SYNOPSIS +Creates an AD FS access control policy. + +## SYNTAX + +``` +New-AdfsAccessControlPolicy -Name [-SourceName ] [-Identifier ] + [-Description ] [-PolicyMetadata ] [-PolicyMetadataFile ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **New-AdfsAccessControlPolicy** cmdlet creates an Active Directory Federation Services (AD FS) access control policy from a policy metadata file. + +**How to create a federation metadata file** + +The federation metadata document is an XML file that is available for [download](https://adfshelp.microsoft.com/MetadataExplorer/GetFederationMetadata). To retrieve your document, enter your federation service name, and then select the **Get federation metadata** button. + +## EXAMPLES + +### Example 1: Create a policy template from a policy metadata file +``` +PS C:\> $t=New-AdfsAccessControlPolicy -Name "DemoOne" -PolicyMetadataFile "C:\filepath\ PolicyTemplateIntranetWithOneGroupParameterMFA.xml" +``` + +This command creates a policy template from a policy metadata file. + +### Example 2: Create a relying party using the policy template +``` +PS C:\> Add-AdfsRelyingPartyTrust -Name "DemoRP1" -Identifier "https://DemoRP1" -AccessControlPolicyName DemoOne -AccessControlPolicyParameters "Administrators" +``` + +This command creates a relying party using the policy template. + +### Example 3: Change parameters +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyParameters ("Administrators","Users") -AccessControlPolicyName "DemoOne" +``` + +This command changes parameters for an access control policy. + +### Example 4: Un-assign a policy template +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName $null +``` + +This command un-assigns a policy template. + +### Example 5: Create a policy template from an existing template +``` +PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyOne" -SourceName "DemoOne" +``` + +This command creates a policy template from an existing template. + +### Example 6: Create a policy template from existing metadata +``` +PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyTwo" -PolicyMetadata $t.PolicyMetadata +``` + +This command creates a policy template from existing metadata. +The $t variable is an object from **New-AccessControlPolicy**. + +### Example 7: Create a policy template from a relying party result policy +``` +PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyWithAssignment" -PolicyMetadata $r.ResultantPolicy +``` + +This command creates a policy template from a relying party result policy. +The $r variable is the object returned from **Get-AdfsRelyingPartyTrust**. + +### Example 8: Change the relying party to use a new template +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName "DemoTwo" -AccessControlPolicyParameters @{PermitGroup="Users";RejectGroup="Administrators"} +``` + +This command changes the relying party to use a new template. + +### Example 9: Complicated conditions with specific claims +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName DemoRP -AccessControlPolicyParameters` + @{"SPParameter"= @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value="Redmond"}} +``` + +### Example 10: Two specific claims for single parameter +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName "DemoRP" -AccessControlPolicyParameters` + @{"SPParameter"= (@{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value=("Redmond","DC")},` + @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department"; Operator="Equals"; Value="Azure"})} +``` + +## PARAMETERS + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyMetadata +Specifies metadata for the policy. + +```yaml +Type: PolicyMetadata +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyMetadataFile +Specifies a file that contains metadata for the policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceName +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAccessControlPolicy](./Get-AdfsAccessControlPolicy.md) + +[Remove-AdfsAccessControlPolicy](./Remove-AdfsAccessControlPolicy.md) + +[Set-AdfsAccessControlPolicy](./Set-AdfsAccessControlPolicy.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/New-AdfsApplicationGroup.md new file mode 100644 index 0000000000..439d376636 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsApplicationGroup.md @@ -0,0 +1,165 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsApplicationGroup +--- + +# New-AdfsApplicationGroup + +## SYNOPSIS +Creates an application group. + +## SYNTAX + +``` +New-AdfsApplicationGroup [-Name] [[-ApplicationGroupIdentifier] ] [-Description ] + [-Disabled] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **New-AdfsApplicationGroup** cmdlet creates an application group in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ApplicationGroupIdentifier +Specifies the ID of the application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Disabled +Indicates whether the application group is disabled. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ApplicationGroupIdentifier*, *Description*, and *Name* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns the new ApplicationGroup object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsApplicationGroup](./Disable-AdfsApplicationGroup.md) + +[Enable-AdfsApplicationGroup](./Enable-AdfsApplicationGroup.md) + +[Get-AdfsApplicationGroup](./Get-AdfsApplicationGroup.md) + +[Remove-AdfsApplicationGroup](./Remove-AdfsApplicationGroup.md) + +[Set-AdfsApplicationGroup](./Set-AdfsApplicationGroup.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsAzureMfaTenantCertificate.md b/docset/winserver2025-ps/adfs/New-AdfsAzureMfaTenantCertificate.md new file mode 100644 index 0000000000..639dcd0a18 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsAzureMfaTenantCertificate.md @@ -0,0 +1,134 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +ms.custom: has-azure-ad-ps-ref +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsazuremfatenantcertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsAzureMfaTenantCertificate +--- + +# New-AdfsAzureMfaTenantCertificate + +## SYNOPSIS +Creates a certificate for the AD FS farm to use to connect to Azure MFA, or returns the currently configured certificate. + +## SYNTAX + +``` +New-AdfsAzureMfaTenantCertificate -TenantId [-Renew ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **New-AdfsAzureMfaTenantCertificate** cmdlet creates a certificate for an Active Directory Federation Services (AD FS) farm to use to connect to Azure Multi-Factor Authentication (MFA), or returns the currently configured certificate. + +The cmdlet looks in the local machine My store for a certificate with Issuer and Subject equal to: + +- `CN = ` +- `OU = Microsoft AD FS Azure MFA` + +If it does not find one, it generates it. + +## EXAMPLES + +### Example 1: Create a certificate and enable Azure MFA on an AD FS farm +``` +PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID +PS C:\> New-AzureADServicePrincipalKeyCredential -ObjectId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64 +PS C:\> Set-AdfsAzureMfaTenant -TenantId -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720 +``` + +These commands create a certificate for Azure MFA, register the certificate in a tenant, and enable Azure MFA on an AD FS farm. + +> [!NOTE] +> Customers are encouraged to use the newer Azure Active Directory PowerShell 2.0 module. For more information about the v2.0 module, see [AzureAD PowerShell 2.0](/powershell/module/Azuread/?view=azureadps-2.0). + +### Example 2: Determine which certificate Azure MFA is using +``` +$CertInBase64 = New-AdfsAzureMfaTenantCertificate -TenantID +$cert = Security.Cryptography.X509Certificates.X509Certificate2 +$cert | Format-List * +``` + +After AD FS has been configured for Azure MFA, this command determines which certificate Azure MFA is using and when it expires. + +## PARAMETERS + +### -Renew +Renew certificate. Do not use if the certificate has already expired. In this scenario, the existing expired certificate is replaced with a new certificate. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantId +Specifies the GUID representation of the Microsoft Entra tenant ID. +This can be found in the URL bar of the Microsoft Entra admin center, as in this example: `https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory//directoryQuickStart` + +Alternatively, you can use the **Login-AzureRmAccount** cmdlet to get the tenant ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Set-AdfsAzureMfaTenant](./Set-AdfsAzureMfaTenant.md) diff --git a/docset/winserver2025-ps/adfs/New-AdfsClaimRuleSet.md b/docset/winserver2025-ps/adfs/New-AdfsClaimRuleSet.md new file mode 100644 index 0000000000..5e01182a6c --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsClaimRuleSet.md @@ -0,0 +1,111 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsclaimruleset?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsClaimRuleSet +--- + +# New-AdfsClaimRuleSet + +## SYNOPSIS +Creates a set of claim rules. + +## SYNTAX + +### FromParams +``` +New-AdfsClaimRuleSet -ClaimRule [] +``` + +### FromFile +``` +New-AdfsClaimRuleSet -ClaimRuleFile [] +``` + +## DESCRIPTION +The **New-AdfsClaimRuleSet** cmdlet creates a set of claim rules in Active Directory Federation Services (AD FS) 2.0. + +## EXAMPLES + +### Example 1: Create a claim rule set by using a text file +``` +PS C:\> $RuleSet = New-AdfsClaimRuleSet -ClaimRuleFile 'C:\ruleset.txt' +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "Fabrikam" -IssuanceTransformRules $RuleSet.ClaimRulesString +``` + +The first command creates a claim rule set by using a text file, and then stores it in the $RuleSet variable. + +The second command uses the **Set-AdfsRelyingPartyTrust** cmdlet to assign the rule set stored in $RuleSet to a relying party trust. +The command refers to the **ClaimsRuleString** property of the object stored in $RuleSet. + +### Example 2: Create a claim rule set by using an inline rule +``` +PS C:\> $RuleSet = New-AdfsClaimRuleSet -ClaimRule 'c:[] => issue(claim = c);' +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "Fabrikam" -IssuanceTransformRules $RuleSet.ClaimRulesString +``` + +The first command creates a claim rule set by using an inline AD FS 2.0 claims language rule, and then stores it in the $RuleSet variable. + +The second command uses **Set-AdfsRelyingPartyTrust** to assign the rule set stored in $RuleSet to a relying party trust. +The command refers to the **ClaimsRuleString** property of the object stored in $RuleSet. + +## PARAMETERS + +### -ClaimRule +Specifies an array of individual rules in this rule set. + +```yaml +Type: String[] +Parameter Sets: FromParams +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimRuleFile +Specifies the serialized policy text that is created by the collection of rules in the rule set. + +```yaml +Type: String +Parameter Sets: FromFile +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimRuleSet +This cmdlet generates a class structure that represents a set of AD FS 2.0 claim rules. + +## NOTES +* You can assign these claim rules to a claims provider trust or relying party trust by using the corresponding cmdlets. + +## RELATED LINKS + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsContactPerson.md b/docset/winserver2025-ps/adfs/New-AdfsContactPerson.md new file mode 100644 index 0000000000..9ba0f3c9c7 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsContactPerson.md @@ -0,0 +1,135 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfscontactperson?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsContactPerson +--- + +# New-AdfsContactPerson + +## SYNOPSIS +Creates a contact person object. + +## SYNTAX + +``` +New-AdfsContactPerson [-Company ] [-EmailAddress ] [-GivenName ] + [-TelephoneNumber ] [-Surname ] [] +``` + +## DESCRIPTION +The **New-AdfsContactPerson** cmdlet creates a contact person object in ADFS. + +## EXAMPLES + +### Example 1: Create and publish contact person object +``` +PS C:\> $CP = New-AdfsContactPerson -EmailAddress "support@fabrikam.com" +PS C:\> Set-AdfsProperties -ContactPerson $CP +``` + +The first command creates a contact person who has the specified address, and then assigns it to the $CP variable. + +The second command uses the **Set-AdfsProperties** cmdlet to publish the contact person object to the Federation Service. + +## PARAMETERS + +### -Company +Specifies the company name of the contact person. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EmailAddress +Specifies an array of e-mail addresses of the contact person. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GivenName +Specifies the given name of the contact person. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Surname +Specifies the surname, or last name, of the contact person. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TelephoneNumber +Specifies an array of telephone numbers of the contact person. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ContactPerson +This cmdlet generates a class structure that represents a contact person object in the Federation Service. + +## NOTES +* You can publish this contact person in the federation metadata of the Federation Service by using the **Set-AdfsProperties** cmdlet. + +## RELATED LINKS + +[Get-AdfsProperties](./Get-AdfsProperties.md) + +[Set-AdfsProperties](./Set-AdfsProperties.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsLdapAttributeToClaimMapping.md b/docset/winserver2025-ps/adfs/New-AdfsLdapAttributeToClaimMapping.md new file mode 100644 index 0000000000..16c470308b --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsLdapAttributeToClaimMapping.md @@ -0,0 +1,82 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsldapattributetoclaimmapping?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsLdapAttributeToClaimMapping +--- + +# New-AdfsLdapAttributeToClaimMapping + +## SYNOPSIS +Creates a mapping between an attribute of an LDAP folder and an AD FS claim type. + +## SYNTAX + +``` +New-AdfsLdapAttributeToClaimMapping [-LdapAttribute] [[-ClaimType] ] [] +``` + +## DESCRIPTION +The **New-AdfsLdapAttributeToClaimMapping** cmdlet creates a mapping between an attribute of the Lightweight Directory Access Protocol (LDAP) folder and an Active Directory Federation Services (AD FS) claim type. +Mappings make it possible for LDAP attributes to be available for claim rule processing in AD FS. + +## EXAMPLES + +### Example 1: Create a mapping of an LDAP directory attribute +``` +PS C:\> $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" +``` + +This command creates a mapping of an LDAP directory attribute to a claim type. +The command stores the mapping in the $DisplayName variable for use with other cmdlets. + +To see this cmdlet as part of creating an LDAP local claims provider trust, see the **Add-AdfsLocalClaimsProviderTrust** cmdlet. + +## PARAMETERS + +### -ClaimType +Specifies the claim type to assign to the AD FS claim that contains the LDAP attribute value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LdapAttribute +Specifies the attribute in the LDAP folder to which the claim type is mapped. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsLdapServerConnection.md b/docset/winserver2025-ps/adfs/New-AdfsLdapServerConnection.md new file mode 100644 index 0000000000..1a6a4f0fa1 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsLdapServerConnection.md @@ -0,0 +1,142 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsldapserverconnection?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsLdapServerConnection +--- + +# New-AdfsLdapServerConnection + +## SYNOPSIS +Creates a connection object. + +## SYNTAX + +``` +New-AdfsLdapServerConnection [-HostName] [-Port ] [-SslMode ] + [-AuthenticationMethod ] [-Credential ] [] +``` + +## DESCRIPTION +The **New-AdfsLdapServerConnection** cmdlet creates a connection object that represents the Lightweight Directory Access Protocol (LDAP) folder that serves as a claims provider trust. +A connection object includes host name, port, and authentication credentials. + +## EXAMPLES + +### Example 1: Create an LDAP connection +``` +PS C:\> $Credential = Get-Credential +PS C:\ > $LdapConn = New-AdfsLdapServerConnection -HostName "DomainContoller03.contoso.com" -Port 389 -SslMode None -AuthenticationMethod Basic -Credential $Credential +``` + +The first command prompts you for a user name and password by using the **Get-Credential** cmdlet. +The command stores the results in the $Credential variable. + +The second command creates an LDAP connection. +DomainContoller03.contoso.com is the fully qualified domain name of a domain controller in the other forest. +The command stores the result in the $LdapConn variable. + +To see this cmdlet as part of creating an LDAP local claims provider trust, see the **Add-AdfsLocalClaimsProviderTrust** cmdlet. + +## PARAMETERS + +### -AuthenticationMethod +Specifies the authentication method the local claims provider trust uses. +In Windows Server 2016, the only supported method is Basic (username/password). + +```yaml +Type: LdapAuthenticationMethod +Parameter Sets: (All) +Aliases: +Accepted values: Basic, Kerberos, Negotiate + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the credentials to use for the connection to the LDAP host. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HostName +Specifies the fully qualified domain name of the server that hosts the LDAP folder to which Active Directory Federation Services (AD FS) connects for authentication requests. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Port +Specifies the port that AD FS uses to connect to the LDAP host. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SslMode +Specifies SSL setting of the connection. +The acceptable values for this parameter are: + +- None +- Ssl +- Tls + +```yaml +Type: LdapSslMode +Parameter Sets: (All) +Aliases: +Accepted values: None, Ssl, Tls + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsOrganization.md b/docset/winserver2025-ps/adfs/New-AdfsOrganization.md new file mode 100644 index 0000000000..c3bce4ab8f --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsOrganization.md @@ -0,0 +1,101 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfsorganization?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsOrganization +--- + +# New-AdfsOrganization + +## SYNOPSIS +Creates a new organization information object. + +## SYNTAX + +``` +New-AdfsOrganization -DisplayName -OrganizationUrl [-Name ] [] +``` + +## DESCRIPTION +The **New-AdfsOrganization** cmdlet creates an information object for an organization in Active Directory Federation Services (AD FS) 2.0. + +## EXAMPLES + +### Example 1: Create a new organization +``` +PS C:\> New-AdfsOrganization -DisplayName "Fabrikam" -OrganizationUrl https://fabrikam.com +``` + +This command adds a new organization named Fabrikam in the AD FS. + +## PARAMETERS + +### -DisplayName +Specifies the display name of the organization. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the organization. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationUrl +Specifies the URL of the organization. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.Organization +This cmdlet generates a class structure that represents the organization object for the AD FS. + +## NOTES +* You can publish this information by using the **Set-AdfsProperties** cmdlet. + +## RELATED LINKS + +[Get-AdfsProperties](./Get-AdfsProperties.md) + +[Set-AdfsProperties](./Set-AdfsProperties.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsSamlEndpoint.md b/docset/winserver2025-ps/adfs/New-AdfsSamlEndpoint.md new file mode 100644 index 0000000000..fae7f35466 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsSamlEndpoint.md @@ -0,0 +1,162 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfssamlendpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsSamlEndpoint +--- + +# New-AdfsSamlEndpoint + +## SYNOPSIS +Creates a SAML protocol endpoint object. + +## SYNTAX + +``` +New-AdfsSamlEndpoint -Binding -Protocol -Uri [-IsDefault ] [-Index ] + [-ResponseUri ] [] +``` + +## DESCRIPTION +The **New-AdfsSamlEndpoint** cmdlet creates a Security Assertion Markup Language (SAML) protocol endpoint object. + +## EXAMPLES + +### Example 1: Create a SAML endpoint and assign it to a relying party +``` +PS C:\> $EP = New-AdfsSamlEndpoint -Binding "POST" -Protocol "SAMLAssertionConsumer" -Uri "https://fabrikam.com/saml/ac" +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "My application" -SamlEndpoint $EP +``` + +The first command creates a SAML endpoint, and then stores it in the $EP variable. + +The second command uses the **Set-AdfsRelyingPartyTrust** cmdlet to assign the endpoint stored in $EP to a relying party trust named My application. + +## PARAMETERS + +### -Binding +Specifies the binding type of the endpoint. +The acceptable values for this parameter are: POST, SOAP, Artifact, and Redirect. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Artifact, POST, Redirect, SOAP + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Index +Specifies the index that is defined for this endpoint. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsDefault +Indicates whether this is a default endpoint for the particular protocol type. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Protocol +Specifies the type of service at the endpoint. +The acceptable values for this parameter are: SAMLSingleSignOn, SAMLArtifactResolution, SAMLLogout, and SAMLAssertionConsumer. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: SAMLArtifactResolution, SAMLAssertionConsumer, SAMLLogout, SAMLSingleSignOn + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResponseUri +Specifies the response URI for the endpoint. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Uri +Specifies the URI of this endpoint. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.SamlEndpoint +This cmdlet generates a class structure that represents a SAML endpoint resource object. + +## NOTES +* You can associate this object with a relying party trust or claims provider trust by using the corresponding cmdlets. + +## RELATED LINKS + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/New-AdfsWebTheme.md b/docset/winserver2025-ps/adfs/New-AdfsWebTheme.md new file mode 100644 index 0000000000..a0b815c831 --- /dev/null +++ b/docset/winserver2025-ps/adfs/New-AdfsWebTheme.md @@ -0,0 +1,263 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/new-adfswebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AdfsWebTheme +--- + +# New-AdfsWebTheme + +## SYNOPSIS +Creates an AD FS web theme. + +## SYNTAX + +``` +New-AdfsWebTheme -Name [-SourceName ] [-StyleSheet ] + [-RTLStyleSheetPath ] [-OnLoadScriptPath ] [-Logo ] [-Illustration ] + [-AdditionalFileResource ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **New-AdfsWebTheme** cmdlet creates an Active Directory Federation Services (AD FS) web theme. +You can create an empty **AdfsWebTheme** object, or you can create an **AdfsWebTheme** object that is based on an existing theme. +If you start with an existing theme, the cmdlet copies its properties to the new object. +You can also specify properties for the AD FS web theme. + +## EXAMPLES + +### Example 1: Create a theme +``` +PS C:\> New-AdfsWebTheme -Name "Theme01" -AdditionalFileResource @{Uri="/adfs/portal/Background.png";Path="C:\Background.png"} -Illustration @{Locale="";Path="C:\Illustration.png"} -Logo @{Locale="";Path="C:\Logo.png"} -RTLStyleSheetPath "C:\StyleSheet.css" -StyleSheet @{Locale="";Path="C:\StyleSheet.css"} +``` + +This command creates a theme named Theme01 that offers a customized sign-in experience. +The command uses standard Windows PowerShell® syntax to create hash tables. +For more information, type `Get-Help about_Hash_Tables`. +The command specifies an additional file resource, an illustration image, a logo, and a cascading style sheet. +The command specifies no value for **Locale** for any of these parameters, and, therefore, the illustration, logo, and style sheet all use the invariant locale. + +### Example 2: Copy a theme +``` +PS C:\> New-AdfsWebTheme -Name "Theme02" -SourceName "Default" +``` + +This command creates a theme named Theme02 and copies the existing theme, named Default, into the new theme. +You can modify the new theme by using the **Export-AdfsWebTheme** or **Set-AdfsWebTheme** cmdlet. + +### Example 3: Create and modify a theme +``` +PS C:\> New-AdfsWebTheme -Name "Theme03" -AdditionalFileResource @{Uri="/adfs/portal/Background.png";Path="C:\Background.png"} -Illustration @{Locale="en-us";Path="c:\Illustration.png"} -Logo @{Locale="en-us";Path="C:\Logo.png"} -RTLStyleSheetPath "C:\StyleSheet.css" -SourceName "Default" -StyleSheet @{Locale="en-us";Path="C:\StyleSheet.css"} +``` + +This command creates a theme named Theme03, based on an existing theme named Default. +The command specifies an additional file resource, an illustration image, a logo, and a cascading style sheet. +The cmdlet specifies a value of en-us for **Locale** for the illustration, logo, and style sheet. + +## PARAMETERS + +### -AdditionalFileResource +Specifies an array of **Hashtable** objects that specify additional file resources by using two string keys: **Uri** and **Path**. +For more information, type `Get-Help about_Hash_Tables`. +**Uri** is the relative Uniform Resource Identifier (URI) string for a resource. +The URI always begins with /adfs/portal/. +**Path** is the file path of a resource. +If you do not specify the path, the cmdlet removes the file resource that corresponds to the specified URI. + +Specify this parameter to make resources, such as images, available to cascading style sheets or JavaScript applications. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Illustration +Specifies an array of **Hashtable** objects that specify illustrations by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object. +**Path** is a file path. +If you do not specify a locale, **Locale** refers to the invariant locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logo +Specifies an array of **Hashtable** objects that specify logos by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object. +**Path** is a file path. +If you do not specify a locale, **Locale** refers to the invariant locale. +If you do not specify a path, the cmdlet removes the file content that corresponds to the specified locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet assigns the name that you specify to the new theme. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OnLoadScriptPath +Specify this parameter to make resources, such as images, available to cascading style sheets or JavaScript applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RTLStyleSheetPath +Specifies a file path to a right-to-left (RTL) style sheet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceName +Specifies the name of an existing theme. +The cmdlet uses the theme that you specify as the basis for the new theme. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StyleSheet +Specifies an array of **Hashtable** objects that specify style sheets by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object for a style sheet. +**Path** is a file path of the style sheet. +If you do not specify a locale, **Locale** refers to the invariant locale. +If you do not specify a path, the cmdlet removes the file content that corresponds to the specified locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsWebTheme +This cmdlet generates a web customization object, **System.IdentityServer.Management.Resources.AdfsWebTheme**. +This object includes the following properties: + +- Name: **System.String** +- IsBuiltinTheme: **System.Boolean** +- StyleSheet: **IDictionary\** +- Logo: **IDictionary\** +- Illustration: **IDictionary\** +- RTLStyleSheet: **byte\[\]** +- AdditionalFileResources: **IDictionary\** + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebTheme](./Export-AdfsWebTheme.md) + +[Get-AdfsWebTheme](./Get-AdfsWebTheme.md) + +[Remove-AdfsWebTheme](./Remove-AdfsWebTheme.md) + +[Set-AdfsWebTheme](./Set-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Publish-SslCertificate.md b/docset/winserver2025-ps/adfs/Publish-SslCertificate.md new file mode 100644 index 0000000000..d1f9ca1455 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Publish-SslCertificate.md @@ -0,0 +1,90 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/publish-sslcertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Publish-SslCertificate +--- + +# Publish-SslCertificate + +## SYNOPSIS +The Publish-SslCertificate cmdlet is deprecated. +Instead, use the Set-AdfsSslCertificate cmdlet. + +## SYNTAX + +### PublishByPfxPath (Default) +``` +Publish-SslCertificate -Path -Password [] +``` + +### PublishByPfxData +``` +Publish-SslCertificate -RawPfx -Password [] +``` + +## DESCRIPTION +The **Publish-SslCertificate** cmdlet is deprecated in this release. +Instead, use the Set-AdfsSslCertificate cmdlet. + +## EXAMPLES + +## PARAMETERS + +### -Password +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +```yaml +Type: String +Parameter Sets: PublishByPfxPath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RawPfx +```yaml +Type: Byte[] +Parameter Sets: PublishByPfxData +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Set-AdfsSslCertificate](./Set-AdfsSslCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Register-AdfsAuthenticationProvider.md b/docset/winserver2025-ps/adfs/Register-AdfsAuthenticationProvider.md new file mode 100644 index 0000000000..7a77395491 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Register-AdfsAuthenticationProvider.md @@ -0,0 +1,106 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/register-adfsauthenticationprovider?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Register-AdfsAuthenticationProvider +--- + +# Register-AdfsAuthenticationProvider + +## SYNOPSIS +Registers an external authentication provider in AD FS. + +## SYNTAX + +``` +Register-AdfsAuthenticationProvider -TypeName -Name [-ConfigurationFilePath ] + [] +``` + +## DESCRIPTION +The **Register-AdfsAuthenticationProvider** cmdlet registers an external authentication provider as a provider in Active Directory Federation Services (AD FS). +Use the **Get-AdfsAuthenticationProvider** cmdlet to get a list of registered authentication providers. + +## EXAMPLES + +### Example 1: Register an authentication provider +``` +PS C:\> $TypeName = "ExternalAuthMethod.ExternalAuthProvider, ExternalAuthProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=365143bb27e7ac8b, processorArchitecture=MSIL" +PS C:\> Register-AdfsAuthenticationProvider -TypeName $TypeName -Name "MyExternalAuthProvider" -ConfigurationFilePath ".\configdata.txt" +``` + +The first command creates a variable named $TypeName that contains the configuration data for an external provider. + +The second command registers the authentication provider by using the data stored in the $TypeName variable. + +## PARAMETERS + +### -ConfigurationFilePath +Specifies the fully qualified file path of a file that contains authentication provider configuration data. + +You can also upload the file to the Active Directory Federation Services (AD FS) configuration store and make it available to the authentication provider. +Use this method if you want to provide additional information that pertains to a specific customer when you initialize the authentication provider. +Any usage of this method is specific to the vendor that supplies the authentication provider. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of an authentication provider to register in AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TypeName +Specifies the fully qualified type of the authentication provider assembly on the federation server. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsAuthenticationProvider](./Get-AdfsAuthenticationProvider.md) + +[Unregister-AdfsAuthenticationProvider](./Unregister-AdfsAuthenticationProvider.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsAccessControlPolicy.md b/docset/winserver2025-ps/adfs/Remove-AdfsAccessControlPolicy.md new file mode 100644 index 0000000000..88d1d4c1f1 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsAccessControlPolicy.md @@ -0,0 +1,133 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsaccesscontrolpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsAccessControlPolicy +--- + +# Remove-AdfsAccessControlPolicy + +## SYNOPSIS +Removes an AD FS access control policy. + +## SYNTAX + +### IdentifierName +``` +Remove-AdfsAccessControlPolicy [-TargetName] [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Remove-AdfsAccessControlPolicy [-TargetIdentifier] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsAccessControlPolicy [-TargetAccessControlPolicy] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsAccessControlPolicy** cmdlet removes an Active Directory Federation Services (AD FS) access control policy. + +## EXAMPLES + +## PARAMETERS + +### -TargetAccessControlPolicy +Specifies the access control policy to remove. + +```yaml +Type: AdfsAccessControlPolicy +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies a target ID. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the target. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAccessControlPolicy](./Get-AdfsAccessControlPolicy.md) + +[New-AdfsAccessControlPolicy](./New-AdfsAccessControlPolicy.md) + +[Set-AdfsAccessControlPolicy](./Set-AdfsAccessControlPolicy.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/Remove-AdfsApplicationGroup.md new file mode 100644 index 0000000000..040cdd8465 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsApplicationGroup.md @@ -0,0 +1,166 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsApplicationGroup +--- + +# Remove-AdfsApplicationGroup + +## SYNOPSIS +Removes an application group. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Remove-AdfsApplicationGroup [-TargetApplicationGroupIdentifier] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Remove-AdfsApplicationGroup [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationGroupObject +``` +Remove-AdfsApplicationGroup [-TargetApplicationGroup] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsApplicationGroup** cmdlet removes an application group from Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplicationGroup +Specifies the application group to remove. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetApplicationGroupIdentifier +Specifies the ID of the target application group to remove. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the application group to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *TargetApplicationGroup* parameter. + +### System.String + +String objects are received by the *TargetApplicationGroupIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns the removed ApplicationGroup object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsApplicationGroup](./Disable-AdfsApplicationGroup.md) + +[Enable-AdfsApplicationGroup](./Enable-AdfsApplicationGroup.md) + +[Get-AdfsApplicationGroup](./Get-AdfsApplicationGroup.md) + +[New-AdfsApplicationGroup](./New-AdfsApplicationGroup.md) + +[Set-AdfsApplicationGroup](./Set-AdfsApplicationGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsAttributeStore.md b/docset/winserver2025-ps/adfs/Remove-AdfsAttributeStore.md new file mode 100644 index 0000000000..9a2a19fd8f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsAttributeStore.md @@ -0,0 +1,147 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsattributestore?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsAttributeStore +--- + +# Remove-AdfsAttributeStore + +## SYNOPSIS +Removes an attribute store from the Federation Service. + +## SYNTAX + +### Name +``` +Remove-AdfsAttributeStore [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Remove-AdfsAttributeStore [-TargetAttributeStore] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsAttributeStore** cmdlet removes an attribute store from the Federation Service. + +## EXAMPLES + +### Example 1: Remove an attribute store +``` +PS C:\> Remove-ADFSAttributeStore -TargetName "ContosoAttributeStore01" +``` + +This command removes the attribute store named ContosoAttributeStore01 from the Federation Service. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAttributeStore +Specifies an **AttributeStore** object. +The cmdlet removes the **AttributeStore** object that you specify. +To obtain an attribute store, use the **Get-AdfsAttributeStore** cmdlet. + +```yaml +Type: AttributeStore +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the attribute store to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.AttributeStore + +An AttributeStore object is received by the *TargetName* parameter. + +## OUTPUTS + +### None or Microsoft.IdentityServer.Management.Resources.AttributeStore + +Returns the removed AttributeStore object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* An Active Directory Federation Services (AD FS) 2.0 attribute store is a pluggable module that the policy process for AD FS 2.0 can query to retrieve claim values. You can use either an Active Directory database or a Microsoft SQL Server database as your attribute store, or you can implement your own custom attribute store. + +## RELATED LINKS + +[Get-AdfsAttributeStore](./Get-AdfsAttributeStore.md) + +[Add-AdfsAttributeStore](./Add-AdfsAttributeStore.md) + +[Set-AdfsAttributeStore](./Set-AdfsAttributeStore.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsAuthenticationProviderWebContent.md b/docset/winserver2025-ps/adfs/Remove-AdfsAuthenticationProviderWebContent.md new file mode 100644 index 0000000000..c843438bd0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsAuthenticationProviderWebContent.md @@ -0,0 +1,136 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsauthenticationproviderwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsAuthenticationProviderWebContent +--- + +# Remove-AdfsAuthenticationProviderWebContent + +## SYNOPSIS +Removes web content customization of the authentication provider in the user sign-in web pages from AD FS. + +## SYNTAX + +### IdentifierName (Default) +``` +Remove-AdfsAuthenticationProviderWebContent [[-Locale] ] -Name [-WhatIf] [-Confirm] + [] +``` + +### IdentifierObject +``` +Remove-AdfsAuthenticationProviderWebContent [-TargetWebContent] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsAuthenticationProviderWebContent** cmdlet removes web content customization of the authentication provider in the user sign-in web pages from the Active Directory Federation Services (AD FS) service. + +## EXAMPLES + +### Example 1: Remove authentication provider web content +``` +PS C:\> Remove-AdfsAuthenticationProviderWebContent -Name "ContosoAuthenticationProvider" +``` + +This command removes the provider web content for the authentication provider named ContosoAuthenticationProvider. + +## PARAMETERS + +### -Locale +Specifies a locale. +The cmdlet removes the provider web content associated with the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet gets the provider web content associated with the name that you specify. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetWebContent +Specifies an **AdfsAuthenticationProviderWebContent** object that is used by the pipeline. + +```yaml +Type: AdfsAuthProviderWebContent +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAuthenticationProviderWebContent](./Get-AdfsAuthenticationProviderWebContent.md) + +[Set-AdfsAuthenticationProviderWebContent](./Set-AdfsAuthenticationProviderWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsCertificate.md b/docset/winserver2025-ps/adfs/Remove-AdfsCertificate.md new file mode 100644 index 0000000000..3577b69eea --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsCertificate.md @@ -0,0 +1,155 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfscertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsCertificate +--- + +# Remove-AdfsCertificate + +## SYNOPSIS +Removes a certificate from AD FS. + +## SYNTAX + +### TargetCertificate (Default) +``` +Remove-AdfsCertificate [-TargetCertificate] [-WhatIf] [-Confirm] [] +``` + +### ByProperties +``` +Remove-AdfsCertificate -CertificateType -Thumbprint [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsCertificate** cmdlet removes a certificate from Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Remove a token-signing certificate +``` +PS C:\> Remove-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint ‎"fedd995b45e633d4ef30fcbc8f3a48b627e9a28b" +``` + +This command removes a token-signing certificate from AD FS. + +## PARAMETERS + +### -CertificateType +Specifies the type of the certificate to remove. +The acceptable values for this parameter are: + +- Infocard-Signing +- Service-Communications +- Token-Encryption +- Token-Signing + +```yaml +Type: String +Parameter Sets: ByProperties +Aliases: +Accepted values: Token-Decrypting, Token-Signing + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the certificate to remove. +This value is typically taken from the pipeline. + +```yaml +Type: ServiceCertificate +Parameter Sets: TargetCertificate +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Thumbprint +Specifies the thumbprint of the certificate to remove. + +```yaml +Type: String +Parameter Sets: ByProperties +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate + +A ServiceCertificate object is received by the *TargetCertificate* parameter. + +### System.String + +A string object is received by the *Thumbprint* parameter. + +## OUTPUTS + +### None + +## NOTES +* Removing a certificate removes it only from the AD FS configuration data. It does not remove or delete the certificate from the local certificate store on the server computer. + +## RELATED LINKS + +[Add-AdfsCertificate](./Add-AdfsCertificate.md) + +[Get-AdfsCertificate](./Get-AdfsCertificate.md) + +[Set-AdfsCertificate](./Set-AdfsCertificate.md) + +[Update-AdfsCertificate](./Update-AdfsCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsClaimDescription.md b/docset/winserver2025-ps/adfs/Remove-AdfsClaimDescription.md new file mode 100644 index 0000000000..39806d1728 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsClaimDescription.md @@ -0,0 +1,193 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsclaimdescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsClaimDescription +--- + +# Remove-AdfsClaimDescription + +## SYNOPSIS +Removes a claim description from the Federation Service. + +## SYNTAX + +### Name +``` +Remove-AdfsClaimDescription [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ShortName +``` +Remove-AdfsClaimDescription [-TargetShortName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Remove-AdfsClaimDescription [-TargetClaimType] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Remove-AdfsClaimDescription [-TargetClaimDescription] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsClaimDescription** cmdlet removes a claim description from the Federation Service. + +## EXAMPLES + +### Example 1: Remove a claim description +``` +PS C:\> Remove-AdfsClaimDescription -TargetName "Role" +``` + +This command removes the claim description named Role. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimDescription +Specifies a **ClaimDescription** object. +The cmdlet removes the **ClaimDescription** object that you specify. +To obtain a claim description, use the **Get-AdfsClaimDescription** cmdlet. + +```yaml +Type: ClaimDescription +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimType +Specifies the claim type of the claim description to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the claim description to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetShortName +Specifies the short name ID that AD FS uses to lookup an existing claim description. + +```yaml +Type: String +Parameter Sets: ShortName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +A ClaimDescription object is received by the *TargetClaimDescription* parameter. + +### System.String + +String objects are received by the *TargetClaimType*, *TargetName*, and *TargetShortName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +Returns the removed ClaimDescription object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +### None + +## NOTES +* Use claim descriptions to configure the list of claims that are available to be offered or accepted by the Active Directory Federation Services (AD FS). + +## RELATED LINKS + +[Add-AdfsClaimDescription](./Add-AdfsClaimDescription.md) + +[Get-AdfsClaimDescription](./Get-AdfsClaimDescription.md) + +[Set-AdfsClaimDescription](./Set-AdfsClaimDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..149fa0a589 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrust.md @@ -0,0 +1,203 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsClaimsProviderTrust +--- + +# Remove-AdfsClaimsProviderTrust + +## SYNOPSIS +Removes a claims provider trust from the Federation Service. + +## SYNTAX + +### IdentifierObject +``` +Remove-AdfsClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### TokenSigningCertificates +``` +Remove-AdfsClaimsProviderTrust -TargetCertificate [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Remove-AdfsClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierName +``` +Remove-AdfsClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsClaimsProviderTrust** cmdlet removes a claims provider trust from the Federation Service. + +## EXAMPLES + +### Example 1: Remove a claims provider trust +``` +PS C:\> Remove-AdfsClaimsProviderTrust -TargetName "Fabrikam claims provider" +``` + +This command removes the claims provider trust named Fabrikam claims provider. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the token-signing certificate of the claims provider trust to remove. + +```yaml +Type: X509Certificate2 +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies a **ClaimsProviderTrust** object. +The cmdlet enables the claims provider trust that you specify. +To obtain a **ClaimsProviderTrust** object, use the **Get-AdfsClaimsProviderTrust** cmdlet. + +```yaml +Type: ClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the claims provider trust to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the claims provider trust to remove. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TargetCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +ClaimsProviderTrust objects are received by the *TargetClaimsProviderTrust* parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the removed ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + + +## NOTES +* The claims provider collects and authenticates a user's credentials, builds up claims for that user, and packages the claims into security tokens or Information Cards. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens or Information Cards on their behalf. When you configure Active Directory Federation Services (AD FS), the role of the claims provider is to enable its users to access resources that are hosted in a relying party organization by establishing one side of a federation trust relationship. After the trust is established, tokens and Information Cards can be presented to a relying party across the federation trust. + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrustsGroup.md b/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrustsGroup.md new file mode 100644 index 0000000000..9052ce7952 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsClaimsProviderTrustsGroup.md @@ -0,0 +1,89 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsclaimsprovidertrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsClaimsProviderTrustsGroup +--- + +# Remove-AdfsClaimsProviderTrustsGroup + +## SYNOPSIS +Removes an AD FS claims provider trust group. + +## SYNTAX + +``` +Remove-AdfsClaimsProviderTrustsGroup -TargetIdentifier [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsClaimsProviderTrustsGroup** cmdlet removes an Active Directory Federation Services (AD FS) claims provider trust group. + +## EXAMPLES + +## PARAMETERS + +### -TargetIdentifier +Specifies the ID of the target. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrustsGroup](./Add-AdfsClaimsProviderTrustsGroup.md) + +[Get-AdfsClaimsProviderTrustsGroup](./Get-AdfsClaimsProviderTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsClient.md b/docset/winserver2025-ps/adfs/Remove-AdfsClient.md new file mode 100644 index 0000000000..a97679e9e9 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsClient.md @@ -0,0 +1,172 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsClient +--- + +# Remove-AdfsClient + +## SYNOPSIS +Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS. + +## SYNTAX + +### Name (Default) +``` +Remove-AdfsClient [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ClientId +``` +Remove-AdfsClient [-TargetClientId] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Remove-AdfsClient [-TargetClient] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsClient** cmdlet deletes registration information for an OAuth 2.0 client that is currently registered with Active Directory Federation Services (AD FS). +After you delete the registration information for the OAuth 2.0 client, AD FS no longer issues authorization codes or access tokens to that OAuth 2.0 client. + +## EXAMPLES + +### Example 1: Delete registration information for an OAuth client +``` +PS C:\> Remove-AdfsClient -TargetName "Payroll Application" +``` + +This command deletes registration information for the OAuth 2.0 client that is identified by the name Payroll Application. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClient +Specifies the registered OAuth 2.0 client to delete. + +```yaml +Type: AdfsClient +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClientId +Specifies the client identifier for the registered OAuth 2.0 client to delete. + +```yaml +Type: String +Parameter Sets: ClientId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the registered OAuth 2.0 client to delete. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +AdfsClient objects are received by the *TargetClient* parameter. + +### System.String + +String objects are received by the *TargetClientId* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns the deleted AdfsClient object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClient](./Add-AdfsClient.md) + +[Disable-AdfsClient](./Disable-AdfsClient.md) + +[Enable-AdfsClient](./Enable-AdfsClient.md) + +[Get-AdfsClient](./Get-AdfsClient.md) + +[Set-AdfsClient](./Set-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsDeviceRegistrationUpnSuffix.md b/docset/winserver2025-ps/adfs/Remove-AdfsDeviceRegistrationUpnSuffix.md new file mode 100644 index 0000000000..acb5dffcb3 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsDeviceRegistrationUpnSuffix.md @@ -0,0 +1,121 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsdeviceregistrationupnsuffix?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsDeviceRegistrationUpnSuffix +--- + +# Remove-AdfsDeviceRegistrationUpnSuffix + +## SYNOPSIS +Removes a custom UPN suffix. + +## SYNTAX + +``` +Remove-AdfsDeviceRegistrationUpnSuffix [-UpnSuffix] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsDeviceRegistrationUpnSuffix** cmdlet removes a custom user principal name (UPN) suffix. +The cmdlet removes the UPN suffix and the SSL binding that corresponds to the UPN suffix. +After you remove a custom UPN suffix, accounts that have a UPN that corresponds to the specified UPN suffix can no longer register devices. +Use the **Add-AdfsDeviceRegistrationUpnSuffix** cmdlet to add a custom UPN suffix. + +## EXAMPLES + +### Example 1: Remove a custom UPN suffix +``` +PS C:\> Remove-AdfsDeviceRegistrationUpnSuffix -UpnSuffix "Child.Contoso.com" -Force +``` + +This command removes the UPN suffix Child.Contoso.com from the list of acceptable UPN suffixes for users to workplace join their devices. + +## PARAMETERS + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UpnSuffix +Specifies a UPN suffix. +The cmdlet removes the UPN suffix that you specify as a valid registration UPN suffix. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *UpnSuffix* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsDeviceRegistrationUpnSuffix](./Add-AdfsDeviceRegistrationUpnSuffix.md) + +[Get-AdfsDeviceRegistrationUpnSuffix](./Get-AdfsDeviceRegistrationUpnSuffix.md) + +[Set-AdfsDeviceRegistrationUpnSuffix](./Set-AdfsDeviceRegistrationUpnSuffix.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsFarmNode.md b/docset/winserver2025-ps/adfs/Remove-AdfsFarmNode.md new file mode 100644 index 0000000000..395f784393 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsFarmNode.md @@ -0,0 +1,91 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsfarmnode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsFarmNode +--- + +# Remove-AdfsFarmNode + +## SYNOPSIS +The Remove-AdfsFarmNode cmdlet is deprecated. +Instead, use the Uninstall-WindowsFeature cmdlet. + +## SYNTAX + +### ADFSRemoveFarmNodeDefault (Default) +``` +Remove-AdfsFarmNode -ServiceAccountCredential [] +``` + +### AdfsRemoveFarmNodeGmsa +``` +Remove-AdfsFarmNode -GroupServiceAccountIdentifier [-Credential ] [] +``` + +## DESCRIPTION +The **Remove-AdfsFarmNode** cmdlet is deprecated in this release. +Instead, use the [Uninstall-WindowsFeature](https://go.microsoft.com/fwlink/?LinkID=287572) cmdlet. +For more information on the **Uninstall-WindowsFeature** cmdlet, type `Get-Help Uninstall-WindowsFeature`. Note that the **Uninstall-WindowsFeature** cmdlet removes only the server role but doesn't remove the node from the ADFS farm. For proper cleanup, use the **Set-AdfsFarmInformation** cmdlet with the `-RemoveNode` parameter. + +## EXAMPLES + +## PARAMETERS + +### -Credential +```yaml +Type: PSCredential +Parameter Sets: AdfsRemoveFarmNodeGmsa +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +```yaml +Type: String +Parameter Sets: AdfsRemoveFarmNodeGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +```yaml +Type: PSCredential +Parameter Sets: ADFSRemoveFarmNodeDefault +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Uninstall-WindowsFeature](/powershell/module/servermanager/uninstall-windowsfeature) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsGlobalWebContent.md b/docset/winserver2025-ps/adfs/Remove-AdfsGlobalWebContent.md new file mode 100644 index 0000000000..f16c45a41b --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsGlobalWebContent.md @@ -0,0 +1,131 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsglobalwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsGlobalWebContent +--- + +# Remove-AdfsGlobalWebContent + +## SYNOPSIS +Removes a global web content object. + +## SYNTAX + +### IdentifierName (Default) +``` +Remove-AdfsGlobalWebContent [[-Locale] ] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsGlobalWebContent [-TargetWebContent] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsGlobalWebContent** cmdlet removes a global web content object that corresponds to a locale. +If you do not specify the *Locale* parameter, the cmdlet removes the global web content object of the invariant locale. +Active Directory Federation Services (AD FS) reverts to its default values when you remove all the global web content objects. + +## EXAMPLES + +### Example 1: Remove the global web content for the invariant locale +``` +PS C:\> Remove-AdfsGlobalWebContent +``` + +This command removes the global web content object that corresponds to the invariant locale. + +### Example 2: Remove the global web content for a locale +``` +PS C:\> Remove-AdfsGlobalWebContent -Locale en-us +``` + +This command removes the global web content object that corresponds to en-us locale. + +## PARAMETERS + +### -Locale +Specifies a locale. +The cmdlet removes the global web content that corresponds to the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetWebContent +Specifies the **AdfsGlobalWebContent** object to remove. +To obtain an **AdfsGlobalWebContent** object, use the **Get-AdfsGlobalWebContent** cmdlet. + +```yaml +Type: AdfsGlobalWebContent +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsGlobalWebContent](./Get-AdfsGlobalWebContent.md) + +[Set-AdfsGlobalWebContent](./Set-AdfsGlobalWebContent.md) + +[Remove-AdfsGlobalWebContent](./Remove-AdfsGlobalWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Remove-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..b1e0b756d6 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,162 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsLocalClaimsProviderTrust +--- + +# Remove-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Removes a local claims provider trust. + +## SYNTAX + +### IdentifierObject +``` +Remove-AdfsLocalClaimsProviderTrust -TargetClaimsProviderTrust [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### Identifier +``` +Remove-AdfsLocalClaimsProviderTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Remove-AdfsLocalClaimsProviderTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsLocalClaimsProviderTrust** cmdlet removes a local claims provider trust. + +## EXAMPLES + +### Example 1: Remove a local claims provider trust +``` +PS C:\> Remove-AdfsLocalClaimsProviderTrust -TargetName "testldap" +``` + +This command removes a local claims provider trust named testldap. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies the local claims provider trust to remove. +To obtain a **LocalClaimsProviderTrust** object, use the **Get-AdfsLocalClaimsProviderTrust** cmdlet. + +```yaml +Type: LocalClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the local claims provider trust to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the local claims provider trust to remove. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + +[Disable-AdfsLocalClaimsProviderTrust](./Disable-AdfsLocalClaimsProviderTrust.md) + +[Enable-AdfsLocalClaimsProviderTrust](./Enable-AdfsLocalClaimsProviderTrust.md) + +[Get-AdfsLocalClaimsProviderTrust](./Get-AdfsLocalClaimsProviderTrust.md) + +[Set-AdfsLocalClaimsProviderTrust](./Set-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsNativeClientApplication.md b/docset/winserver2025-ps/adfs/Remove-AdfsNativeClientApplication.md new file mode 100644 index 0000000000..c1bbd6132e --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsNativeClientApplication.md @@ -0,0 +1,162 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsnativeclientapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsNativeClientApplication +--- + +# Remove-AdfsNativeClientApplication + +## SYNOPSIS +Removes a native client application role from an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Remove-AdfsNativeClientApplication [-TargetIdentifier] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Remove-AdfsNativeClientApplication [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationObject +``` +Remove-AdfsNativeClientApplication [-TargetApplication] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsNativeClientApplication** cmdlet removes a native client application role from an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the native client application to remove. + +```yaml +Type: NativeClientApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the native client application to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the native client application to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +NativeClientApplication objects are received by the *TargetApplication* parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +Returns the removed NativeClientApplication object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsNativeClientApplication](./Add-AdfsNativeClientApplication.md) + +[Get-AdfsNativeClientApplication](./Get-AdfsNativeClientApplication.md) + +[Set-AdfsNativeClientApplication](./Set-AdfsNativeClientApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Remove-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..2c7aee32e6 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,158 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Remove-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Removes a relying party trust for a non-claims-aware web application or service from the Federation Service. + +## SYNTAX + +### IdentifierName (Default) +``` +Remove-AdfsNonClaimsAwareRelyingPartyTrust [-TargetName] [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Remove-AdfsNonClaimsAwareRelyingPartyTrust -TargetIdentifier [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsNonClaimsAwareRelyingPartyTrust + -TargetNonClaimsAwareRelyingPartyTrust [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet removes a relying party trust for a non-claims-aware web application or service from the Federation Service. + +A non-claims aware relying party trust is a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Remove a non-claims-aware relying party trust by using a name +``` +PS C:\> Remove-AdfsNonClaimsAwareRelyingPartyTrust -TargetName "ExpenseReport" +``` + +This command removes the non-claims-aware relying party trust for the application named ExpenseReport. + +### Example 2: Remove a non-claims-aware relying party trust by using an identifier +``` +PS C:\> Remove-AdfsNonClaimsAwareRelyingPartyTrust -TargetIdentifier "https://Contosoexpense/" +``` + +This command removes the non-claims-aware relying party trust for the expense report application that has the identifier https://Contosoexpense. + +## PARAMETERS + +### -TargetIdentifier +Specifies the identifier of the non-claims-aware relying party trust to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the non-claims-aware relying party trust to remove. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetNonClaimsAwareRelyingPartyTrust +Specifies a **NonClaimsAwareRelyingPartyTrust** object. +The cmdlet removes the non-claims-aware relying party trust that you specify. +To obtain a **NonClaimsAwareRelyingPartyTrust**, use the **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet. + +```yaml +Type: NonClaimsAwareRelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsNonClaimsAwareRelyingPartyTrust](./Add-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Disable-AdfsNonClaimsAwareRelyingPartyTrust](./Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Enable-AdfsNonClaimsAwareRelyingPartyTrust](./Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Get-AdfsNonClaimsAwareRelyingPartyTrust](./Get-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Set-AdfsNonClaimsAwareRelyingPartyTrust](./Set-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..f7f0519458 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrust.md @@ -0,0 +1,177 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsRelyingPartyTrust +--- + +# Remove-AdfsRelyingPartyTrust + +## SYNOPSIS +Removes a relying party trust from the Federation Service. + +## SYNTAX + +### Identifier +``` +Remove-AdfsRelyingPartyTrust -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsRelyingPartyTrust -TargetRelyingParty [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierName +``` +Remove-AdfsRelyingPartyTrust -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsRelyingPartyTrust** cmdlet removes a relying party trust from the Federation Service. + +## EXAMPLES + +### Example 1: Remove a relying party trust +``` +PS C:\> Remove-AdfsRelyingPartyTrust -TargetName "FabrikamApp" +``` + +This command removes the relying party trust named FabrikamApp. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the relying party trust to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the relying party trust to remove. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingParty +Specifies a **RelyingPartyTrust** object. +The cmdlet removes the relying party trust that you specify. +To obtain a **RelyingPartyTrust** object, use the **Get-AdfsRelyingPartyTrust** cmdlet. + +```yaml +Type: RelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +RelyingPartytrust objects are received by the *TargetRelyingParty* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the removed RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can be presented and ultimately consumed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party consumes the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrustsGroup.md b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrustsGroup.md new file mode 100644 index 0000000000..4599e31fdd --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyTrustsGroup.md @@ -0,0 +1,89 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsrelyingpartytrustsgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsRelyingPartyTrustsGroup +--- + +# Remove-AdfsRelyingPartyTrustsGroup + +## SYNOPSIS +Removes a relying party trusts group. + +## SYNTAX + +``` +Remove-AdfsRelyingPartyTrustsGroup -TargetIdentifier [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsRelyingPartyTrustsGroup** cmdlet removes a relying party trusts group. + +## EXAMPLES + +## PARAMETERS + +### -TargetIdentifier +Specifies the ID of the group to remove. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrustsGroup](./Add-AdfsRelyingPartyTrustsGroup.md) + +[Get-AdfsRelyingPartyTrustsGroup](./Get-AdfsRelyingPartyTrustsGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebContent.md b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebContent.md new file mode 100644 index 0000000000..344756b880 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebContent.md @@ -0,0 +1,145 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsrelyingpartywebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsRelyingPartyWebContent +--- + +# Remove-AdfsRelyingPartyWebContent + +## SYNOPSIS +Removes a relying party web content object. + +## SYNTAX + +### IdentifierName (Default) +``` +Remove-AdfsRelyingPartyWebContent [[-Locale] ] -TargetRelyingPartyName [-WhatIf] + [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsRelyingPartyWebContent [-TargetRelyingPartyWebContent] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsRelyingPartyWebContent** cmdlet removes a relying party web content object. +Specify a relying party web content object by using a name and locale, or use the **Get-AdfsRelyingPartyWebContent** cmdlet. +If you do not specify a locale, the cmdlet uses the invariant locale. + +## EXAMPLES + +### Example 1: Remove the web content object for the invariant locale +``` +PS C:\> Remove-AdfsRelyingPartyWebContent -TargetRelyingPartyName "RelyingParty01" +``` + +This command removes the web content object for the relying party named RelyingParty01 for the invariant locale. + +### Example 2: Remove the web content object for a specified locale +``` +PS C:\> Remove-AdfsRelyingPartyWebContent -Locale en-us -TargetRelyingPartyName "RelyingParty01" +``` + +This command removes the web content object for the relying party named RelyingParty01 for the specified locale. + +## PARAMETERS + +### -Locale +Specifies a locale. +The cmdlet removes relying party web content for the locale that you specify. +If you do not specify a locale, the cmdlet removes relying party web content for the invariant locale. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetRelyingPartyName +Specifies the name of the relying party from which to delete web content. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: Name + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetRelyingPartyWebContent +Specifies the web content to remove from the relying party. + +```yaml +Type: AdfsRelyingPartyWebContent +Parameter Sets: IdentifierObject +Aliases: TargetWebContent + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsRelyingPartyWebContent](./Get-AdfsRelyingPartyWebContent.md) + +[Set-AdfsRelyingPartyWebContent](./Set-AdfsRelyingPartyWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebTheme.md b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebTheme.md new file mode 100644 index 0000000000..b1e32f69f3 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsRelyingPartyWebTheme.md @@ -0,0 +1,118 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsrelyingpartywebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsRelyingPartyWebTheme +--- + +# Remove-AdfsRelyingPartyWebTheme + +## SYNOPSIS +Removes a web theme to a relying party. + +## SYNTAX + +### IdentifierName +``` +Remove-AdfsRelyingPartyWebTheme [-TargetRelyingPartyName] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsRelyingPartyWebTheme [-TargetRelyingPartyWebTheme] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsRelyingPartyWebTheme** cmdlet removes a web theme for a relying party. + +## EXAMPLES + +### Example 1: Remove a web theme +``` +PS C:\> Remove-AdfsRelyingPartyWebTheme -TargetRelyingPartyName "urn:app1" +``` + +This command removes the relying party web theme for the relying party named urn:app1. + +## PARAMETERS + +### -TargetRelyingPartyName +Specifies the name of the target relying party for which to remove the web theme. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: Name + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingPartyWebTheme +Specifies the target relying party for which to remove the web theme. + +```yaml +Type: AdfsRelyingPartyWebTheme +Parameter Sets: IdentifierObject +Aliases: TargetWebTheme + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsRelyingPartyWebTheme](./Get-AdfsRelyingPartyWebTheme.md) + +[Set-AdfsRelyingPartyWebTheme](./Set-AdfsRelyingPartyWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsScopeDescription.md b/docset/winserver2025-ps/adfs/Remove-AdfsScopeDescription.md new file mode 100644 index 0000000000..213c6daea0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsScopeDescription.md @@ -0,0 +1,120 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsscopedescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsScopeDescription +--- + +# Remove-AdfsScopeDescription + +## SYNOPSIS +Removes a scope description in AD FS. + +## SYNTAX + +### Name +``` +Remove-AdfsScopeDescription [-TargetName] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Remove-AdfsScopeDescription [-InputObject] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsScopeDescription** cmdlet removes a scope description that represents the scope of access granted to resources and applications in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -InputObject +Specifies the scope description that this cmdlet removes. + +```yaml +Type: OAuthScopeDescription +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the scope description that this cmdlet removes. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthScopeDescription + +OAuthScopeDescription objects are received by the *InputObject* parameter. + +### System.String + +String objects are received by the *TargetName* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsScopeDescription](./Add-AdfsScopeDescription.md) + +[Get-AdfsScopeDescription](./Get-AdfsScopeDescription.md) + +[Set-AdfsScopeDescription](./Set-AdfsScopeDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsServerApplication.md b/docset/winserver2025-ps/adfs/Remove-AdfsServerApplication.md new file mode 100644 index 0000000000..f071a44c9f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsServerApplication.md @@ -0,0 +1,149 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfsserverapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsServerApplication +--- + +# Remove-AdfsServerApplication + +## SYNOPSIS +Removes a server application role from an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Remove-AdfsServerApplication [-TargetIdentifier] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Name +``` +Remove-AdfsServerApplication [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationObject +``` +Remove-AdfsServerApplication [-TargetApplication] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsServerApplication** cmdlet removes a server application role from an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the server application to remove. + +```yaml +Type: ServerApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the server application to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the server application to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsServerApplication](./Add-AdfsServerApplication.md) + +[Get-AdfsServerApplication](./Get-AdfsServerApplication.md) + +[Set-AdfsServerApplication](./Set-AdfsServerApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsTrustedFederationPartner.md b/docset/winserver2025-ps/adfs/Remove-AdfsTrustedFederationPartner.md new file mode 100644 index 0000000000..8faa74d97f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsTrustedFederationPartner.md @@ -0,0 +1,151 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfstrustedfederationpartner?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsTrustedFederationPartner +--- + +# Remove-AdfsTrustedFederationPartner + +## SYNOPSIS +Removes a trusted federation partner in AD FS. + +## SYNTAX + +### Name (Default) +``` +Remove-AdfsTrustedFederationPartner [-TargetName] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### FederationPartnerHostName +``` +Remove-AdfsTrustedFederationPartner [-TargetFederationPartnerHostName] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### InputObject +``` +Remove-AdfsTrustedFederationPartner [-TargetFederationPartner] [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsTrustedFederationPartner** cmdlet removes a federation partner that is trusted by this instance of Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetFederationPartner +Specifies a federation partner to remove. + +```yaml +Type: AdfsTrustedFederationPartner +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetFederationPartnerHostName +Specifies the URI of a federation partner to remove. + +```yaml +Type: Uri +Parameter Sets: FederationPartnerHostName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of a federation partner to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsTrustedFederationPartner](./Add-AdfsTrustedFederationPartner.md) + +[Get-AdfsTrustedFederationPartner](./Get-AdfsTrustedFederationPartner.md) + +[Set-AdfsTrustedFederationPartner](./Set-AdfsTrustedFederationPartner.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsWebApiApplication.md b/docset/winserver2025-ps/adfs/Remove-AdfsWebApiApplication.md new file mode 100644 index 0000000000..bf6674e102 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsWebApiApplication.md @@ -0,0 +1,161 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfswebapiapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsWebApiApplication +--- + +# Remove-AdfsWebApiApplication + +## SYNOPSIS +Removes a Web API application role from an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Remove-AdfsWebApiApplication [-TargetIdentifier] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Name +``` +Remove-AdfsWebApiApplication [-TargetName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationObject +``` +Remove-AdfsWebApiApplication [-TargetApplication] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-AdfsWebApiApplication** cmdlet removes a Web API application role from an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the Web API application to remove. + +```yaml +Type: WebApiApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the Web API application to remove. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the Web API application to remove. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +WebApiApplication objects are received by the 'TargetApplication' parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +Returns the removed WebApiApplication object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApiApplication](./Add-AdfsWebApiApplication.md) + +[Get-AdfsWebApiApplication](./Get-AdfsWebApiApplication.md) + +[Set-AdfsWebApiApplication](./Set-AdfsWebApiApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Remove-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..4d2294b39c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,93 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Remove-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Removes the relying party trust object for the Web Application Proxy. + +## SYNTAX + +``` +Remove-AdfsWebApplicationProxyRelyingPartyTrust [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet removes the relying party trust object for Web Application Proxy. +If you remove the relying party trust, Web Application Proxy blocks all external access through the proxy. +Use this cmdlet if you plan to recreate the trust later. +To temporarily block access through the proxy, you can, instead, disable the relying party trust by using the **Disable-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet. + +The Web Application Proxy relying party trust is useful to manage global network access from outside the corporate network. +By setting authentication and authorization policies, an administrator can restrict access to internal web applications and services that are published through the Web Application Proxy. + +## EXAMPLES + +### Example 1: Remove the relying party trust +``` +PS C:\> Remove-AdfsWebApplicationProxyRelyingPartyTrust +``` + +This command removes the relying party trust object for the Web Application Proxy, which denies all access to web applications through the proxy. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApplicationProxyRelyingPartyTrust](./Add-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Disable-AdfsWebApplicationProxyRelyingPartyTrust](./Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Enable-AdfsWebApplicationProxyRelyingPartyTrust](./Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Get-AdfsWebApplicationProxyRelyingPartyTrust](./Get-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Set-AdfsWebApplicationProxyRelyingPartyTrust](./Set-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Remove-AdfsWebTheme.md b/docset/winserver2025-ps/adfs/Remove-AdfsWebTheme.md new file mode 100644 index 0000000000..bf442b723a --- /dev/null +++ b/docset/winserver2025-ps/adfs/Remove-AdfsWebTheme.md @@ -0,0 +1,135 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/remove-adfswebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AdfsWebTheme +--- + +# Remove-AdfsWebTheme + +## SYNOPSIS +Removes a web theme. + +## SYNTAX + +### IdentifierName +``` +Remove-AdfsWebTheme [-TargetName] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Remove-AdfsWebTheme [-TargetWebTheme] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AdfsWebTheme** cmdlet removes an **AdfsWebTheme** object. +Specify a web theme by name or by using the **Get-AdfsWebTheme** cmdlet. + +## EXAMPLES + +### Example 1: Remove a named web theme +``` +PS C:\> Remove-AdfsWebTheme -TargetName "Theme01" +``` + +This command removes the web theme named Theme01. + +### Example 2: Remove a web theme by specifying a web theme object +``` +PS C:\> Get-AdfsWebTheme -Name "Theme02" | Remove-AdfsWebTheme +``` + +This command uses the **Get-AdfsWebTheme** cmdlet to get the web theme named Theme02, and then passes it to the current cmdlet by using the pipeline operator. +The cmdlet removes that web theme. + +## PARAMETERS + +### -TargetName +Specifies a name. +The cmdlet removes the theme that you specify by name. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetWebTheme +Specifies an **AdfsWebTheme** object. +The cmdlet removes the theme that you specify. +To obtain an **AdfsWebTheme** object, use the **Get-AdfsWebTheme** cmdlet. + +```yaml +Type: AdfsWebTheme +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String;Microsoft.IdentityServer.Management.Resources.AdfsWebTheme + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebTheme](./Export-AdfsWebTheme.md) + +[Get-AdfsWebTheme](./Get-AdfsWebTheme.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + +[Set-AdfsWebTheme](./Set-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Restore-AdfsFarmBehaviorLevel.md b/docset/winserver2025-ps/adfs/Restore-AdfsFarmBehaviorLevel.md new file mode 100644 index 0000000000..506056ca0a --- /dev/null +++ b/docset/winserver2025-ps/adfs/Restore-AdfsFarmBehaviorLevel.md @@ -0,0 +1,139 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/restore-adfsfarmbehaviorlevel?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Restore-AdfsFarmBehaviorLevel +--- + +# Restore-AdfsFarmBehaviorLevel + +## SYNOPSIS +Restores the farm to a previous behavior level. + +## SYNTAX + +``` +Restore-AdfsFarmBehaviorLevel [-Member ] [-Credential ] -FarmBehavior [-Force] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Restore-AdfsFarmBehaviorLevel** cmdlet restores an Active Directory Federation Services (AD FS) farm to the behavior level previous to a recent raise. + +## EXAMPLES + +## PARAMETERS + +### -Credential +Specifies credentials necessary to run this cmdlet for an AD FS farm that uses SQL Server as the policy database. +The credentials provided must be an administrator on each AD FS server. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FarmBehavior +Specifies the farm behavior. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Member +Specifies an array of members. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Invoke-AdfsFarmBehaviorLevelRaise](./Invoke-AdfsFarmBehaviorLevelRaise.md) + +[Test-AdfsFarmBehaviorLevelRaise](./Test-AdfsFarmBehaviorLevelRaise.md) + +[Test-AdfsFarmBehaviorLevelRestore](./Test-AdfsFarmBehaviorLevelRestore.md) + diff --git a/docset/winserver2025-ps/adfs/Revoke-AdfsApplicationPermission.md b/docset/winserver2025-ps/adfs/Revoke-AdfsApplicationPermission.md new file mode 100644 index 0000000000..9aea7a42b5 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Revoke-AdfsApplicationPermission.md @@ -0,0 +1,150 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/revoke-adfsapplicationpermission?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Revoke-AdfsApplicationPermission +--- + +# Revoke-AdfsApplicationPermission + +## SYNOPSIS +Revokes permission for an application. + +## SYNTAX + +### Identifier (Default) +``` +Revoke-AdfsApplicationPermission [-TargetIdentifier] [-WhatIf] [-Confirm] [] +``` + +### RoleIdentifier +``` +Revoke-AdfsApplicationPermission [[-TargetClientRoleIdentifier] ] + [[-TargetServerRoleIdentifier] ] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Revoke-AdfsApplicationPermission [-InputObject] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Revoke-AdfsApplicationPermission** cmdlet revokes permission for an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -InputObject +Specifies an **OAuthPermission** object. + +```yaml +Type: OAuthPermission +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClientRoleIdentifier +```yaml +Type: String +Parameter Sets: RoleIdentifier +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetServerRoleIdentifier +```yaml +Type: String +Parameter Sets: RoleIdentifier +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthPermission + +OAuthPermission objects are received by the *InputObject* parameter. + +### System.String + +String objects are received by the *TargetClientRoleIdentifier*, *TargetIdentifier*, and *TargetServerRoleIdentifier* parameters. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsApplicationPermission](./Get-AdfsApplicationPermission.md) + +[Grant-AdfsApplicationPermission](./Grant-AdfsApplicationPermission.md) + +[Set-AdfsApplicationPermission](./Set-AdfsApplicationPermission.md) + diff --git a/docset/winserver2025-ps/adfs/Revoke-AdfsProxyTrust.md b/docset/winserver2025-ps/adfs/Revoke-AdfsProxyTrust.md new file mode 100644 index 0000000000..1d09731d94 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Revoke-AdfsProxyTrust.md @@ -0,0 +1,84 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/revoke-adfsproxytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Revoke-AdfsProxyTrust +--- + +# Revoke-AdfsProxyTrust + +## SYNOPSIS +Revokes trust for all federation server proxies configured for the Federation Service. + +## SYNTAX + +``` +Revoke-AdfsProxyTrust [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Revoke-AdfsProxyTrust** cmdlet revokes trust for all federation server proxies by resetting the trust ID for the Federation Service. +Use this cmdlet for lockdown purposes in the event of an attack or confirmed possible threat to your deployment. +The cmdlet effectively revokes trust to all configured proxies immediately. + +## EXAMPLES + +### Example 1: Revoke trust +``` +PS C:\> Revoke-AdfsProxyTrust +``` + +This command revokes all trust between the current federation server and any of its configured federation server proxies. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES +* Use this cmdlet only in the event of a security breach in a live deployment. We recommend that, if you want to practice using this cmdlet, you use a test lab environment. + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAccessControlPolicy.md b/docset/winserver2025-ps/adfs/Set-AdfsAccessControlPolicy.md new file mode 100644 index 0000000000..f120761350 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAccessControlPolicy.md @@ -0,0 +1,227 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsaccesscontrolpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAccessControlPolicy +--- + +# Set-AdfsAccessControlPolicy + +## SYNOPSIS +Modifies an AD FS access control policy. + +## SYNTAX + +### IdentifierName +``` +Set-AdfsAccessControlPolicy [-Name ] [-Identifier ] [-Description ] + [-PolicyMetadata ] [-PolicyMetadataFile ] [-PassThru] [-TargetName] [-WhatIf] + [-Confirm] [] +``` + +### Identifier +``` +Set-AdfsAccessControlPolicy [-Name ] [-Identifier ] [-Description ] + [-PolicyMetadata ] [-PolicyMetadataFile ] [-PassThru] [-TargetIdentifier] + [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsAccessControlPolicy [-Name ] [-Identifier ] [-Description ] + [-PolicyMetadata ] [-PolicyMetadataFile ] [-PassThru] + [-TargetAccessControlPolicy] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAccessControlPolicy** cmdlet modifies an Active Directory Federation Services (AD FS) access control policy. + +## EXAMPLES + +## PARAMETERS + +### -Description +Specifies a description for the policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID for the policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyMetadata +Specifies metadata for the policy. + +```yaml +Type: PolicyMetadata +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PolicyMetadataFile +Specifies the metadata file for the policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAccessControlPolicy +```yaml +Type: AdfsAccessControlPolicy +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the target. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the target name. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAccessControlPolicy](./Get-AdfsAccessControlPolicy.md) + +[New-AdfsAccessControlPolicy](./New-AdfsAccessControlPolicy.md) + +[Remove-AdfsAccessControlPolicy](./Remove-AdfsAccessControlPolicy.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAdditionalAuthenticationRule.md b/docset/winserver2025-ps/adfs/Set-AdfsAdditionalAuthenticationRule.md new file mode 100644 index 0000000000..28d842054d --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAdditionalAuthenticationRule.md @@ -0,0 +1,141 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsadditionalauthenticationrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAdditionalAuthenticationRule +--- + +# Set-AdfsAdditionalAuthenticationRule + +## SYNOPSIS +Sets the global rules that provide the trigger for additional authentication providers to be invoked. + +## SYNTAX + +### RuleSets (Default) +``` +Set-AdfsAdditionalAuthenticationRule [-AdditionalAuthenticationRules] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### RuleSetFile +``` +Set-AdfsAdditionalAuthenticationRule [-AdditionalAuthenticationRulesFile] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAdditionalAuthenticationRule** cmdlet sets the global rules that provide the trigger for additional authentication providers to be invoked. +When the claims engine evaluates the additional authentication rules and determines the requirement for multiple factor authentication, the user is prompted to perform additional authentication. +You may specify rules in the form of claim rules strings, or designate a file that contains claim rules. + +Use this rule only when all your applications are capable of performing web based credential collection through Active Directory Federation Services (AD FS). +Applications that use protocols like WS-Trust will fail to obtain a security token if the trigger is true as a result of evaluation of the rules. + +You can also set rules on the individual relying party trust using the **Set-AdfsRelyingPartyTrust** cmdlet with the **AdditionalAuthenticationRule** parameter. + +## EXAMPLES + +### Example 1: Set a global additional authentication rule +``` +PS C:\> Set-AdfsAdditionalAuthenticationRule -AdditionalAuthenticationRules 'c:[type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", value == "false"] => issue(type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = "http://schemas.microsoft.com/claims/multipleauthn" );' +``` + +This command sets an additional authentication rule to require multiple-factor authentication. + +## PARAMETERS + +### -AdditionalAuthenticationRules +Specifies rules for additional authentication. +For more information about the claims language for rules, see [Understanding Claim Rule Language in AD FS 2.0 & Higher](https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx) on TechNet. + +```yaml +Type: String +Parameter Sets: RuleSets +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies the fully qualified file path of a text file that contains claim rules. + +```yaml +Type: String +Parameter Sets: RuleSetFile +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAdditionalAuthenticationRule](./Get-AdfsAdditionalAuthenticationRule.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAlternateTlsClientBinding.md b/docset/winserver2025-ps/adfs/Set-AdfsAlternateTlsClientBinding.md new file mode 100644 index 0000000000..763651ab87 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAlternateTlsClientBinding.md @@ -0,0 +1,130 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsalternatetlsclientbinding?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAlternateTlsClientBinding +--- + +# Set-AdfsAlternateTlsClientBinding + +## SYNOPSIS +Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication. + +## SYNTAX + +``` +Set-AdfsAlternateTlsClientBinding [-Thumbprint ] [-Member ] [-Force ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAlternateTlsClientBinding** cmdlet configures an existing AD FS deployment to use the same port (443) for both device certificate and client certificate authentication (client TLS). +The cmdlet creates an endpoint for user certificate authentication on `certauth`.\, such as `certauth.contoso.com`. + +To change the deployment back to one in which user certificate authentication uses a non-standard port, use the Set-AdfsSslCertificate cmdlet with a new certificate that does not contain a Subject Alternative Name (SAN) for `certauth`.\. + +The **Install-AdfsFarm** cmdlet configures client TLS on port 49443 if the SSL certificate does not contain a Subject Alternative Name (SAN) for `certauth`.\, such as `certauth.contoso.com`. + +Use **Set-AdfsAlternateTlsClientBinding** with a new certificate that contains the SAN entry. +It will configure AD FS to use port 443 for client TLS. + +## EXAMPLES + +### Example 1: Configure a deployment +``` +PS C:\> Set-AdfsAlternateTlsClientBinding -Member "ADFSServer1.contoso.com" -Thumbprint "c67e1ffba186d70c7e00c89596e0cb5645f9874a" +``` + +This command configures a deployment to use the same port for device certificate authentication and user certificate authentication. +In this example, the certificate that has the specified thumbprint contains a SAN for certauth.contoso.com. + +## PARAMETERS + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Member +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Thumbprint +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Set-AdfsSslCertificate](./Set-AdfsSslCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsApplicationGroup.md b/docset/winserver2025-ps/adfs/Set-AdfsApplicationGroup.md new file mode 100644 index 0000000000..b5318e59cd --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsApplicationGroup.md @@ -0,0 +1,214 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsapplicationgroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsApplicationGroup +--- + +# Set-AdfsApplicationGroup + +## SYNOPSIS +Modifies an application group. + +## SYNTAX + +### ApplicationGroupIdentifier (Default) +``` +Set-AdfsApplicationGroup [-TargetApplicationGroupIdentifier] [-Name ] + [-ApplicationGroupIdentifier ] [-Description ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Set-AdfsApplicationGroup [-TargetName] [-Name ] [-ApplicationGroupIdentifier ] + [-Description ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationGroupObject +``` +Set-AdfsApplicationGroup [-TargetApplicationGroup] [-Name ] + [-ApplicationGroupIdentifier ] [-Description ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsApplicationGroup** cmdlet modifies an application group in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ApplicationGroupIdentifier +Specifies the ID of an application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description for an application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies a name for an application group. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplicationGroup +Specifies the target application group. + +```yaml +Type: ApplicationGroup +Parameter Sets: ApplicationGroupObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetApplicationGroupIdentifier +Specifies the ID for an application group. + +```yaml +Type: String +Parameter Sets: ApplicationGroupIdentifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name for an application group. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *ApplicationGroupIdentifer*, *Description*, *Name*, *TargetApplicationGroupIdentifier*, and *TargetName* parameters. + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +ApplicationGroup objects are received by the *TargetApplicationGroup* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.ApplicationGroup + +Returns the updated ApplicationGroup object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsApplicationGroup](./Disable-AdfsApplicationGroup.md) + +[Enable-AdfsApplicationGroup](./Enable-AdfsApplicationGroup.md) + +[Get-AdfsApplicationGroup](./Get-AdfsApplicationGroup.md) + +[New-AdfsApplicationGroup](./New-AdfsApplicationGroup.md) + +[Remove-AdfsApplicationGroup](./Remove-AdfsApplicationGroup.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsApplicationPermission.md b/docset/winserver2025-ps/adfs/Set-AdfsApplicationPermission.md new file mode 100644 index 0000000000..b678acebba --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsApplicationPermission.md @@ -0,0 +1,246 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsapplicationpermission?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsApplicationPermission +--- + +# Set-AdfsApplicationPermission + +## SYNOPSIS +Modifies application permissions. + +## SYNTAX + +### Identifier (Default) +``` +Set-AdfsApplicationPermission [-TargetIdentifier] [-ScopeNames ] [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### IdentifierAddScope +``` +Set-AdfsApplicationPermission [-TargetIdentifier] -AddScope [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### IdentifierRemoveScope +``` +Set-AdfsApplicationPermission [-TargetIdentifier] -RemoveScope [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Set-AdfsApplicationPermission [-InputObject] [-ScopeNames ] [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### InputObjectAddScope +``` +Set-AdfsApplicationPermission [-InputObject] -AddScope [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### InputObjectRemoveScope +``` +Set-AdfsApplicationPermission [-InputObject] -RemoveScope [-Description ] + [-WhatIf] [-Confirm] [] +``` + +### RoleIdentifier +``` +Set-AdfsApplicationPermission [[-TargetClientRoleIdentifier] ] [[-TargetServerRoleIdentifier] ] + [-ScopeNames ] [-Description ] [-WhatIf] [-Confirm] [] +``` + +### RoleIdentifierAddScope +``` +Set-AdfsApplicationPermission [[-TargetClientRoleIdentifier] ] [[-TargetServerRoleIdentifier] ] + -AddScope [-Description ] [-WhatIf] [-Confirm] [] +``` + +### RoleIdentifierRemoveScope +``` +Set-AdfsApplicationPermission [[-TargetClientRoleIdentifier] ] [[-TargetServerRoleIdentifier] ] + -RemoveScope [-Description ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsApplicationPermission** cmdlet modifies application permissions. + +## EXAMPLES + +## PARAMETERS + +### -AddScope +```yaml +Type: String[] +Parameter Sets: IdentifierAddScope, InputObjectAddScope, RoleIdentifierAddScope +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +Specifies an **OAuthPermission** object. + +```yaml +Type: OAuthPermission +Parameter Sets: InputObject, InputObjectAddScope, InputObjectRemoveScope +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -RemoveScope +```yaml +Type: String[] +Parameter Sets: IdentifierRemoveScope, InputObjectRemoveScope, RoleIdentifierRemoveScope +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ScopeNames +```yaml +Type: String[] +Parameter Sets: Identifier, InputObject, RoleIdentifier +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetClientRoleIdentifier +```yaml +Type: String +Parameter Sets: RoleIdentifier, RoleIdentifierAddScope, RoleIdentifierRemoveScope +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the target. + +```yaml +Type: String +Parameter Sets: Identifier, IdentifierAddScope, IdentifierRemoveScope +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetServerRoleIdentifier +Specifies the identifier of the target server role. + +```yaml +Type: String +Parameter Sets: RoleIdentifier, RoleIdentifierAddScope, RoleIdentifierRemoveScope +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AddScope*, *Description*, *RemoveScope*, *ScopeNames*, *TargetClientRoleIdentifier*, *TargetIdentifier*, and *TargetServerRoleIdentifier* parameters. + +### Microsoft.IdentityServer.Management.Resources.OAuthPermission + +OAuthPermission objects are received by the *InputObject* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsApplicationPermission](./Get-AdfsApplicationPermission.md) + +[Grant-AdfsApplicationPermission](./Grant-AdfsApplicationPermission.md) + +[Revoke-AdfsApplicationPermission](./Revoke-AdfsApplicationPermission.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAttributeStore.md b/docset/winserver2025-ps/adfs/Set-AdfsAttributeStore.md new file mode 100644 index 0000000000..f0ca7cd205 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAttributeStore.md @@ -0,0 +1,169 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsattributestore?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAttributeStore +--- + +# Set-AdfsAttributeStore + +## SYNOPSIS +Modifies properties of an attribute store. + +## SYNTAX + +### Name +``` +Set-AdfsAttributeStore [-Name ] [-Configuration ] [-TargetName] [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Set-AdfsAttributeStore [-Name ] [-Configuration ] [-TargetAttributeStore] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAttributeStore** cmdlet modifies properties of an attribute store in the Federation Service. + +## EXAMPLES + +### Example 1: Modify the configuration of an attribute store +``` +PS C:\> Set-AdfsAttributeStore -TargetName "ContosoAttributeStore01" -Configuration @{"runmode" = "verbose"; configParaName2 = configParaValueNew} +``` + +This command modifies the configuration for the custom attribute store named ContosoAttributeStore01. + +## PARAMETERS + +### -Configuration +Specifies the initialization parameters of the attribute store, such as a connection string. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this attribute store. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAttributeStore +Specifies an **AttributeStore** object. +The cmdlet modifies the attribute store that you specify. +To obtain an attribute store, use the **Get-AdfsAttributeStore** cmdlet. + +```yaml +Type: AttributeStore +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the attribute store to modify. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsAttributeStore](./Add-AdfsAttributeStore.md) + +[Get-AdfsAttributeStore](./Get-AdfsAttributeStore.md) + +[Remove-AdfsAttributeStore](./Remove-AdfsAttributeStore.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAuthenticationProviderWebContent.md b/docset/winserver2025-ps/adfs/Set-AdfsAuthenticationProviderWebContent.md new file mode 100644 index 0000000000..749e60dfe7 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAuthenticationProviderWebContent.md @@ -0,0 +1,204 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsauthenticationproviderwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAuthenticationProviderWebContent +--- + +# Set-AdfsAuthenticationProviderWebContent + +## SYNOPSIS +Modifies a display name and description. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsAuthenticationProviderWebContent [-DisplayName ] [-Description ] + [-UserNotProvisionedErrorMessage ] [-PassThru] [[-Locale] ] -Name [-WhatIf] + [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsAuthenticationProviderWebContent [-DisplayName ] [-Description ] + [-UserNotProvisionedErrorMessage ] [-PassThru] [-TargetWebContent] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAuthenticationProviderWebContent** cmdlet modifies a display name and description. +Use this cmdlet to customize the name of the authentication provider to a user friendly and intuitive name. +You can choose to specify a locale, or use an empty string for the *Locale* parameter to specify an invariant locale. + +## EXAMPLES + +### Example 1: Modify the authentication provider web content +``` +PS C:\> Set-AdfsAuthenticationProviderWebContent -Name MultiFactorAuthentication -DisplayName "User Friendly Name for Multifactor Authentication" -Description "Description of your choice" +``` + +This command modifies the display name and description for the authentication provider that the user sees in the Active Directory Federation Services (AD FS) logon pages. + +## PARAMETERS + +### -Description +Specifies a description. +The cmdlet modifies the provider web content with the description that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies a display name. +The cmdlet modifies the provider web content with the display name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Locale +Specifies a locale. +The cmdlet modifies the provider web content associated with the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the authentication provider whose web content is being modified. +To find a list of available authentication providers, run the command `Get-AdfsAuthenticationProvider`. +Each returned provider has a **Name** property, and that value can be used with this parameter. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetWebContent +Specifies an **AdfsAuthenticationProviderWebContent** object that is used by the pipeline. + +```yaml +Type: AdfsAuthProviderWebContent +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -UserNotProvisionedErrorMessage +Specifies an error message for a user not provisioned result. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsAuthenticationProviderWebContent](./Get-AdfsAuthenticationProviderWebContent.md) + +[Remove-AdfsAuthenticationProviderWebContent](./Remove-AdfsAuthenticationProviderWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsAzureMfaTenant.md b/docset/winserver2025-ps/adfs/Set-AdfsAzureMfaTenant.md new file mode 100644 index 0000000000..06012b4342 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsAzureMfaTenant.md @@ -0,0 +1,124 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +ms.custom: has-azure-ad-ps-ref +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsazuremfatenant?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsAzureMfaTenant +--- + +# Set-AdfsAzureMfaTenant + +## SYNOPSIS +Enables an AD FS farm to use MFA. + +## SYNTAX + +``` +Set-AdfsAzureMfaTenant -TenantId -ClientId [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsAzureMfaTenant** cmdlet enables an Active Directory Federation Services (AD FS) farm to use Azure Multi-Factor Authentication (MFA) after a certificate has been created and registered in the Microsoft Entra tenant. + +## EXAMPLES + +### Example 1: Enable Azure MFA +``` +PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID +PS C:\> New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64 +PS C:\> Set-AdfsAzureMfaTenant -TenantId -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720 +``` + +This command creates a certificate for Azure MFA, registers it in the tenant, and enables Azure MFA on the AD FS farm. + +### Example 2: Determine which certificate Azure MFA is using +``` +$CertInBase64 = New-AdfsAzureMfaTenantCertificate -TenantID +[Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($CertInBase64)) +``` + +After AD FS has been configured for Azure MFA, this command determines which certificate Azure MFA is using and when it expires. + +## PARAMETERS + +### -ClientId +Specifies the well-known ID of the Azure MFA application in Microsoft Entra ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantId +Specifies the GUID representation of a Microsoft Entra tenant ID. +This can be found in the URL bar of the Microsoft Entra admin center, as in this example: + +`https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/\/directoryQuickStart` + +You can also use the **Login-AzureRmAccount** cmdlet that is part of the Azure PowerShell module to get the tenant ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[New-AdfsAzureMfaTenantCertificate](./New-AdfsAzureMfaTenantCertificate.md) diff --git a/docset/winserver2025-ps/adfs/Set-AdfsCertSharingContainer.md b/docset/winserver2025-ps/adfs/Set-AdfsCertSharingContainer.md new file mode 100644 index 0000000000..a6d4414dd4 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsCertSharingContainer.md @@ -0,0 +1,107 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfscertsharingcontainer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsCertSharingContainer +--- + +# Set-AdfsCertSharingContainer + +## SYNOPSIS +Sets the account that is used for sharing managed certificates in a federation server farm. + +## SYNTAX + +``` +Set-AdfsCertSharingContainer -ServiceAccount [-Credential ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsCertSharingContainer** cmdlet sets the service account that is used for sharing the private keys of certificates that Active Directory Federation Services (AD FS) 2.0 generates and manages. + +## EXAMPLES + +## PARAMETERS + +### -Credential +Specifies a credential object. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccount +Specifies the service account to use for sharing private keys. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES +* Active Directory Federation Services (AD FS) 2.0 does not share the private keys of administrator-specified certificates in a federation server farm, such as certificates that a certification authority (CA) issues. + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsCertificate.md b/docset/winserver2025-ps/adfs/Set-AdfsCertificate.md new file mode 100644 index 0000000000..1600a8cfe1 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsCertificate.md @@ -0,0 +1,165 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfscertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsCertificate +--- + +# Set-AdfsCertificate + +## SYNOPSIS +Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications. + +## SYNTAX + +``` +Set-AdfsCertificate -CertificateType -Thumbprint [-IsPrimary] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsCertificate** cmdlet sets the properties of an existing certificate that Active Directory Federation Services (AD FS) uses to sign, decrypt, or secure communications. + +## EXAMPLES + +### Example 1: Set a certificate +``` +PS C:\> Set-AdfsCertificate -IsPrimary -CertificateType "Token-Signing" -Thumbprint ‎"fedd995b45e633d4ef30fcbc8f3a48b627e9a28b" +``` + +This command sets the primary token-signing certificate. + +## PARAMETERS + +### -CertificateType +Specifies the certificate type (that is, how the Federation Service uses the certificate). +The acceptable values for this parameter are: + +- Service-Communications +- Token-Decrypting +- Token-Signing + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Service-Communications, Token-Decrypting, Token-Signing + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsPrimary +Indicates that the certificate is primary. +Primary token-signing certificates are used to digitally sign outgoing claims. +Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. +Information Card signing and service communications certificates are always primary. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Thumbprint +Specifies the thumbprint of the certificate to use. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +A String object is received by the *Thumbprint* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate + +Returns the updated ServiceCertificate object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* Use the **Set-AdfsRelyingPartyTrust** or **Set-AdfsClaimsProviderTrust** cmdlets, as appropriate, to modify the certificates that are associated with a relying party or a claims provider. + +## RELATED LINKS + +[Add-AdfsCertificate](./Add-AdfsCertificate.md) + +[Get-AdfsCertificate](./Get-AdfsCertificate.md) + +[Remove-AdfsCertificate](./Remove-AdfsCertificate.md) + +[Update-AdfsCertificate](./Update-AdfsCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsCertificateAuthority.md b/docset/winserver2025-ps/adfs/Set-AdfsCertificateAuthority.md new file mode 100644 index 0000000000..c48ff25f00 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsCertificateAuthority.md @@ -0,0 +1,265 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfscertificateauthority?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsCertificateAuthority +--- + +# Set-AdfsCertificateAuthority + +## SYNOPSIS +Modifies a certificate authority. + +## SYNTAX + +### SelfIssued +``` +Set-AdfsCertificateAuthority [-SelfIssued] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### RolloverSigningCertificate +``` +Set-AdfsCertificateAuthority [-RolloverSigningCertificate] [-ForcePromotion] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### EnrollmentAgentConfiguration +``` +Set-AdfsCertificateAuthority [-EnrollmentAgent] [-CertificateAuthority ] + [-LogonCertificateTemplate ] [-WindowsHelloCertificateTemplate ] + [-EnrollmentAgentCertificateTemplate ] [-AutoEnrollEnabled ] + [-CertificateGenerationThresholdDays ] [-WindowsHelloCertificateProxyEnabled ] [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsCertificateAuthority** cmdlet modifies a certificate authority in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -AutoEnrollEnabled +{{Fill AutoEnrollEnabled Description}} + +```yaml +Type: Boolean +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateAuthority +Specifies a certificate authority. + +```yaml +Type: String +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateGenerationThresholdDays +{{Fill CertificateGenerationThresholdDays Description}} + +```yaml +Type: Int32 +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnrollmentAgent +```yaml +Type: SwitchParameter +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnrollmentAgentCertificateTemplate +```yaml +Type: String +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForcePromotion +```yaml +Type: SwitchParameter +Parameter Sets: RolloverSigningCertificate +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogonCertificateTemplate +```yaml +Type: String +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RolloverSigningCertificate +```yaml +Type: SwitchParameter +Parameter Sets: RolloverSigningCertificate +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SelfIssued +Indicates whether the certificate authority is self-issued. + +```yaml +Type: SwitchParameter +Parameter Sets: SelfIssued +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsHelloCertificateProxyEnabled +{{Fill WindowsHelloCertificateProxyEnabled Description}} + +```yaml +Type: Boolean +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsHelloCertificateTemplate +{{Fill WindowsHelloCertificateTemplate Description}} + +```yaml +Type: String +Parameter Sets: EnrollmentAgentConfiguration +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsCertificateAuthority + +Returns the updated AdfsCertificateAuthority object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Disable-AdfsCertificateAuthority](./Disable-AdfsCertificateAuthority.md) + +[Get-AdfsCertificateAuthority](./Get-AdfsCertificateAuthority.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsClaimDescription.md b/docset/winserver2025-ps/adfs/Set-AdfsClaimDescription.md new file mode 100644 index 0000000000..dd3e10e8f8 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsClaimDescription.md @@ -0,0 +1,307 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsclaimdescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsClaimDescription +--- + +# Set-AdfsClaimDescription + +## SYNOPSIS +Modifies the properties of a claim description. + +## SYNTAX + +### Name +``` +Set-AdfsClaimDescription [-IsAccepted ] [-IsOffered ] [-IsRequired ] + [-Notes ] [-Name ] [-ClaimType ] [-ShortName ] [-TargetName] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ShortName +``` +Set-AdfsClaimDescription [-IsAccepted ] [-IsOffered ] [-IsRequired ] + [-Notes ] [-Name ] [-ClaimType ] [-ShortName ] [-TargetShortName] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Set-AdfsClaimDescription [-IsAccepted ] [-IsOffered ] [-IsRequired ] + [-Notes ] [-Name ] [-ClaimType ] [-ShortName ] [-TargetClaimType] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Set-AdfsClaimDescription [-IsAccepted ] [-IsOffered ] [-IsRequired ] + [-Notes ] [-Name ] [-ClaimType ] [-ShortName ] + [-TargetClaimDescription] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsClaimDescription** cmdlet modifies properties on a Active Directory Federation Services (AD FS) claim description. + +## EXAMPLES + +### Example 1: Change the name of a claim description +``` +PS C:\> Set-AdfsClaimDescription -TargetName "Role" -Name "RoleDesc" +``` + +This command changes the name of the claim description named Role to RoleDesc. + +## PARAMETERS + +### -ClaimType +Specifies the claim type URI of the claim. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsAccepted +Indicates whether the claim is published in federation metadata as a claim that is accepted by the Federation Service. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsOffered +Indicates whether the claim is published in federation metadata as a claim that is offered by the Federation Service. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsRequired +Indicates whether the claim is published in federation metadata as a claim that is required by the Federation Service. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the claim to modify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies text that describes the purpose of the claim description. +The cmdlet adds the notes to the claim description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShortName +Specifies the unique short name identifier for the claim description that is used for issuing and consuming JWT tokens. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimDescription +Specifies a **ClaimDescription** object. +The cmdlet modifies the **ClaimDescription** object that you specify. +To obtain a claim description, use the **Get-AdfsClaimDescription** cmdlet. + +```yaml +Type: ClaimDescription +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimType +Specifies the claim type of the claim description to modify. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the friendly name of the claim description to modify. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetShortName +Specifies the short name identifier that AD FS uses to lookup an existing claim description. + +```yaml +Type: String +Parameter Sets: ShortName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +A ClaimDescription object is received by the *TargetClaimDescription* parameter. + +### System.String + +String objects are received by the *TargetClaimType*, *TargetName*, and *TargetShortName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +Returns the updated ClaimDescription object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* All Set-* cmdlets have a positional parameter (at position 0) with a name that starts with Target*. This parameter defines the search criteria, and the parameter set. For example, **Set-ADFSRelyingParty** has the parameters *TargetName*, *TargetIdentifierUri*, and *TargetRelyingParty*. You can use only one of these *Target** parameters to identify which RelyingParty to modify. Because these parameters are positional, you do not have to specify their name. Therefore, the following commands are identical in effect. The commands change the RelyingParty object named RP1 to RP2. + +- `Set-ADFSRelyingParty -TargetName RP1Name -Name RP2Name` +- `Set-ADFSRelyingParty RP1Name -Name RP2Name` + +## RELATED LINKS + +[Add-AdfsClaimDescription](./Add-AdfsClaimDescription.md) + +[Get-AdfsClaimDescription](./Get-AdfsClaimDescription.md) + +[Remove-AdfsClaimDescription](./Remove-AdfsClaimDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Set-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..43e7b35ead --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsClaimsProviderTrust.md @@ -0,0 +1,809 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsClaimsProviderTrust +--- + +# Set-AdfsClaimsProviderTrust + +## SYNOPSIS +Sets the properties of a claims provider trust. + +## SYNTAX + +### IdentifierObject +``` +Set-AdfsClaimsProviderTrust [-Name ] [-Identifier ] [-SignatureAlgorithm ] + [-TokenSigningCertificate ] [-MetadataUrl ] [-AcceptanceTransformRules ] + [-AcceptanceTransformRulesFile ] [-AllowCreate ] [-AutoUpdateEnabled ] + [-CustomMFAUri ] [-SupportsMFA ] [-WSFedEndpoint ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-MonitoringEnabled ] [-Notes ] [-OrganizationalAccountSuffix ] + [-LookupForests ] [-AlternateLoginID ] [-Force] [-ClaimOffered ] + [-SamlEndpoint ] [-ProtocolProfile ] [-RequiredNameIdFormat ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SigningCertificateRevocationCheck ] + [-PromptLoginFederation ] [-PromptLoginFallbackAuthenticationType ] + [-AnchorClaimType ] -TargetClaimsProviderTrust [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### TokenSigningCertificates +``` +Set-AdfsClaimsProviderTrust [-Name ] [-Identifier ] [-SignatureAlgorithm ] + [-TokenSigningCertificate ] [-MetadataUrl ] [-AcceptanceTransformRules ] + [-AcceptanceTransformRulesFile ] [-AllowCreate ] [-AutoUpdateEnabled ] + [-CustomMFAUri ] [-SupportsMFA ] [-WSFedEndpoint ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-MonitoringEnabled ] [-Notes ] [-OrganizationalAccountSuffix ] + [-LookupForests ] [-AlternateLoginID ] [-Force] [-ClaimOffered ] + [-SamlEndpoint ] [-ProtocolProfile ] [-RequiredNameIdFormat ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SigningCertificateRevocationCheck ] + [-PromptLoginFederation ] [-PromptLoginFallbackAuthenticationType ] + [-AnchorClaimType ] -TargetCertificate [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Identifier +``` +Set-AdfsClaimsProviderTrust [-Name ] [-Identifier ] [-SignatureAlgorithm ] + [-TokenSigningCertificate ] [-MetadataUrl ] [-AcceptanceTransformRules ] + [-AcceptanceTransformRulesFile ] [-AllowCreate ] [-AutoUpdateEnabled ] + [-CustomMFAUri ] [-SupportsMFA ] [-WSFedEndpoint ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-MonitoringEnabled ] [-Notes ] [-OrganizationalAccountSuffix ] + [-LookupForests ] [-AlternateLoginID ] [-Force] [-ClaimOffered ] + [-SamlEndpoint ] [-ProtocolProfile ] [-RequiredNameIdFormat ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SigningCertificateRevocationCheck ] + [-PromptLoginFederation ] [-PromptLoginFallbackAuthenticationType ] + [-AnchorClaimType ] -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierName +``` +Set-AdfsClaimsProviderTrust [-Name ] [-Identifier ] [-SignatureAlgorithm ] + [-TokenSigningCertificate ] [-MetadataUrl ] [-AcceptanceTransformRules ] + [-AcceptanceTransformRulesFile ] [-AllowCreate ] [-AutoUpdateEnabled ] + [-CustomMFAUri ] [-SupportsMFA ] [-WSFedEndpoint ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-MonitoringEnabled ] [-Notes ] [-OrganizationalAccountSuffix ] + [-LookupForests ] [-AlternateLoginID ] [-Force] [-ClaimOffered ] + [-SamlEndpoint ] [-ProtocolProfile ] [-RequiredNameIdFormat ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] + [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] + [-SamlAuthenticationRequestProtocolBinding ] [-SigningCertificateRevocationCheck ] + [-PromptLoginFederation ] [-PromptLoginFallbackAuthenticationType ] + [-AnchorClaimType ] -TargetName [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsClaimsProviderTrust** cmdlet configures the trust relationship with a claims provider. + +## EXAMPLES + +### Example 1: Enable auto-update for a claims provider trust +``` +PS C:\> Set-ADFSClaimsProviderTrust -TargetName "Fabrikam claims provider" -AutoUpdateEnabled $False +``` + +This command enables auto-update for the claims provider trust named Fabrikam claims provider. + +## PARAMETERS + +### -AcceptanceTransformRules +Specifies the claim acceptance transform rules for accepting claims from this claims provider. +These rules determine the information that is accepted from the partner represented by the claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AcceptanceTransformRulesFile +Specifies a file that contains the claim acceptance transform rules for accepting claims from this claims provider. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowCreate +Indicates whether the Security Assertion Markup Language (SAML) parameter *AllowCreate* is sent in SAML requests to the claims provider. +The default value is True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlternateLoginID +Specifies the LDAP name of the attribute that you want to use for login. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AnchorClaimType +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Indicates whether changes to the federation metadata by the *MetadataURL* parameter apply automatically to the configuration of the trust relationship. +If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically. + +Note: When auto-update is enabled, fields that can be overwritten by metadata become read only. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimOffered +Specifies an array of claims that are offered by this claims provider. + +```yaml +Type: ClaimDescription[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -CustomMFAUri +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptedNameIdRequired +Indicates whether the relying party requires that the **NameID** claim be encrypted. +This setting applies to SAML logout requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificate +Specifies the certificate to be used for encrypting a **NameID** to this claims provider in SAML logout requests. +Encrypting the **NameID** is optional. + +```yaml +Type: X509Certificate2 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificateRevocationCheck +Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies the unique identifier for this claims provider trust. +No other trust can use an identifier from this list. +Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but you can use any string of characters. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LookupForests +Specifies the forest DNS names that can be used to look up the **AlternateLoginID**. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies the URL at which the federation metadata for this claims provider trust is available. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether periodic monitoring of this claims provider's federation metadata is enabled. +The URL of the claims provider's federation metadata is specified by the *MetadataUrl* parameter. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes for this claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationalAccountSuffix +Specifies a list of organizational account suffixes that an administrator can configure for the claims provider trust for Home Realm Discovery (HRD) scenarios. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFallbackAuthenticationType +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFederation +The acceptable values for this parameter are: + +- None. +Do not federate prompt=login request and error instead. +- FallbackToProtocolSpecificParameters. +Translate prompt=login to wfresh=0 and Wauth=forms during federation. +If wauth is present in the original request, it will be preserved. +- ForwardPromptAndHintsOverWsFederation. +Forward prompt, login_hint, and domain_hint parameters during federation. + +```yaml +Type: PromptLoginFederation +Parameter Sets: (All) +Aliases: +Accepted values: None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtocolProfile +Specifies which protocol profiles the claims provider supports. +The acceptable values for this parameter are: + +- SAML +- WsFederation +- WsFed-SAML + +By default, both SAML and WS-Federation protocols are supported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: WsFed-SAML, WSFederation, SAML + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequiredNameIdFormat +Specifies the format that is required for **NameID** claims to be included in SAML requests to the claims provider. +By default, no format is required. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestIndex +Specifies the value of **AssertionConsumerServiceIndex** that is placed in SAML authentication requests that are sent to the claims provider. + +```yaml +Type: UInt16 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestParameters +Specifies which of the following parameters to use in SAML authentication requests to the claims provider: **AssertionConsumerServiceIndex**, **AssertionConsumerServiceUrl**, and **ProtocolBinding**. +The acceptable values for this parameter are: + +- None +- Index +- Url +- ProtocolBinding +- UrlWithProtocolBinding + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Index, None, , ProtocolBinding, Url, UrlWithProtocolBinding + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlAuthenticationRequestProtocolBinding +Specifies the value of **ProtocolBinding** to place in SAML authentication requests to the claims provider. +The acceptable values for this parameter are: + +- Artifact +- POST +- Redirect + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Artifact, , POST, Redirect + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlEndpoint +Specifies an array of SAML protocol endpoints for this claims provider. + +```yaml +Type: SamlEndpoint[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SignatureAlgorithm +Specifies the signature algorithm that the claims provider uses for signing and verification. +The acceptable values for this parameter are: + +- https://www.w3.org/2000/09/xmldsig#rsa-sha1 +- https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: https://www.w3.org/2000/09/xmldsig#rsa-sha1, https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignedSamlRequestsRequired +Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. +If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateRevocationCheck +Specifies the type of certificate validation that occurs when signatures are verified on responses or assertions from the claims provider. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SupportsMFA +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the certificate of the claims provider trust that is modified by the cmdlet. + +```yaml +Type: X509Certificate2 +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies a **ClaimsProviderTrust** object. +The cmdlet modifies the claims provider trust that you specify. +To obtain a **ClaimsProviderTrust** object, use the **Get-AdfsClaimsProviderTrust** cmdlet. + +```yaml +Type: ClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the claims provider trust that is modified by the cmdlet. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the friendly name of the claims provider trust that is modified by the cmdlet. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TokenSigningCertificate +Specifies an array of token-signing certificates that the claims provider use. + +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WSFedEndpoint +Specifies the WS-Federation Passive URL for this claims provider. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +ClaimDescription objects are received by the *ClaimOffered* parameter. + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TargetCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +ClaimsProviderTrust objects are received by the *TargetClaimsProviderTrust* parameter. + +### System.String + +String objects are received by the *AcceptanceTransformRules*, *SamlEndpoint*, *TargetIdentifier*, and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the changed ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* The claims provider collects and authenticates a user's credentials, builds up claims for that user, and packages the claims into security tokens or Information Cards. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens or Information Cards on their behalf. When you configure Active Directory Federation Services (AD FS), the role of the claims provider is to enable its users to access resources that are hosted in a relying party organization by establishing one side of a federation trust relationship. After the trust is established, tokens and Information Cards can be presented to a relying party across the federation trust. + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Update-AdfsClaimsProviderTrust](./Update-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsClient.md b/docset/winserver2025-ps/adfs/Set-AdfsClient.md new file mode 100644 index 0000000000..d60827891b --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsClient.md @@ -0,0 +1,419 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsclient?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsClient +--- + +# Set-AdfsClient + +## SYNOPSIS +Modifies registration settings for an OAuth 2.0 client registered with AD FS. + +## SYNTAX + +### Name (Default) +``` +Set-AdfsClient [-Force] [-TargetName] [-ClientId ] [-Name ] [-RedirectUri ] + [-Description ] [-ADUserPrincipalName ] [-JWTSigningCertificate ] + [-JWTSigningCertificateRevocationCheck ] [-ChangeClientSecret] [-ResetClientSecret] + [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] [-LogoutUri ] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### ClientId +``` +Set-AdfsClient [-Force] [-TargetClientId] [-ClientId ] [-Name ] + [-RedirectUri ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-ChangeClientSecret] [-ResetClientSecret] [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] + [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Set-AdfsClient [-Force] [-TargetClient] [-ClientId ] [-Name ] + [-RedirectUri ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-ChangeClientSecret] [-ResetClientSecret] [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] + [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsClient** cmdlet modifies registration settings for an OAuth 2.0 client registered with Active Directory Federation Services (AD FS). +Use this cmdlet to modify the settings, including the client identifier, redirection URI, name, or description of the OAuth 2.0 client. +You can also use this cmdlet to register additional redirection URIs for the OAuth 2.0 client. + +## EXAMPLES + +### Example 1: Modify the redirection URI +``` +PS C:\> Set-AdfsClient -TargetName "Payroll Application" -RedirectUri "https://localhost" +``` + +This command changes the redirection URI for the OAuth 2.0 client currently registered with AD FS with the name Payroll Application. + +### Example 2: Rename an OAuth 2.0 client +``` +PS C:\> Set-AdfsClient -TargetName "Payroll Application" -Name "Payroll Application v2" +``` + +This command renames the OAuth 2.0 client currently registered with AD FS with the name Payroll Application. + +## PARAMETERS + +### -ADUserPrincipalName +Specifies an Active Directory user principal name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ChangeClientSecret +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClientId +Specifies a string. +The cmdlet modifies the OAuth 2.0 client registration information with the identifier that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Description +Specifies a description. +The cmdlet modifies the OAuth 2.0 client registration information with the description that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSFile +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSUri +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificate +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificateRevocationCheck +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: RevocationSetting +Parameter Sets: (All) +Aliases: +Accepted values: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet modifies the OAuth 2.0 client registration information with the name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies one or more redirection URIs. +The cmdlet modifies the OAuth 2.0 client registration information with the redirection URIs that you specify. + +The OAuth 2.0 client uses the redirection URI when the client requests authorization to access a resource secured by AD FS. +You may register multiple redirection URIs for a single client identifier. +The redirection URI must be a valid URI. + +The redirection URI specified by the client must already be registered with AD FS and must correspond to the client identifier for that OAuth 2.0 client, in order for the client to be authorized to access the resource. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, AD FS will deliver the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +Ensure that the value of the RedirectUri parameter matches exactly the redirection URI that will be specified by the OAuth 2.0 client when requesting authorization, including trailing slashes (/), if required. +Use more secure schemes, such as https, when you specify a redirection URI. + +For Windows Store applications that authenticate using the Windows Web Authentication Broker, use the 'ms-app://' scheme when registering a redirect URI. +For example, ms-app://s-1-15-2-1101140336-4090662585-1905587327-262951538-2732256205-1306401843-4235927180/ is a redirect URI for a Windows Store application. +If you are developing a Windows Store application, you can obtain the redirect URI for your application using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ReloadJWTSigningKeys +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResetClientSecret +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClient +Specifies the registered OAuth 2.0 client to modify. + +```yaml +Type: AdfsClient +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClientId +Specifies the client identifier for the registered OAuth 2.0 client to modify. + +```yaml +Type: String +Parameter Sets: ClientId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the registered OAuth 2.0 client to modify. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +AdfsClient objects are received by the *TargetClient* parameter. + +### System.String + +String objects are received by the *ClientId*, *Description*, *Name*, *RedirectUri*, *TargetClientId*, and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.AdfsClient + +Returns the updated AdfsClient object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClient](./Add-AdfsClient.md) + +[Disable-AdfsClient](./Disable-AdfsClient.md) + +[Enable-AdfsClient](./Enable-AdfsClient.md) + +[Get-AdfsClient](./Get-AdfsClient.md) + +[Remove-AdfsClient](./Remove-AdfsClient.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistration.md b/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistration.md new file mode 100644 index 0000000000..8d560441de --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistration.md @@ -0,0 +1,326 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsdeviceregistration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsDeviceRegistration +--- + +# Set-AdfsDeviceRegistration + +## SYNOPSIS +Configures the administrative policies for the Device Registration Service. + +## SYNTAX + +### NumberOfInactiveDays +``` +Set-AdfsDeviceRegistration -MaximumInactiveDays [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] [] +``` + +### NumberOfDevicesPerUser +``` +Set-AdfsDeviceRegistration -DevicesPerUser [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] [] +``` + +### ServiceAccountIdentifier +``` +Set-AdfsDeviceRegistration -ServiceAccountIdentifier -Credential + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] + [] +``` + +### IssuanceCertificate +``` +Set-AdfsDeviceRegistration [-IssuanceCertificate] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-WhatIf] [-Confirm] [] +``` + +### RelyingParty +``` +Set-AdfsDeviceRegistration [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] + [-AllowedAuthenticationClassReferences ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsDeviceRegistration** cmdlet configures the administrative policies for the Device Registration Service. +Use this cmdlet to change the default policies of the Device Registration Service in Active Directory Federation Services (AD FS), such as the maximum number of devices that a user can register. + +## EXAMPLES + +### Example 1: Set the number of devices that a user can register +``` +PS C:\> Set-AdfsDeviceRegistration -DevicesPerUser 10 +``` + +This command sets the number of devices that a user can register to 10. + +### Example 2: Configure the maximum inactive days for a device +``` +PS C:\> Set-AdfsDeviceRegistration -MaximumInactiveDays 90 +``` + +This command configures the number of days before the Device Registration Service removes an inactive device object. + +### Example 3: Set the service account for the Device Registration Service +``` +PS C:\> $Cred = Get-Credential +PS C:\> Set-AdfsDeviceRegistration -ServiceAccountIdentifier "CONTOSO\Svc_adfs" -Credential $Cred +``` + +The first command uses the **Get-Credential** cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. +The command stores the credential object in the $Cred variable. + +The second command sets the service account that has the ID Svc_adfs. +The command specifies the credentials stored in $Cred for the Active Directory account under which the AD FS service runs. + +## PARAMETERS + +### -AccessControlPolicyName +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedAuthenticationClassReferences +```yaml +Type: String[] +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +```yaml +Type: PSCredential +Parameter Sets: ServiceAccountIdentifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DevicesPerUser +Specifies the maximum number of devices that a user can register. + +```yaml +Type: UInt32 +Parameter Sets: NumberOfDevicesPerUser +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceCertificate +Indicates that the cmdlet generates and uses a new signing certificate for the Device Registration Service. + +```yaml +Type: SwitchParameter +Parameter Sets: IssuanceCertificate +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +```yaml +Type: String +Parameter Sets: RelyingParty +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaximumInactiveDays +Specifies the number of days before a device object is removed because of inactivity. + +```yaml +Type: UInt32 +Parameter Sets: NumberOfInactiveDays +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ServiceAccountIdentifier +Specifies the ID of the service account. +The cmdlet grants this account read and write access to the Device Registration Service configuration and containers in Active Directory® Domain Services. + +```yaml +Type: String +Parameter Sets: ServiceAccountIdentifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### uint, string, switch + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AdfsDeviceRegistration](./Disable-AdfsDeviceRegistration.md) + +[Enable-AdfsDeviceRegistration](./Enable-AdfsDeviceRegistration.md) + +[Get-AdfsDeviceRegistration](./Get-AdfsDeviceRegistration.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistrationUpnSuffix.md b/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistrationUpnSuffix.md new file mode 100644 index 0000000000..6fcacdf7cb --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsDeviceRegistrationUpnSuffix.md @@ -0,0 +1,114 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsdeviceregistrationupnsuffix?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsDeviceRegistrationUpnSuffix +--- + +# Set-AdfsDeviceRegistrationUpnSuffix + +## SYNOPSIS +Sets the list of UPN suffixes. + +## SYNTAX + +``` +Set-AdfsDeviceRegistrationUpnSuffix [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsDeviceRegistrationUpnSuffix** cmdlet sets the list of user principal name (UPN) suffixes that you can use when you register a device with Active Directory Federation Services (AD FS). +The cmdlet discovers the UPN suffixes that are in use in the organization and configures the Secure Sockets Layer (SSL) bindings that correspond to the UPN suffix. + +Any discovered UPN suffix must have a corresponding registration name in the SSL certificate for AD FS; for example, `enterpriseregistration.`upn suffix. +You can also use a wildcard SSL certificate that covers all possible registration names. +This cmdlet does not affect the custom UPN suffixes that you set manually by running the **Add-AdfsDeviceRegistrationUpnSuffix** cmdlet. + +## EXAMPLES + +### Example 1: Set the list of UPN suffixes +``` +PS C:\> Set-AdfsDeviceRegistrationUpnSuffix +``` + +This command sets the list of UPN suffixes that you can use when you register a device. + +### Example 2: Set the list of UPN suffixes without confirming +``` +PS C:\> Set-AdfsDeviceRegistrationUpnSuffix -Force +``` + +This command sets the list of UPN suffixes without prompting you for confirmation. + +## PARAMETERS + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Management.Automation.SwitchParameter + +SwitchParameter objects are received by the *Force* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsDeviceRegistrationUpnSuffix](./Add-AdfsDeviceRegistrationUpnSuffix.md) + +[Get-AdfsDeviceRegistrationUpnSuffix](./Get-AdfsDeviceRegistrationUpnSuffix.md) + +[Remove-AdfsDeviceRegistrationUpnSuffix](./Remove-AdfsDeviceRegistrationUpnSuffix.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsEndpoint.md b/docset/winserver2025-ps/adfs/Set-AdfsEndpoint.md new file mode 100644 index 0000000000..a02b9fbac3 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsEndpoint.md @@ -0,0 +1,184 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsendpoint?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsEndpoint +--- + +# Set-AdfsEndpoint + +## SYNOPSIS +Sets the endpoint on a Web Application Proxy. + +## SYNTAX + +### Address +``` +Set-AdfsEndpoint [[-TargetAddressPath] ] -Proxy [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### TargetObject +``` +Set-AdfsEndpoint -TargetEndpoint -Proxy [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### FullUrl +``` +Set-AdfsEndpoint [-TargetFullUrl] -Proxy [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsEndpoint** cmdlet sets endpoints on a Web Application Proxy. + +## EXAMPLES + +### Example 1: Set an endpoint +``` +PS C:\> Set-AdfsEndpoint -TargetAddressPath "/adfs/services/trust/13/Windows" -Proxy $True +``` + +This command sets the WS-Trust 1.3 endpoint for proxy use. + +## PARAMETERS + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Proxy +Indicates whether the endpoint is available on the federation server proxy. +This is the only field of the endpoint that can be set. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetAddressPath +Specifies the address path of the endpoint. +The cmdlet makes the endpoint that you specify available to the extranet. + +```yaml +Type: String +Parameter Sets: Address +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetEndpoint +Specifies the endpoint that the cmdlet modifies. +This value is typically taken from the pipeline. + +```yaml +Type: Endpoint +Parameter Sets: TargetObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetFullUrl +Specifies the full URL of the endpoint that the cmdlet modifies. + +```yaml +Type: Uri +Parameter Sets: FullUrl +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.Endpoint +This cmdlet returns a class structure that represents an endpoint. + +## OUTPUTS + +### None + +## NOTES +* This cmdlet has three parameter-sets. You can use the Address, FullUrl, or TargetEndpoint parameter set, over the pipeline, to identify the endpoint. This cmdlet only allows you to modify the Proxy property of the endpoint. + +* Endpoints provide access to the federation server functionality of AD FS, such as token issuance and the publishing of federation metadata. +Depending on the type of endpoint, you can enable or disable the endpoint or control whether the endpoint is published to Web Application Proxy. + +## RELATED LINKS + +[Disable-AdfsEndpoint](./Disable-AdfsEndpoint.md) + +[Enable-AdfsEndpoint](./Enable-AdfsEndpoint.md) + +[Get-AdfsEndpoint](./Get-AdfsEndpoint.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsFarmInformation.md b/docset/winserver2025-ps/adfs/Set-AdfsFarmInformation.md new file mode 100644 index 0000000000..9ea3e8fb0c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsFarmInformation.md @@ -0,0 +1,94 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsfarminformation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsFarmInformation +--- + +# Set-AdfsFarmInformation + +## SYNOPSIS +Removes a stale or offline farm node from the farm information table. + +## SYNTAX + +``` +Set-AdfsFarmInformation [-RemoveNode ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsFarmInformation** cmdlet removes a stale or offline farm node from the farm information table in order to keep the list of Active Directory Federation Services (AD FS) farm nodes current. + +## EXAMPLES + +### Example 1: Remove a stale node +``` +PS C:\> Set-AdfsFarmInformation -RemoveNode "adfs02.contoso.com" +``` + +This command removes the node named adfs02.contoso.com from the farm information table. + +## PARAMETERS + +### -RemoveNode +Specifies an array of fully qualified domain names (FQDN) of AD FS farm nodes to remove from the farm information table. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsFarmInformation](./Get-AdfsFarmInformation.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsGlobalAuthenticationPolicy.md b/docset/winserver2025-ps/adfs/Set-AdfsGlobalAuthenticationPolicy.md new file mode 100644 index 0000000000..89f4314d6f --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsGlobalAuthenticationPolicy.md @@ -0,0 +1,242 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsglobalauthenticationpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsGlobalAuthenticationPolicy +--- + +# Set-AdfsGlobalAuthenticationPolicy + +## SYNOPSIS +Modifies the AD FS global policy. + +## SYNTAX + +``` +Set-AdfsGlobalAuthenticationPolicy [-AdditionalAuthenticationProvider ] + [-DeviceAuthenticationEnabled ] [-DeviceAuthenticationMethod ] + [-AllowDeviceAuthAsPrimaryForDomainJoinedDevices ] + [-PrimaryExtranetAuthenticationProvider ] [-PrimaryIntranetAuthenticationProvider ] + [-WindowsIntegratedFallbackEnabled ] [-ClientAuthenticationMethods ] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsGlobalAuthenticationPolicy** cmdlet modifies the Active Directory Federation Services (AD FS) global policy. +You can also use the cmdlet to enable an external provider in the global policy. + +## EXAMPLES + +### Example 1: Set the primary extranet authentication policy +``` +PS C:\> Set-AdfsGlobalAuthenticationPolicy -PrimaryExtranetAuthenticationProvider @('FormsAuthentication', 'CertificateAuthentication') +``` + +This command sets the primary extranet authentication policy to forms-based or certificate-based authentication. +In this case, the user is provided a choice when the user logs on to an application protected by AD FS from the extranet. + +### Example 2: Enable an additional authentication provider +``` +PS C:\> Set-AdfsGlobalAuthenticationPolicy -AdditionalAuthenticationProvider "A1ExternalAuthProvider" +``` + +This command enables the provider named A1ExternalAuthProvider as an additional authentication provider in the global policy. +Note that the value provided for the *AdditionalAuthenticationProvider* parameter corresponds to the value you provide for the *Name* parameter in the **Register-AdfsAuthenticationProvider** cmdlet, and to the **Name** property in the output from the **Get-AdfsAuthenticationProvider** cmdlet. + +## PARAMETERS + +### -AdditionalAuthenticationProvider +Specifies an array of names of external authentication providers to add to the global policy. + +Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. +This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowDeviceAuthAsPrimaryForDomainJoinedDevices +Allows the use of device authentication as the primary type for domain-joined devices. + + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClientAuthenticationMethods +Specifies the client authentication method. + +```yaml +Type: ClientAuthenticationMethod +Parameter Sets: (All) +Aliases: +Accepted values: None, ClientSecretPostAuthentication, ClientSecretBasicAuthentication, PrivateKeyJWTBearerAuthentication, WindowsIntegratedAuthentication + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeviceAuthenticationEnabled +Specifies whether device authentication is enabled for the global policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeviceAuthenticationMethod +Specifies the device authentication method. + +```yaml +Type: DeviceAuthenticationMethod +Parameter Sets: (All) +Aliases: +Accepted values: All, ClientTLS, SignedToken, PKeyAuth + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryExtranetAuthenticationProvider +Specifies an array of names of authentication providers for the primary extranet to add to the global policy. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryIntranetAuthenticationProvider +Specifies an array of names of authentication providers for the primary intranet to add to the global policy. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsIntegratedFallbackEnabled +Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsGlobalAuthenticationPolicy](./Get-AdfsGlobalAuthenticationPolicy.md) + +[Register-AdfsAuthenticationProvider](./Register-AdfsAuthenticationProvider.md) + +[Get-AdfsAuthenticationProvider](./Get-AdfsAuthenticationProvider.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsGlobalWebContent.md b/docset/winserver2025-ps/adfs/Set-AdfsGlobalWebContent.md new file mode 100644 index 0000000000..9aa18dff9a --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsGlobalWebContent.md @@ -0,0 +1,508 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsglobalwebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsGlobalWebContent +--- + +# Set-AdfsGlobalWebContent + +## SYNOPSIS +Sets properties for global web content objects. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsGlobalWebContent [-CompanyName ] [-HelpDeskLink ] [-HelpDeskLinkText ] + [-HomeLink ] [-HomeLinkText ] [-HomeRealmDiscoveryOtherOrganizationDescriptionText ] + [-HomeRealmDiscoveryPageDescriptionText ] [-OrganizationalNameDescriptionText ] + [-PrivacyLink ] [-PrivacyLinkText ] [-CertificatePageDescriptionText ] + [-SignInPageDescriptionText ] [-SignOutPageDescriptionText ] + [-ErrorPageDescriptionText ] [-ErrorPageGenericErrorMessage ] + [-ErrorPageAuthorizationErrorMessage ] [-ErrorPageDeviceAuthenticationErrorMessage ] + [-ErrorPageSupportEmail ] [-UpdatePasswordPageDescriptionText ] + [-SignInPageAdditionalAuthenticationDescriptionText ] [-PassThru] [[-Locale] ] [-WhatIf] + [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsGlobalWebContent [-CompanyName ] [-HelpDeskLink ] [-HelpDeskLinkText ] + [-HomeLink ] [-HomeLinkText ] [-HomeRealmDiscoveryOtherOrganizationDescriptionText ] + [-HomeRealmDiscoveryPageDescriptionText ] [-OrganizationalNameDescriptionText ] + [-PrivacyLink ] [-PrivacyLinkText ] [-CertificatePageDescriptionText ] + [-SignInPageDescriptionText ] [-SignOutPageDescriptionText ] + [-ErrorPageDescriptionText ] [-ErrorPageGenericErrorMessage ] + [-ErrorPageAuthorizationErrorMessage ] [-ErrorPageDeviceAuthenticationErrorMessage ] + [-ErrorPageSupportEmail ] [-UpdatePasswordPageDescriptionText ] + [-SignInPageAdditionalAuthenticationDescriptionText ] [-PassThru] + [-TargetWebContent] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsGlobalWebContent** cmdlet sets properties for a global web content object. +Specify a global web object by using a locale, or use the **Get-AdfsGlobalWebContent** cmdlet to obtain a web object. + +## EXAMPLES + +### Example 1: Set the company name for the global web content +``` +PS C:\> Set-AdfsGlobalWebContent -Locale "" -CompanyName "Contoso" +``` + +This command sets the company name of the global web content for the invariant locale. +If there is no logo, the sign-in page displays the company name Contoso. + +### Example 2: Set the text and links for the sign-in pages +``` +PS C:\> Set-AdfsWebContent -Locale "en-us" -CompanyName "Contoso" -HelpDeskLink "https://helpdesklink" -HelpDeskLinkText "Help desk" -HomeLink "https://homelink" -HomeLinkText "Home" -PrivacyLink "https://privacylink" -PrivacyLinkText "Privacy statement" -SignInPageDescriptionText "Sign in here" -SignOutPageDescriptionText "Sign out here" -ErrorPageGenericErrorMessage "An error occurred." -ErrorPageSupportEmail "support@contoso.com" -UpdatePasswordPageDescriptionText "Update password here" +``` + +This command specifies the text to display in the sign-in pages for AD FS for the en-us locale. + +### Example 3: Set the text and links for the certificate page +``` +PS C:\> Set-AdfsGlobalWebContent -Locale "en-us" -CompanyName "Contoso" -HomeLink "https://homelink" -HomeLinkText "Home" -PrivacyLink "https://privaylink" -PrivacyLinkText "Privacy statement" -SignInPageDescriptionText "

Sign-in to Contoso requires device registration. Click here for more information.

" -SignOutPageDescriptionText "Sign out here" -ErrorPageGenericErrorMessage "An error occurred." -ErrorPageSupportEmail "support@contoso.com" -UpdatePasswordPageDescriptionText "Update password here" -CertificatePageDescriptionText "Sign in with your Smartcard" +``` + +This command specifies the text and links to display when an application prompts a user prompted for a certificate. + +## PARAMETERS + +### -CertificatePageDescriptionText +Specifies the text on the certificate page. +Active Directory Federation Services (AD FS) displays the text that you specify when it prompts the user for a certificate. +In earlier versions of AD FS, the user sees a blank page when AD FS prompts the user for a certificate. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CompanyName +Specifies the company name. +AD FS displays the company name in the sign-in pages when you have not set a logo on the active web theme. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageAuthorizationErrorMessage +Specifies an error message to display when a user encounters any authorization errors that occur for a token request. +This string can be an HTML fragment. +You can override this message for an application by using the **Set-AdfsRelyingPartyWebContent** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageDescriptionText +Specifies an error message to display when a user encounters any generic errors that occur for a token request. +This string can be an HTML fragment. +You can override this message for an application by using the **Set-AdfsRelyingPartyWebContent** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageDeviceAuthenticationErrorMessage +Specifies an error message to display for any device authentication errors that occur for a token request. +Device authentication errors occur when the user presents an expired user@device certificate to AD FS, a certificate is not found in AD DS, or a certificate is disabled in AD DS. +This string can be an HTML fragment. +You can override this message for an application by using the **Set-AdfsRelyingPartyWebContent** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageGenericErrorMessage +Specifies an error message to display for any generic errors that occur for a token request. +This string can be an HTML fragment. +You can override this message for an application by using the **Set-AdfsRelyingPartyWebContent** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageSupportEmail +Specifies the support email address on the error page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HelpDeskLink +Specifies the help desk link that is shown on the logon pages for AD FS. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HelpDeskLinkText +Specifies the help desk link text that is shown on the logon pages for AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeLink +Specifies the Home link that is shown on the logon pages for AD FS. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeLinkText +Specifies the Home link text that is shown on the logon pages for AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeRealmDiscoveryOtherOrganizationDescriptionText +Specifies the text for the home realm discovery description for other organization. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeRealmDiscoveryPageDescriptionText +Specifies the text for the home realm discovery page description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Locale +Specifies a locale. +The cmdlet sets global web content for the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -OrganizationalNameDescriptionText +Specifies text for the organizational name description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrivacyLink +Specifies the Privacy policy link that is shown on the logon pages for AD FS. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrivacyLinkText +Specifies the Privacy policy link text that is shown on the logon pages for AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignInPageAdditionalAuthenticationDescriptionText +Specifies the description to display when an application prompts a user for additional authentication. +The sign-in page can also display a description that is provided by the additional authentication provider. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignInPageDescriptionText +Specifies the description to display when a user signs in to applications by using AD FS. +When you use Integrated Windows Authentication in the intranet, users do not see this page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignOutPageDescriptionText +Specifies the description to display when a user signs out of applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetWebContent +Specifies an **AdfsGlobalWebContent** object. +The cmdlet modifies content for the object that you specify. +To obtain a **AdfsGlobalWebContent** object, use the **Get-AdfsGlobalWebContent** cmdlet. + +```yaml +Type: AdfsGlobalWebContent +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -UpdatePasswordPageDescriptionText +Specifies the description to display in the update password page when users change their passwords. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.IdentityServer.Management.Resources.AdfsGlobalWebContent +This cmdlet generates a **System.IdentityServer.Management.Resources.AdfsGlobalWebContent** object that represents global web content. +The object includes the following properties: + +- Locale: **System.Globalization.CultureInfo** +- CompanyName: **System.String** +- HelpDeskLink: **System.Uri** +- HelpDeskLinkText: **System.String** +- HomeLink: **System.Uri** +- HomeLinkText: **System.String** +- PrivacyLink: **System.Uri** +- PrivacyLinkText: **System.String** +- SignInPageDescriptionText: **System.String** +- SignOutPageDescriptionText: **System.String** +- ErrorPageDescriptionText: **System.String** +- ErrorPageGenericErrorMessage: **System.String** +- ErrorPageAuthorizationErrorMessage: **System.String** +- ErrorPageDeviceAuthenticationErrorMessage: **System.String** +- ErrorPageSupportEmail: **System.String** +- UpdatePasswordPageDescriptionText: **System.String** +- SignInPageAdditionalAuthenticationDescriptionText: **System.String** + +## NOTES + +## RELATED LINKS + +[Get-AdfsGlobalWebContent](./Get-AdfsGlobalWebContent.md) + +[Remove-AdfsGlobalWebContent](./Remove-AdfsGlobalWebContent.md) + +[Set-AdfsRelyingPartyWebContent](./Set-AdfsRelyingPartyWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsLocalClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Set-AdfsLocalClaimsProviderTrust.md new file mode 100644 index 0000000000..4b6b1179b9 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsLocalClaimsProviderTrust.md @@ -0,0 +1,251 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfslocalclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsLocalClaimsProviderTrust +--- + +# Set-AdfsLocalClaimsProviderTrust + +## SYNOPSIS +Modifies a local claims provider trust. + +## SYNTAX + +### IdentifierObject +``` +Set-AdfsLocalClaimsProviderTrust [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] + [-Name ] [-Notes ] [-OrganizationalAccountSuffix ] [-Force] + -TargetClaimsProviderTrust [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Set-AdfsLocalClaimsProviderTrust [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] + [-Name ] [-Notes ] [-OrganizationalAccountSuffix ] [-Force] + -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### IdentifierName +``` +Set-AdfsLocalClaimsProviderTrust [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] + [-Name ] [-Notes ] [-OrganizationalAccountSuffix ] [-Force] -TargetName + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsLocalClaimsProviderTrust** cmdlet modifies a local claims provider trust. +For more information, see the **Add-AdfsLocalClaimsProviderTrust** cmdlet. + +## EXAMPLES + +## PARAMETERS + +### -AcceptanceTransformRules +Specifies the set of claim rules to configure on the local claims provider trust. +These rules determine the information that is accepted from the partner represented by the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AcceptanceTransformRulesFile +Specifies the full path of a file that contains the set of claim rules to configure on the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name for the local claims provider trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationalAccountSuffix +Specifies an array of organizational account suffixes that administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies the local claims provider trust to modify. +To obtain a **LocalClaimsProviderTrust** object, use the **Get-AdfsLocalClaimsProviderTrust** cmdlet. + +```yaml +Type: LocalClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the local claims provider trust to modify. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the local claims provider trust to modify. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsLocalClaimsProviderTrust](./Add-AdfsLocalClaimsProviderTrust.md) + +[Disable-AdfsLocalClaimsProviderTrust](./Disable-AdfsLocalClaimsProviderTrust.md) + +[Enable-AdfsLocalClaimsProviderTrust](./Enable-AdfsLocalClaimsProviderTrust.md) + +[Get-AdfsLocalClaimsProviderTrust](./Get-AdfsLocalClaimsProviderTrust.md) + +[Remove-AdfsLocalClaimsProviderTrust](./Remove-AdfsLocalClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsNativeClientApplication.md b/docset/winserver2025-ps/adfs/Set-AdfsNativeClientApplication.md new file mode 100644 index 0000000000..19859979c0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsNativeClientApplication.md @@ -0,0 +1,255 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsnativeclientapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsNativeClientApplication +--- + +# Set-AdfsNativeClientApplication + +## SYNOPSIS +Modifies configuration settings for a server native client application role of an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Set-AdfsNativeClientApplication [-TargetIdentifier] [-Identifier ] [-Name ] + [-RedirectUri ] [-Description ] [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### Name +``` +Set-AdfsNativeClientApplication [-TargetName] [-Identifier ] [-Name ] + [-RedirectUri ] [-Description ] [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### ApplicationObject +``` +Set-AdfsNativeClientApplication [-TargetApplication] [-Identifier ] + [-Name ] [-RedirectUri ] [-Description ] [-LogoutUri ] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsNativeClientApplication** cmdlet modifies configuration settings for a native client application role of an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. +The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS. + +The redirection URI specified by the client must already be registered with AD FS. +It must correspond to the client identifier for that OAuth 2.0 client. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. +This includes trailing slashes '/', if they are required. +We recommended the use of more secure schemes such as https in a redirection URI. + +For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the `ms-app://` scheme for a redirection URI. +If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the native client application. + +```yaml +Type: NativeClientApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the native client application. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the native client application. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *Description*, *Identifier*, *Name*, *RedirectUri*, *TargetIdentifier*, and *TargetName* parameters. + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +NativeClientApplication objects are received by the *TargetApplication* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.NativeClientApplication + +Returns the updated NativeClientApplication object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsNativeClientApplication](./Add-AdfsNativeClientApplication.md) + +[Get-AdfsNativeClientApplication](./Get-AdfsNativeClientApplication.md) + +[Remove-AdfsNativeClientApplication](./Remove-AdfsNativeClientApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsNonClaimsAwareRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Set-AdfsNonClaimsAwareRelyingPartyTrust.md new file mode 100644 index 0000000000..cd71c479ce --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsNonClaimsAwareRelyingPartyTrust.md @@ -0,0 +1,346 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsnonclaimsawarerelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsNonClaimsAwareRelyingPartyTrust +--- + +# Set-AdfsNonClaimsAwareRelyingPartyTrust + +## SYNOPSIS +Sets the properties of a relying party trust for a non-claims-aware web application or service. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsNonClaimsAwareRelyingPartyTrust [-AlwaysRequireAuthentication] [-Identifier ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] [-Name ] + [-Notes ] [-PassThru] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-ClaimsProviderName ] [-TargetName] [-WhatIf] + [-Confirm] [] +``` + +### Identifier +``` +Set-AdfsNonClaimsAwareRelyingPartyTrust [-AlwaysRequireAuthentication] [-Identifier ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] [-Name ] + [-Notes ] [-PassThru] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-ClaimsProviderName ] -TargetIdentifier + [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsNonClaimsAwareRelyingPartyTrust [-AlwaysRequireAuthentication] [-Identifier ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] [-Name ] + [-Notes ] [-PassThru] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-ClaimsProviderName ] + -TargetNonClaimsAwareRelyingPartyTrust [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet sets properties on a relying party trust for a non-claims-aware web application or service. + +A non-claims aware relying party trust is a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. +A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. +The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy. + +## EXAMPLES + +### Example 1: Set the non-claims-aware relying party trust to always force authentication +``` +PS C:\> Set-AdfsNonClaimsAwareRelyingPartyTrust -TargetName "ExpenseReport" -AlwaysRequireAuthentication $True +``` + +This command sets the non-claims-aware relying party trust for the application named ExpenseReport to always force authentication. + +## PARAMETERS + +### -AccessControlPolicyName +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies rules for additional authentication for the relying party. +For more information about the claims language for rules, see [Understanding Claim Rule Language in AD FS 2.0 & Higher](https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx) on TechNet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies the file that contains all the rules for additional authentication for the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates that access requires authentication, even if this relying party has previously authenticated credentials for access. +Specify this parameter to require users to always supply credentials to access sensitive resources. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimsProviderName +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique identifiers for the non-claims-aware relying party trust. +No other trust can use an identifier from this list. +As common practice, you can use Uniform Resource Identifiers (URIs) as unique identifiers for a relying party trust, or you can use any string. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the authorization rules for issuing claims to the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies the file that contains the authorization rules for issuing claims to the relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet adds the Web Application Proxy relying party trust that has the display name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies a name. +The cmdlet adds the Web Application Proxy relying party trust that has the display name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the non-claims-aware relying party trust to modify. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the non-claims-aware relying party trust to modify. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetNonClaimsAwareRelyingPartyTrust +Specifies a **NonClaimsAwareRelyingPartyTrust** object. +The cmdlet removes the non-claims-aware relying party trust that you specify. +To obtain a **NonClaimsAwareRelyingPartyTrust**, use the **Get-AdfsNonClaimsAwareRelyingPartyTrust** cmdlet. + +```yaml +Type: NonClaimsAwareRelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsNonClaimsAwareRelyingPartyTrust](./Add-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Disable-AdfsNonClaimsAwareRelyingPartyTrust](./Disable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Enable-AdfsNonClaimsAwareRelyingPartyTrust](./Enable-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Get-AdfsNonClaimsAwareRelyingPartyTrust](./Get-AdfsNonClaimsAwareRelyingPartyTrust.md) + +[Remove-AdfsNonClaimsAwareRelyingPartyTrust](./Remove-AdfsNonClaimsAwareRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsProperties.md b/docset/winserver2025-ps/adfs/Set-AdfsProperties.md new file mode 100644 index 0000000000..66a0e1a599 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsProperties.md @@ -0,0 +1,1223 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 10/02/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsproperties?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsProperties +--- + +# Set-AdfsProperties + +## SYNOPSIS +Sets the properties that control global behaviors in AD FS. + +## SYNTAX + +``` +Set-AdfsProperties [-AuthenticationContextOrder ] [-AcceptableIdentifiers ] + [-AddProxyAuthorizationRules ] [-ArtifactDbConnection ] [-AuditLevel ] + [-AutoCertificateRollover ] [-CertificateCriticalThreshold ] [-CertificateDuration ] + [-CertificateGenerationThreshold ] [-CertificatePromotionThreshold ] + [-CertificateRolloverInterval ] [-CertificateThresholdMultiplier ] + [-ClientCertRevocationCheck ] [-ContactPerson ] [-DisplayName ] + [-EnableOAuthDeviceFlow ] + [-EnableOAuthLogout ] [-FederationPassiveAddress ] [-HostName ] [-HttpPort ] + [-HttpsPort ] [-IntranetUseLocalClaimsProvider ] [-TlsClientPort ] [-Identifier ] + [-LogLevel ] [-MonitoringInterval ] [-NetTcpPort ] + [-NtlmOnlySupportedClientAtProxy ] [-OrganizationInfo ] + [-PreventTokenReplays ] [-ExtendedProtectionTokenCheck ] [-ProxyTrustTokenLifetime ] + [-ReplayCacheExpirationInterval ] [-SignedSamlRequestsRequired ] + [-SamlMessageDeliveryWindow ] [-SignSamlAuthnRequests ] [-SsoLifetime ] + [-SsoEnabled ] [-PersistentSsoLifetimeMins ] [-KmsiLifetimeMins ] + [-EnablePersistentSso ] [-PersistentSsoCutoffTime ] [-EnableKmsi ] + [-WIASupportedUserAgents ] [-BrowserSsoSupportedUserAgents ] + [-BrowserSsoEnabled ] [-LoopDetectionTimeIntervalInSeconds ] + [-LoopDetectionMaximumTokensIssuedInInterval ] [-EnableLoopDetection ] [-ExtranetLockoutMode ] + [-ExtranetLockoutThreshold ] [-EnableExtranetLockout ] [-ExtranetObservationWindow ] + [-ExtranetLockoutRequirePDC ] [-SendClientRequestIdAsQueryStringParameter ] + [-GlobalRelyingPartyClaimsIssuancePolicy ] [-EnableLocalAuthenticationTypes ] + [-EnableRelayStateForIdpInitiatedSignOn ] [-DelegateServiceAdministration ] + [-AllowSystemServiceAdministration ] [-AllowLocalAdminsServiceAdministration ] + [-DeviceUsageWindowInDays ] [-EnableIdPInitiatedSignonPage ] [-IgnoreTokenBinding ] + [-IdTokenIssuer ] [-PromptLoginFederation ] + [-PromptLoginFallbackAuthenticationType ] [-Force] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsProperties** cmdlet sets the properties that control global behaviors in Active Directory Federation Services (AD FS). + +## EXAMPLES + +### Example 1: Set the ADFS properties +``` +PS C:\> $Timespan = New-TimeSpan -Minutes 60 +PS C:\> Set-AdfsProperties -EnableExtranetLockout $True -ExtranetLockoutThreshold 4 -ExtranetObservationWindow $Timespan +``` + +The first command creates a **TimsSpan** object and stores the result in the variable named $Timespan. + +The second command sets an extranet lockout algorithm with a threshold of 4 max bad password attempts before lockout. +The command also sets the observation window for the value stored in the $Timespan variable. + +## PARAMETERS + +### -AcceptableIdentifiers +Specifies an array of identifiers that are acceptable names for the Federation Service when it checks the audience for claims that it receives from another claims provider. + +```yaml +Type: Uri[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddProxyAuthorizationRules +This parameter is deprecated. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowLocalAdminsServiceAdministration +Indicates that local administrator service administration is allowed. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowSystemServiceAdministration +Indicates that system service administration is allowed. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ArtifactDbConnection +Specifies the connection string to use for the database that maintains the artifacts that the artifact resolution service uses. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuditLevel +Specifies an array of audit levels. +The acceptable values for this parameter are: + +- None +- Basic +- Verbose + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: +Accepted values: None, Basic, Verbose + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AuthenticationContextOrder +Specifies an array of authentication contexts, in order of relative strength. +Specify each authentication context as a URI. + +```yaml +Type: Uri[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoCertificateRollover +Indicates whether the system manages certificates for the administrator and generates new certificates before the expiration date of current certificates. +By default, this setting is enabled for a new instance of AD FS. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BrowserSsoEnabled +Indicates that browser single sign-on (SSO) is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BrowserSsoSupportedUserAgents +Specifies an array of user agents that are supported for browser SSO. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateCriticalThreshold +Specifies the period of time, in days, prior to the expiration of a current primary signing or decryption certificate. +When a certificate reaches this threshold, the Federation Service initiates the automatic certificate rollover service, generates a new certificate, and promotes it as the primary certificate. +This rollover process occurs even if the critical threshold interval does not provide sufficient time for partners to replicate the new metadata. +Specify a short period of time that is used only in extreme conditions when the Federation Service has not been able to generate a new certificate in advance. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateDuration +Specifies the period of time, in days, that any certificates that the Federation Service generates remain valid. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateGenerationThreshold +Specifies the period of time, in days, before the Federation Service generates a new primary certificate to replace the current primary certificate. +When a certificate reaches this threshold, the Federation Service initiates an automatic certificate rollover process that generates a new certificate and adds it to the secondary collection. +This rollover process occurs so that federation partners can consume this metadata in advance and trust is not broken when this newly generated certificate is promoted to be a primary certificate. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificatePromotionThreshold +Specifies the period of time, in days, during which a newly generated certificate remains a secondary certificate before being promoted as the primary certificate. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateRolloverInterval +Specifies the certificate rollover interval, in minutes. +This value determines the frequency at which the Federation Service initiates the rollover service by polling to check whether new certificates need to be generated. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateThresholdMultiplier +Specifies the certificate threshold multiplier. +By default, this parameter uses the number of minutes in a day (1440) as a multiplier. +Change this value only if you want to use a more finely detailed measure of time, such as less than a single day, for calculating the time periods for other certificate threshold parameters. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClientCertRevocationCheck +Do not use this parameter. +Instead, use the `netsh http` command to configure certificate settings. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContactPerson +Specifies the contact information for support issues. + +```yaml +Type: ContactPerson +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegateServiceAdministration +Specifies the delegate service administration. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeviceUsageWindowInDays +Specifies the length of the device usage window in days. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies a friendly name for the Federation Service. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableExtranetLockout +Indicates whether to enable the lockout algorithm for extranet. +When enabled, AD FS checks attributes in Active Directory for the user before validating the credential. +If the user is determined to be in lockout state, AD FS will deny the request to the user when accessing from the extranet, to prevent random login attempts from the extranet. +Intranet access will continue to be validated against Active Directory. +By default, this feature is disabled in a new instance of AD FS and must be explicitly enabled by the administrator. + +When this feature is enabled AD FS must be able to contact the Primary Domain Controller (PDC) of the user's domain. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableIdPInitiatedSignonPage +Specifies whether to enable the **EnableIdPInitiatedSignonPage** property. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableKmsi +Indicates whether to enable the Keep Me Signed In (KMSI) option for form-based authentication. +KMSI is limited to providing only 24 hours of SSO. +Note that a workplace joined device gets 7 days of SSO by default and does not need this option enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableLocalAuthenticationTypes +Indicates that local authentication types are enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableLoopDetection +Indicates whether to enable loop detection. +Loops occur when a relying party continuously rejects a valid security token and redirects back to AD FS. +The cycle terminates after 6 loops have been detected. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableOAuthDeviceFlow +Enables the OAuth Device Flow. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableOAuthLogout +Enables the OAuth logout endpoint publishing in the OAuth discovery document. The OAuth logout endpoint logs out the current user from the AD FS. This parameter is available with the Windows Update KB4019472 installed. The AD FS does not support logging out a federated user from the federated identity provider when using the OAuth logout endpoint with Windows Update KB4019472 installed. The Windows Update KB4038801 makes this parameter obsolete and the value of this parameter to be always true. The Windows Update KB4038801 also adds support for logging our a federated user from the federated identity provider when using the OAuth logout endpoint. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnablePersistentSso +Indicates whether to store the SSO token in persistent cookies for devices joined to a workplace. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableRelayStateForIdpInitiatedSignOn +Indicates that relay state for issuing distribution point (IDP) initiated sign-on is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExtendedProtectionTokenCheck +Specifies the level of extended protection for authentication supported by the federation server. +Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client's credentials and forwards them to a server. +Protection against such attacks is made possible through a Channel Binding Token (CBT) which can be either required, allowed or not required by the server when establishing communications with clients. + +The acceptable values for this parameter are: + +- Require. +Server is fully hardened, extended protection is enforced +- Allow. +Server is partially hardened, extended protection is enforced where systems involved have been patched to support it +- None. +Server is vulnerable, extended protection is not enforced + +The default setting is Allow. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Allow, Require, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExtranetLockoutMode: +Specifies Extranet Smart Lockout mode. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: ADPasswordCounter, ADFSSmartLockoutLogOnly, ADFSSmartLockoutEnforce + +Required: False +Position: Named +Default value: ADPasswordCounter +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExtranetLockoutRequirePDC +Specifies whether extranet lockout requires a primary domain controller (PDC). + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExtranetLockoutThreshold +Specifies the maximum number of bad password attempts permitted against the directory before the account is throttled when accessing applications from the extranet. +If you use Active Directory® Domain Services account lockout policies, it is strongly recommended that you set this threshold to a value that is less than the threshold in AD DS to avoid lockout of the user inside and outside the network. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExtranetObservationWindow +Specifies the timespan of the lockout observation window. +AD FS will reset a throttled state of an account when more than one observation window has expired since the last bad password attempt, as reported by Active Directory Domain Services. +It is also possible that the last bad password field in AD DS is cleared by AD DS based on its own observation windows. +In this case, AD FS will allow the request to be passed onto AD DS for validation. + +```yaml +Type: TimeSpan +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationPassiveAddress +Do not use this parameter. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRelyingPartyClaimsIssuancePolicy +Specifies a global relying party claims issuance policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HostName +Specifies the network addressable host name of the Federation Service. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HttpPort +Specifies the HTTP port for the server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HttpsPort +Specifies the HTTPS port for the server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies the URI that uniquely identifies the Federation Service. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IdTokenIssuer +Specifies the URI of the token issuer. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreTokenBinding +Specifies whether to ignore token binding. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IntranetUseLocalClaimsProvider +Indicates whether all web based requests from the intranet default to the default Active Directory claims provider. +Use this parameter only when there is more than one claims provider trust in AD FS and you want all user access from the intranet to use the default Active Directory for authentication. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KmsiLifetimeMins +Specifies the lifetime of the sign on status for KMSI. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogLevel +Specifies an array of log detail. +The array defines which types of events to record. +The acceptable values for this parameter are: + +- Errors +- Warnings +- Information +- SuccessAudits +- FailureAudits + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: +Accepted values: Errors, FailureAudits, Information, Verbose, None, SuccessAudits, Warnings + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LoopDetectionMaximumTokensIssuedInInterval +Specifies the maximum number of tokens that can be issued within the time period specified by the **LoopDetectionTimeIntervalInSeconds** parameter before AD FS will reject the request and present an error to the user. +Use in conjunction with the **LoopDetectionMaximumTokensIssuedInInterval** parameter. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LoopDetectionTimeIntervalInSeconds +Specifies the time interval in seconds for AD FS to track multiple token requests that are occurring and being rejected by the relying party causing a redirect back to AD FS for a new token request. +Use in conjunction with the *LoopDetectionMaximumTokensIssuedInInterval* parameter. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringInterval +Specifies the frequency, in minutes, with which the Federation Service monitors the federation metadata of relying parties and claims providers that are enabled for federation metadata monitoring. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NetTcpPort +Specifies the TCP port number for the server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NtlmOnlySupportedClientAtProxy +Indicates whether to enable support for NTLM-based authentication in situations where the active federation server proxy does not support Negotiate method of authentication. +This setting only affects the Windows transport endpoint. +If this value is changed, the federation server proxy needs to be restarted. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OrganizationInfo +Specifies information about the organization as published in the federation metadata for the Federation Service. + +```yaml +Type: Organization +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PersistentSsoCutoffTime +Specifies the earliest issue time of accepted persistent single sign-on (SSO) tokens and OAuth refresh tokens. +Persistent SSO tokens or OAuth refresh tokens issued before this time will be rejected. +Use this only to reject all prior SSO state across all users and force users to provide fresh credentials. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PersistentSsoLifetimeMins +Specifies the duration, in minutes, of the persistent SSO experience. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreventTokenReplays +Indicates whether the Federation Service prevents the replay of security tokens. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFallbackAuthenticationType + +This parameter is obsolete. Please set this property on individual Claims Provider Trusts. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PromptLoginFederation + +This parameter is obsolete. Please set this property on individual Claims Provider Trusts. + +```yaml +Type: PromptLoginFederation +Parameter Sets: (All) +Aliases: +Accepted values: None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyTrustTokenLifetime +Specifies the valid token lifetime, in minutes, for proxy trust tokens. +This value is used by the federation server proxy to authenticate with its associated federation server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReplayCacheExpirationInterval +Specifies the cache duration, in minutes, for token replay detection. +This value determines the lifetime for tokens in the replay cache. +When the age of a cached token exceeds this interval, the Federation Service determines the token has expired and does not allow replay of it. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SamlMessageDeliveryWindow +Specifies the duration, in minutes, for which the Security Assertion Markup Language (SAML) messages sent by the Federation Service are considered valid. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SendClientRequestIdAsQueryStringParameter +Indicates whether the client request id, or activity id, is sent as a query string on any redirect from AD FS that is sent to itself. +This enables all servers in AD FS to use the same client request id when logging any messages in eventlogs, traces and audits. +As a result, it is easier to troubleshoot a single request across multiple AD FS servers in the farm. +The default value is $True. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignedSamlRequestsRequired +Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. +If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignSamlAuthnRequests +Indicates whether the Federation Service signs SAML protocol authentication requests to claims providers. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SsoEnabled +This parameter is deprecated. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SsoLifetime +Specifies the duration, in minutes, of the single sign-on (SSO) experience for Web browser clients. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TlsClientPort +Specifies the port number where AD FS listens for user certificate authentication requests. +Use this only when user certificate authentication is used in AD FS. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WIASupportedUserAgents +Specifies an array of acceptable user agents that support seamless sign-in with Windows Integrated Authentication. +If AD FS receives a token request and policy selects Windows Integrated Authentication, AD FS uses this list to determine if it needs to fall back to forms-based authentication. +When the user agent for the incoming request is not in this list, AD FS falls back to forms-based authentication. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsProperties](./Get-AdfsProperties.md) diff --git a/docset/winserver2025-ps/adfs/Set-AdfsRegistrationHosts.md b/docset/winserver2025-ps/adfs/Set-AdfsRegistrationHosts.md new file mode 100644 index 0000000000..4828cceffb --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsRegistrationHosts.md @@ -0,0 +1,102 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsregistrationhosts?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsRegistrationHosts +--- + +# Set-AdfsRegistrationHosts + +## SYNOPSIS +The Set-AdfsRegistrationHosts cmdlet is deprecated. +Instead, use the **Set-AdfsDeviceRegistrationUpnSuffix** cmdlet. + +## SYNTAX + +``` +Set-AdfsRegistrationHosts [-UpnSuffixes] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsRegistrationHosts** cmdlet is deprecated in this release. +Instead, use the **Set-AdfsDeviceRegistrationUpnSuffix** cmdlet. + +## EXAMPLES + +## PARAMETERS + +### -PassThru +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UpnSuffixes +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AdfsRegistrationHosts](./Get-AdfsRegistrationHosts.md) + +[Set-AdfsDeviceRegistrationUpnSuffix](./Set-AdfsDeviceRegistrationUpnSuffix.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..17c60ca879 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyTrust.md @@ -0,0 +1,962 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsRelyingPartyTrust +--- + +# Set-AdfsRelyingPartyTrust + +## SYNOPSIS +Sets the properties of a relying party trust. + +## SYNTAX + +### Identifier +``` +Set-AdfsRelyingPartyTrust [-AllowedAuthenticationClassReferences ] [-Name ] + [-NotBeforeSkew ] [-EnableJWT ] [-Identifier ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-EncryptClaims ] [-MetadataUrl ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-AutoUpdateEnabled ] [-WSFedEndpoint ] + [-AdditionalWSFedEndpoint ] [-ClaimsProviderName ] [-MonitoringEnabled ] + [-Notes ] [-ClaimAccepted ] [-SamlEndpoint ] + [-ProtocolProfile ] [-RequestSigningCertificate ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] [-SamlResponseSignature ] + [-SignatureAlgorithm ] [-SigningCertificateRevocationCheck ] [-TokenLifetime ] + [-AlwaysRequireAuthentication ] [-AllowedClientTypes ] + [-IssueOAuthRefreshTokensTo ] [-RefreshTokenProtectionEnabled ] + [-RequestMFAFromClaimsProviders ] -TargetIdentifier [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +### IdentifierObject +``` +Set-AdfsRelyingPartyTrust [-AllowedAuthenticationClassReferences ] [-Name ] + [-NotBeforeSkew ] [-EnableJWT ] [-Identifier ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-EncryptClaims ] [-MetadataUrl ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-AutoUpdateEnabled ] [-WSFedEndpoint ] + [-AdditionalWSFedEndpoint ] [-ClaimsProviderName ] [-MonitoringEnabled ] + [-Notes ] [-ClaimAccepted ] [-SamlEndpoint ] + [-ProtocolProfile ] [-RequestSigningCertificate ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] [-SamlResponseSignature ] + [-SignatureAlgorithm ] [-SigningCertificateRevocationCheck ] [-TokenLifetime ] + [-AlwaysRequireAuthentication ] [-AllowedClientTypes ] + [-IssueOAuthRefreshTokensTo ] [-RefreshTokenProtectionEnabled ] + [-RequestMFAFromClaimsProviders ] -TargetRelyingParty [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### IdentifierName +``` +Set-AdfsRelyingPartyTrust [-AllowedAuthenticationClassReferences ] [-Name ] + [-NotBeforeSkew ] [-EnableJWT ] [-Identifier ] + [-EncryptionCertificate ] [-EncryptionCertificateRevocationCheck ] + [-EncryptClaims ] [-MetadataUrl ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-AutoUpdateEnabled ] [-WSFedEndpoint ] + [-AdditionalWSFedEndpoint ] [-ClaimsProviderName ] [-MonitoringEnabled ] + [-Notes ] [-ClaimAccepted ] [-SamlEndpoint ] + [-ProtocolProfile ] [-RequestSigningCertificate ] + [-EncryptedNameIdRequired ] [-SignedSamlRequestsRequired ] [-SamlResponseSignature ] + [-SignatureAlgorithm ] [-SigningCertificateRevocationCheck ] [-TokenLifetime ] + [-AlwaysRequireAuthentication ] [-AllowedClientTypes ] + [-IssueOAuthRefreshTokensTo ] [-RefreshTokenProtectionEnabled ] + [-RequestMFAFromClaimsProviders ] -TargetName [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsRelyingPartyTrust** cmdlet configures the trust relationship with a specified relying party object. + +## EXAMPLES + +### Example 1: Set the name and identifier for a relying party trust +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "FabrikamApp" -Identifier "https://FabrikamApp.CentralServerNew.org" +``` + +This command sets the name and identifier for the specified relying party trust. + +### Example 2: Set the target identifier for a relying party trust +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetIdentifier "https://FabrikamApp.CentralServer.org" -Identifier "https://FabrikamApp.CentralServerNew.org" +``` + +This command sets the target identifier for the specified relying party trust. + +### Example 3: Assign a policy that uses parameters +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyParameters ("Administrators","Users") -AccessControlPolicyName "DemoOne" +``` + +This command assigns a policy that uses parameters. + +For more information about access control policy parameters, see [Active Directory Federation Services](https://technet.microsoft.com/windows-server-docs/identity/active-directory-federation-services) (https://technet.microsoft.com/windows-server-docs/identity/active-directory-federation-services) on TechNet. + +### Example 4: Un-assign a policy template +``` +PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName $null +``` + +This command un-assigns a policy template. + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of an access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies the additional authorization rules to require additional authentication based on user, device and location attributes after the completion of the first step of authentication. +Note: These rules must only be configured after there is at least one authentication provider enabled for additional authentication. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains the additional authentication rules to require additional authentication when a user is attempting to access this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalWSFedEndpoint +Specifies an array of alternate return addresses for the application. +This is typically used when the application wants to indicate to AD FS what the return URL should be on successful token generation. +AD FS requires that all acceptable URLs are entered as trusted information by the administrator. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedAuthenticationClassReferences +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedClientTypes +Specifies allowed client types. +The acceptable values for this parameter are: + +- None +- Public +- Confidential + +```yaml +Type: AllowedClientTypes +Parameter Sets: (All) +Aliases: +Accepted values: None, Public, Confidential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates to always require authentication. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoUpdateEnabled +Indicates whether changes to the federation metadata by the *MetadataURL* parameter apply automatically to the configuration of the trust relationship. +If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically. + +Note: When auto-update is enabled, fields that can be overwritten by metadata become read only. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimAccepted +Specifies an array of claims that this relying party accepts. + +```yaml +Type: ClaimDescription[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ClaimsProviderName +Specifies an array of claims provider names. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRules +Specifies the delegation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRulesFile +Specifies a file that contains the delegation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableJWT +Indicates whether the JSON Web Token (JWT) format should be used to issue a token on a WS-Federation request. +By default, SAML tokens are issued over WS-Federation. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptClaims +Indicates whether the claims that are sent to the relying party should be encrypted. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptedNameIdRequired +Indicates whether the relying party requires that the **NameID** claim be encrypted. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificate +Specifies the certificate to be used for encrypting claims that are issued to this relying party. +Encrypting claims is optional. + +```yaml +Type: X509Certificate2 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionCertificateRevocationCheck +Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims to the relying party. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique identifiers for this relying party trust. +No other trust can use an identifier from this list. +Uniform Resource Identifiers (URIs) are often used as unique identifiers for a relying party trust, but you can use any string of characters. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRules +Specifies the impersonation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRulesFile +Specifies a file that contains the impersonation authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the issuance authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies a file that contains the issuance authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies the issuance transform rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies a file that contains the issuance transform rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssueOAuthRefreshTokensTo +Specifies the refresh token issuance device types. +The acceptable values for this parameter are: + +- NoDevice +- WorkplaceJoinedDevices +- AllDevices + +```yaml +Type: RefreshTokenIssuanceDeviceTypes +Parameter Sets: (All) +Aliases: +Accepted values: NoDevice, WorkplaceJoinedDevices, AllDevices + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MetadataUrl +Specifies a URL at which the federation metadata for this relying party trust is available. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MonitoringEnabled +Indicates whether periodic monitoring of this relying party federation metadata is enabled. +The *MetadataUrl* parameter specifies the URL of the relying party's federation metadata. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of this relying party trust. + +Note: You can use the *Name* parameter as an identifier for the object. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the skew, as in integer, for the time stamp that marks the beginning of the validity period. +The higher this number is, the further back in time the validity period begins with respect to the time that the claims are issued for the relying party. +By default, this value is 0. +Specify a positive value if validation fails on the relying party because the validity period has not yet begun. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes for this relying party trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProtocolProfile +Specifies which protocol profiles the relying party supports. +The acceptable values for this parameter are: SAML and WsFederation. +By default, this parameter is blank, which indicates that both protocols are supported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: WsFed-SAML, WSFederation, SAML + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RefreshTokenProtectionEnabled +Indicates that refresh token protection is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestMFAFromClaimsProviders +Indicates whether to use the request MFA from claims providers option. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestSigningCertificate +Specifies an array of certificate that is used to verify the signature on a request from the relying party. + +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SamlEndpoint +Specifies an array of Security Assertion Markup Language (SAML) protocol endpoints for this relying party. + +```yaml +Type: SamlEndpoint[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SamlResponseSignature +Specifies the response signatures that the relying party expects. +The acceptable values for this parameter are: + +- AssertionOnly +- MessageAndAssertion +- MessageOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: AssertionOnly, MessageAndAssertion, MessageOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignatureAlgorithm +Specifies the signature algorithm that the relying party uses for signing and verification. +The acceptable values for this parameter are: + +- https://www.w3.org/2000/09/xmldsig#rsa-sha1 +- https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: https://www.w3.org/2000/09/xmldsig#rsa-sha1, https://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignedSamlRequestsRequired +Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. +If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateRevocationCheck +Specifies the type of certificate validation that should occur when signatures on requests from the relying party are verified. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the relying party trust that is modified by the cmdlet. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the friendly name of the relying party trust that is modified by the cmdlet. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingParty +Specifies a **RelyingPartyTrust** object. +The cmdlet modifies the relying party trust that you specify. +To obtain a **RelyingPartyTrust** object, use the **Get-AdfsRelyingPartyTrust** cmdlet. + +```yaml +Type: RelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the duration, in minutes, for which the claims that are issued to the relying party are valid. The default TokenLifetime is 60 minutes. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WSFedEndpoint +Specifies the WS-Federation Passive URL for this relying party. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AccessControlPolicyName*, *AdditionalAuthenticationRules*, *DelegationAuthorizationRules*, *ImpersonationAuthorizationRules*, *IssuanceAuthorizationRules*, *IssuanceTransformRules*, *TargetIdentifier*, and *TargetName* parameters. + +### System.Object + +Objects are received by the *AccessControlPolicyParameters* parameter. + +### System.Management.Automation.SwitchParameter + +SwitchParameter objects are received by the *AlwaysRequireAuthentication* and *RequestMFAFromClaimsProviders* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimDescription + +ClaimDescription Objects are received by the *ClaimAccepted* parameter. + +### System.Security.Cryptography.X509Certificates.X509Certificate2 + +X509Certificate2 objects are received by the *RequestSigningCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.SamlEndpoint + +SamlEndpoint objects are received by the *SamlEndpoint* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +RelyingPartyTrust objects are received by the *TargetRelyingParty* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the updated RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately accessed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party accesses the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Update-AdfsRelyingPartyTrust](./Update-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebContent.md b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebContent.md new file mode 100644 index 0000000000..48dbe5a1ca --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebContent.md @@ -0,0 +1,468 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsrelyingpartywebcontent?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsRelyingPartyWebContent +--- + +# Set-AdfsRelyingPartyWebContent + +## SYNOPSIS +Sets properties for the relying party web content objects. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsRelyingPartyWebContent [-CertificatePageDescriptionText ] [-CompanyName ] + [-ErrorPageDescriptionText ] [-ErrorPageGenericErrorMessage ] + [-ErrorPageAuthorizationErrorMessage ] [-ErrorPageDeviceAuthenticationErrorMessage ] + [-ErrorPageSupportEmail ] [-HelpDeskLink ] [-HelpDeskLinkText ] [-HomeLink ] + [-HomeLinkText ] [-HomeRealmDiscoveryOtherOrganizationDescriptionText ] + [-HomeRealmDiscoveryPageDescriptionText ] [-OrganizationalNameDescriptionText ] + [-PrivacyLink ] [-PrivacyLinkText ] [-SignInPageDescriptionText ] + [-SignInPageAdditionalAuthenticationDescriptionText ] [-PassThru] [[-Locale] ] + -TargetRelyingPartyName [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsRelyingPartyWebContent [-CertificatePageDescriptionText ] [-CompanyName ] + [-ErrorPageDescriptionText ] [-ErrorPageGenericErrorMessage ] + [-ErrorPageAuthorizationErrorMessage ] [-ErrorPageDeviceAuthenticationErrorMessage ] + [-ErrorPageSupportEmail ] [-HelpDeskLink ] [-HelpDeskLinkText ] [-HomeLink ] + [-HomeLinkText ] [-HomeRealmDiscoveryOtherOrganizationDescriptionText ] + [-HomeRealmDiscoveryPageDescriptionText ] [-OrganizationalNameDescriptionText ] + [-PrivacyLink ] [-PrivacyLinkText ] [-SignInPageDescriptionText ] + [-SignInPageAdditionalAuthenticationDescriptionText ] [-PassThru] + [-TargetRelyingPartyWebContent] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsRelyingPartyWebContent** cmdlet sets properties for a relying party web content object. +These properties override equivalent values set by using the **Set-AdfsGlobalWebContent** cmdlet to obtain a web content object. +Specify a relying party web content object by using a name and locale, or use the **Get-AdfsRelyingPartyWebContent** cmdlet. +If you do not specify a locale, the cmdlet uses the invariant locale. + +## EXAMPLES + +### Example 1: Specify a generic error message +``` +PS C:\> Set-AdfsRelyingPartyWebContent -Name "RelyingParty01" -ErrorPageGenericErrorMessage "There is an error." +``` + +This command specifies a generic error message to display to users for the relying party named RelyingParty01. + +### Example 2: Specify multiple error messages +``` +PS C:\> Set-AdfsRelyingPartyWebContent -Locale en-us -Name "RelyingParty02" -ErrorPageAuthorizationErrorMessage "There is an authorization error." -ErrorPageDeviceAuthenticationErrorMessage "There is a device authentication error." -ErrorPageGenericErrorMessage "There is an error." +``` + +This command assigns multiple error messages to display to users for the relying party named RelyingParty01 with the specified locale. + +### Example 2: Create a custom message on the Sign in page +``` +PS C:\> Set-AdfsRelyingPartyWebContent -SignInPageDescription "If you have forgotten your password, visit Microsoft Entra self-service password reset." -TargetRelyingPartyName "Microsoft Office 365 Identity Platform" +``` + +The command creates a custom message on the Sign in page for the Office 365 relying party. + +## PARAMETERS + +### -CertificatePageDescriptionText +Specifies text to display under the text for the *CompanyName* parameter on the certificate selection page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CompanyName +Specifies the heading text on Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageAuthorizationErrorMessage +Specifies an error message to display when a user encounters any authorization errors that occur for a token request. +This string can be an HTML fragment. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageDescriptionText +Specifies the text under the text for the *CompanyName* parameter on the Sign in error page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageDeviceAuthenticationErrorMessage +Specifies an error message to display for any device authentication errors that occur for a token request. +Device authentication errors occur when the user presents an expired user@device certificate to Active Directory Federation Services (AD FS), a certificate that is not found in Active Directory® Domain Services, or a certificate that is disabled in Active Directory Domain Services. +This string can be an HTML fragment. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageGenericErrorMessage +Specifies an error message to display for any generic errors that occur for a token request. +This string can be an HTML fragment. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ErrorPageSupportEmail +Specifies the email address to display on the Sign in error page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HelpDeskLink +Specifies the target of the Help Desk link at the bottom of the Sign in page. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HelpDeskLinkText +Specifies the text of the Help Desk link at the bottom of the Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeLink +Specifies the target of the Home link at the bottom of the Sign in page. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeLinkText +Specifies the text of the Home link at the bottom of the Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeRealmDiscoveryOtherOrganizationDescriptionText +Specifies a description displayed above the user name entry prompt. +If you configure a UPN suffix mapping to one or more claims provider trusts, the home realm discovery page features an option for Other organization. +If users select this option, they are prompted to enter a user name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HomeRealmDiscoveryPageDescriptionText +Specifies text to display under the text for the *CompanyName* parameter on the home realm discovery page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Locale +Specifies a locale. +The cmdlet sets relying party web content for the locale that you specify. + +```yaml +Type: CultureInfo +Parameter Sets: IdentifierName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OrganizationalNameDescriptionText +Specifies the text under the text for the *CompanyName* parameter on the Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrivacyLink +Specifies the target of the Privacy link at the bottom of the Sign in page. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrivacyLinkText +Specifies the text of the Privacy link at the bottom of the Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignInPageAdditionalAuthenticationDescriptionText +Specifies the text under the text for the *CompanyName* parameter on the additional authentication choice page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SignInPageDescriptionText +Specifies the text under the sign in options on the Sign in page. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetRelyingPartyName +Specifies the name of the relying party trust to modify. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: Name + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetRelyingPartyWebContent +Specifies the name of the relying party web content to modify. + +```yaml +Type: AdfsRelyingPartyWebContent +Parameter Sets: IdentifierObject +Aliases: TargetWebContent + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.IdentityServer.Management.Resources.AdfsRelyingPartyWebContent +This cmdlet generates a **System.IdentityServer.Management.Resources.AdfsRelyingPartyWebContent** object that represents web content of a relying party, or an array of such objects. +The object includes the following properties: + +- Locale: **System.Globalization.CultureInfo** +- Name: **System.String** +- ErrorPageGenericErrorMessage: **System.String** +- ErrorPageAuthorizationErrorMessage: **System.String** +- ErrorPageDeviceAuthenticationErrorMessage: **System.String** + +## NOTES + +## RELATED LINKS + +[Get-AdfsRelyingPartyWebContent](./Get-AdfsRelyingPartyWebContent.md) + +[Remove-AdfsRelyingPartyWebContent](./Remove-AdfsRelyingPartyWebContent.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebTheme.md b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebTheme.md new file mode 100644 index 0000000000..aadc445b39 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsRelyingPartyWebTheme.md @@ -0,0 +1,258 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsrelyingpartywebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsRelyingPartyWebTheme +--- + +# Set-AdfsRelyingPartyWebTheme + +## SYNOPSIS +Applies a web theme to a relying party. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsRelyingPartyWebTheme [-StyleSheet ] [-RTLStyleSheetPath ] + [-OnLoadScriptPath ] [-Logo ] [-Illustration ] + [-SourceWebThemeName ] [-SourceRelyingPartyName ] [-TargetRelyingPartyName] [-WhatIf] + [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsRelyingPartyWebTheme [-StyleSheet ] [-RTLStyleSheetPath ] + [-OnLoadScriptPath ] [-Logo ] [-Illustration ] + [-SourceWebThemeName ] [-SourceRelyingPartyName ] + [-TargetRelyingPartyWebTheme] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsRelyingPartyWebTheme** cmdlet applies a web theme to a relying party. +A web theme includes logo, illustration, stylesheets, and custom onload.js files. + +## EXAMPLES + +### Example 1: Create a custom theme and assign it to the Office 365 relying party trust +``` +PS C:\> New-AdfsWebTheme -Name "Office365Theme" -SourceName "default" +PS C:\> Set-AdfsWebTheme -TargetName "Office365Theme" -Illustration @{Path="C:\localpath\illustration22.jpg"} +PS C:\> Set-AdfsRelyingPartyWebTheme -TargetRelyingPartyName "Microsoft Office 365 Identity Platform" -SourceWebThemeName "Office365Theme" +``` + +The first command creates an AD FS web theme by using the **New-AdfsWebTheme** cmdlet. +The theme is named Office365Theme. + +The second command modifies Office365Theme by using the **Set-AdfsWebTheme** cmdlet. + +The final command assigns the custom theme to the Office 365 relying party trust. + +### Example 2: Create an advanced per application custom theme and assign it to a relying party +``` +PS C:\> New-AdfsWebTheme -Name "AppSpecificTheme" -SourceName "default" +PS C:\> Export-AdfsWebTheme -Name "AppSpecificTheme" -DirectoryPath "C:\AppSpecificTheme" +PS C:\> Set-AdfsWebTheme -TargetName "AppSpecificTheme" -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';Path="C:\AppSpecificTheme\script\onload.js"} +PS C:\> Set-AdfsRelyingPartyWebTheme -TargetRelyingPartyName "urn:app1" -SourceWebThemeName "AppSpecificTheme" +``` + +The first command creates a theme as a copy of the default global theme in AD FS by using **New-AdfsWebTheme**. + +The second command exports the theme for customization by using the **Export-AdfsWebTheme** cmdlet. + +The third command customizes the theme by specifying files by using **Set-AdfsWebTheme**. + +The final command applies the customized theme to a relying party. + +## PARAMETERS + +### -Illustration +Specifies an illustration as a hash table. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logo +Specifies a logo as a hash table. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OnLoadScriptPath +Specifies the path of an onload script. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RTLStyleSheetPath +Specifies the path of the RTL style sheet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceRelyingPartyName +Specifies the name of the source relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceWebThemeName +Specifies the name of the source web theme. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StyleSheet +Specifies a style sheet as a hash table. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetRelyingPartyName +Specifies the name of the target relying party. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: Name + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingPartyWebTheme +Specifies the name of the target web theme. + +```yaml +Type: AdfsRelyingPartyWebTheme +Parameter Sets: IdentifierObject +Aliases: TargetWebTheme + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebTheme](./Export-AdfsWebTheme.md) + +[Get-AdfsRelyingPartyWebTheme](./Get-AdfsRelyingPartyWebTheme.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + +[Remove-AdfsRelyingPartyWebTheme](./Remove-AdfsRelyingPartyWebTheme.md) + +[Set-AdfsWebTheme](./Set-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsScopeDescription.md b/docset/winserver2025-ps/adfs/Set-AdfsScopeDescription.md new file mode 100644 index 0000000000..0d5ebe4f74 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsScopeDescription.md @@ -0,0 +1,142 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsscopedescription?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsScopeDescription +--- + +# Set-AdfsScopeDescription + +## SYNOPSIS +Modifies a scope description in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Set-AdfsScopeDescription [-Description ] [-WhatIf] [-Confirm] [] +``` + +### Name +``` +Set-AdfsScopeDescription [-Description ] [-TargetName] [-WhatIf] [-Confirm] + [] +``` + +### InputObject +``` +Set-AdfsScopeDescription [-Description ] [-InputObject] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsScopeDescription** cmdlet modifies a scope description that represents the scope of access granted to resources and applications in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +Specifies the scope description to modify. + +```yaml +Type: OAuthScopeDescription +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the scope description to modify. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.IdentityServer.Management.Resources.OAuthScopeDescription + +OAuthScopeDescription objects are received by the *InputObject* parameter. + +### System.String + +String objects are received by the *TargetName* parameter. + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsScopeDescription](./Add-AdfsScopeDescription.md) + +[Get-AdfsScopeDescription](./Get-AdfsScopeDescription.md) + +[Remove-AdfsScopeDescription](./Remove-AdfsScopeDescription.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsServerApplication.md b/docset/winserver2025-ps/adfs/Set-AdfsServerApplication.md new file mode 100644 index 0000000000..805685a0a6 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsServerApplication.md @@ -0,0 +1,381 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 09/19/2017 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfsserverapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsServerApplication +--- + +# Set-AdfsServerApplication + +## SYNOPSIS +Modifies configuration settings for a server application role of an application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Set-AdfsServerApplication [-TargetIdentifier] [-Identifier ] [-Name ] + [-RedirectUri ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-ChangeClientSecret] [-ResetClientSecret] [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] + [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### Name +``` +Set-AdfsServerApplication [-TargetName] [-Identifier ] [-Name ] + [-RedirectUri ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-ChangeClientSecret] [-ResetClientSecret] [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] + [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### ApplicationObject +``` +Set-AdfsServerApplication [-TargetApplication] [-Identifier ] [-Name ] + [-RedirectUri ] [-Description ] [-ADUserPrincipalName ] + [-JWTSigningCertificate ] [-JWTSigningCertificateRevocationCheck ] + [-ChangeClientSecret] [-ResetClientSecret] [-JWKSUri ] [-ReloadJWTSigningKeys] [-JWKSFile ] + [-LogoutUri ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsServerApplication** cmdlet modifies configuration settings for a server application role of an application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -ADUserPrincipalName +Specifies the Active Directory account that corresponds to the confidential client that is registered. +The only client authentication method available for use with Active Directory accounts is Windows Integrated Authentication (WIA). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ChangeClientSecret +Indicates that this cmdlet changes the client secret value. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -JWKSFile +Specifies a file that contains a JSON Web Token (JWT). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWKSUri +Specifies the URI of a JWT. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificate +Specifies an array of signing certificates for JWT. +This public certificate is used to validate signatures for JWTs issued by this client for authenticating itself against AD FS by using the private key JWT client authentication method. + +```yaml +Type: X509Certificate2[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JWTSigningCertificateRevocationCheck +Specifies revocation checks to perform to validate signatures for JWTs sent by confidential clients. +The acceptable values for this parameter are: + +- None +- CheckEndCert +- CheckEndCertCacheOnly +- CheckChain +- CheckChainCacheOnly +- CheckChainExcludeRoot +- CheckChainExcludeRootCacheOnly + +```yaml +Type: RevocationSetting +Parameter Sets: (All) +Aliases: +Accepted values: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogoutUri +Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectUri +Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. +The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS. + +The redirection URI specified by the client must already be registered with AD FS. +It must correspond to the client identifier for that OAuth 2.0 client. +If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI. + +The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. +This includes trailing slashes '/', if they are required. +We recommended the use of more secure schemes such as https in a redirection URI. + +For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the `ms-app://` scheme for a redirection URI. +If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment: + +`Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();` + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ReloadJWTSigningKeys +Indicates that this cmdlet reloads JWT signing keys. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResetClientSecret +Indicates that this cmdlet resets the client secret value. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the server application. + +```yaml +Type: ServerApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the server application. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the server application. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsServerApplication](./Add-AdfsServerApplication.md) + +[Get-AdfsServerApplication](./Get-AdfsServerApplication.md) + +[Remove-AdfsServerApplication](./Remove-AdfsServerApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsSslCertificate.md b/docset/winserver2025-ps/adfs/Set-AdfsSslCertificate.md new file mode 100644 index 0000000000..88123e9607 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsSslCertificate.md @@ -0,0 +1,115 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfssslcertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsSslCertificate +--- + +# Set-AdfsSslCertificate + +## SYNOPSIS +Sets an SSL certificate for HTTPS bindings for AD FS. + +## SYNTAX + +```powershell +Set-AdfsSslCertificate -Thumbprint [-Force ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsSslCertificate** cmdlet sets an SSL certificate for HTTPS bindings for Active Directory Federation Services (AD FS). +Use this cmdlet to change the SSL certificate associated with the AD FS service. On Server 2016, this is a multi-node commandlet, meaning it only has to run on the primary and all nodes in the farm will be updated. On Server 2012R2, run the command on each ADFS server in the ADFS farm. + +Use this cmdlet to change the deployment from one in which both user certificate authentication and device certificate authentication use port 443, to one in which user certificate authentication uses a non-standard port. +Specify a new certificate that does not contain a Subject Alternative Name (SAN) for `certauth`.\, as in `certauth.contoso.com`. + +## EXAMPLES + +### Example 1: Set a certificate +```powershell +PS C:\> Set-AdfsSslCertificate -Thumbprint "FC85DDB0FC58E63D8CB52654F22E4BE7900FE349" +``` + +This command sets the specified certificate for HTTPS bindings for AD FS. + +## PARAMETERS + +### -Force +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Thumbprint +Specifies the thumbprint of a certificate. +The thumbprint that you specify corresponds to the certificate installed on the federation server in the local store. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsSslCertificate](./Get-AdfsSslCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsSyncProperties.md b/docset/winserver2025-ps/adfs/Set-AdfsSyncProperties.md new file mode 100644 index 0000000000..594c7e4a50 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsSyncProperties.md @@ -0,0 +1,132 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfssyncproperties?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsSyncProperties +--- + +# Set-AdfsSyncProperties + +## SYNOPSIS +Modifies the frequency of synchronization for the AD FS configuration database and which server is primary in the farm. + +## SYNTAX + +``` +Set-AdfsSyncProperties [-PrimaryComputerName ] [-PrimaryComputerPort ] [-PollDuration ] + [-Role ] [] +``` + +## DESCRIPTION +The **Set-ADFSSyncProperties** cmdlet modifies the frequency of synchronization for the Active Directory Federation Services (AD FS) configuration database. +The cmdlet also specifies which federation server is the primary server in the federation server farm. + +## EXAMPLES + +### Example 1: Modify the poll duration for a farm +``` +PS C:\> Set-AdfsSyncProperties -PollDuration 3600 -PrimaryComputerName "FederationServerPrimary" +``` + +This command modifies the database synchronization to 3600 seconds. +The command makes the change to the primary federation server. + +### Example 2: Change a server from secondary to primary +``` +PS C:\> Set-AdfsSyncProperties -Role "PrimaryComputer" +``` + +This command changes an AD FS server in a WID farm from secondary to primary. + +### Example 3: Change a primary server to a secondary server +``` +PS C:\> Set-AdfsSyncProperties -Role "SecondaryComputer" -PrimaryComputerName "" +``` + +This command changes a primary AD FS server in a WID farm to a secondary server. +Note: The primary server must be accessible via HTTP on port 80 from the secondary server. + +## PARAMETERS + +### -PollDuration +Specifies how often, in seconds, the AD FS configuration database synchronizes with the primary federation server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerName +Specifies the name of the primary federation server in a federation server farm. +Modify settings for the Federation Service on the primary federation server. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerPort +Specifies the primary computer port. +The primary computer in the federation server farm uses the TCP port that you specify. +Modify settings for the Federation Service on the primary federation server. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Role +Specifies the role for this federation server. +The acceptable values for this parameter are: primary and secondary. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsSyncProperties](./Get-AdfsSyncProperties.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsTrustedFederationPartner.md b/docset/winserver2025-ps/adfs/Set-AdfsTrustedFederationPartner.md new file mode 100644 index 0000000000..393c077d28 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsTrustedFederationPartner.md @@ -0,0 +1,182 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfstrustedfederationpartner?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsTrustedFederationPartner +--- + +# Set-AdfsTrustedFederationPartner + +## SYNOPSIS +Modifies configuration settings for trusted federation partners in AD FS. + +## SYNTAX + +### Name (Default) +``` +Set-AdfsTrustedFederationPartner [-FederationPartnerHostName ] [-Name ] [-TargetName] + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### FederationPartnerHostName +``` +Set-AdfsTrustedFederationPartner [-FederationPartnerHostName ] [-Name ] + [-TargetFederationPartnerHostName] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Set-AdfsTrustedFederationPartner [-FederationPartnerHostName ] [-Name ] + [-TargetFederationPartner] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsTrustedFederationPartner** cmdlet modifies configuration settings of a federation partner that is trusted by this instance of Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -FederationPartnerHostName +Specifies the URI of the federation partner. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the federation partner. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetFederationPartner +Specifies a federation partner for which to modify settings. + +```yaml +Type: AdfsTrustedFederationPartner +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetFederationPartnerHostName +Specifies the URI of a federation partner for which to modify settings. + +```yaml +Type: Uri +Parameter Sets: FederationPartnerHostName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of a federation partner for which to modify settings. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsTrustedFederationPartner](./Add-AdfsTrustedFederationPartner.md) + +[Get-AdfsTrustedFederationPartner](./Get-AdfsTrustedFederationPartner.md) + +[Remove-AdfsTrustedFederationPartner](./Remove-AdfsTrustedFederationPartner.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsWebApiApplication.md b/docset/winserver2025-ps/adfs/Set-AdfsWebApiApplication.md new file mode 100644 index 0000000000..0ec74bfa47 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsWebApiApplication.md @@ -0,0 +1,574 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfswebapiapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsWebApiApplication +--- + +# Set-AdfsWebApiApplication + +## SYNOPSIS +Modifies configuration settings for a Web API application in AD FS. + +## SYNTAX + +### Identifier (Default) +``` +Set-AdfsWebApiApplication [-TargetIdentifier] [-AllowedAuthenticationClassReferences ] + [-AlwaysRequireAuthentication ] [-ClaimsProviderName ] [-Name ] + [-NotBeforeSkew ] [-Identifier ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-Description ] [-TokenLifetime ] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-RequestMFAFromClaimsProviders ] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### Name +``` +Set-AdfsWebApiApplication [-TargetName] [-AllowedAuthenticationClassReferences ] + [-AlwaysRequireAuthentication ] [-ClaimsProviderName ] [-Name ] + [-NotBeforeSkew ] [-Identifier ] [-IssuanceAuthorizationRules ] + [-IssuanceAuthorizationRulesFile ] [-DelegationAuthorizationRules ] + [-DelegationAuthorizationRulesFile ] [-ImpersonationAuthorizationRules ] + [-ImpersonationAuthorizationRulesFile ] [-IssuanceTransformRules ] + [-IssuanceTransformRulesFile ] [-AdditionalAuthenticationRules ] + [-AdditionalAuthenticationRulesFile ] [-AccessControlPolicyName ] + [-AccessControlPolicyParameters ] [-Description ] [-TokenLifetime ] + [-AllowedClientTypes ] [-IssueOAuthRefreshTokensTo ] + [-RefreshTokenProtectionEnabled ] [-RequestMFAFromClaimsProviders ] [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### ApplicationObject +``` +Set-AdfsWebApiApplication [-TargetApplication] + [-AllowedAuthenticationClassReferences ] [-AlwaysRequireAuthentication ] + [-ClaimsProviderName ] [-Name ] [-NotBeforeSkew ] [-Identifier ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-DelegationAuthorizationRules ] [-DelegationAuthorizationRulesFile ] + [-ImpersonationAuthorizationRules ] [-ImpersonationAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] [-Description ] + [-TokenLifetime ] [-AllowedClientTypes ] + [-IssueOAuthRefreshTokensTo ] [-RefreshTokenProtectionEnabled ] + [-RequestMFAFromClaimsProviders ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsWebApiApplication** cmdlet modifies configuration settings for a Web API application role to an existing application in Active Directory Federation Services (AD FS). + +## EXAMPLES + +## PARAMETERS + +### -AccessControlPolicyName +Specifies the name of an access control policy. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +Specifies the parameters of an access control policy. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies additional authentication rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains all the rules for additional authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedAuthenticationClassReferences +Specifies an array of allow authentication class references. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedClientTypes +Specifies allowed client types. +The acceptable values for this parameter are: + +- None +- Public +- Confidential + +```yaml +Type: AllowedClientTypes +Parameter Sets: (All) +Aliases: +Accepted values: None, Public, Confidential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates that this Web API application role always requires authentication, even if it previously authenticated credentials for access. +Specify this parameter to require users to always supply credentials to access sensitive resources. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClaimsProviderName +Specifies an array of claims provider names that you can configure for a relying party trust for Home Realm Discovery (HRD) scenario. + +If claims provider names are specified for a relying party, the home realm discovery page shows only those claims providers for this relying party. +If only one claims provider name is specified, home realm discovery page is not shown. +The user is redirected to this claims provider for authentication. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRules +Specifies delegation authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DelegationAuthorizationRulesFile +Specifies a file that contains all the rules for delegation authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of identifiers. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRules +Specifies the impersonation authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImpersonationAuthorizationRulesFile +Specifies a file that contains all the rules for impersonation authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the issuance authorization rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies a file that contains all the rules for issuance authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies the issuance transform rules. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies a file that contains all the rules for issuance transform for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssueOAuthRefreshTokensTo +Specifies the refresh token issuance device types. +The acceptable values for this parameter are: + +- NoDevice +- WorkplaceJoinedDevices +- AllDevices + +```yaml +Type: RefreshTokenIssuanceDeviceTypes +Parameter Sets: (All) +Aliases: +Accepted values: NoDevice, WorkplaceJoinedDevices, AllDevices + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the not before skew value. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RefreshTokenProtectionEnabled +Indicates whether refresh token protection is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestMFAFromClaimsProviders +Indicates that the request MFA from claims providers option is used. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetApplication +Specifies the Web application for which to modify settings. + +```yaml +Type: WebApiApplication +Parameter Sets: ApplicationObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the ID of the Web application for which to modify settings. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the Web application for which to modify settings. + +```yaml +Type: String +Parameter Sets: Name +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the token lifetime. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *AccessControlPolicyName*, *AdditionalAuthenticationRules*, *DelegationAuthorizationRules*, *Description*, *ImpersonationAuthorizationRules*, *IssuanceAuthorizationRules*, *IssuanceTransformRules*, *TargetIdentifier*, and *TargetName* parameters. + +### System.Object + +Objects are received by the *AccessControlPolicyParameters* parameter. + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +WebApiApplication objects are received by the *TargetApplication* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.Management.Resources.WebApiApplication + +Returns the updated WebApiApplication object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApiApplication](./Add-AdfsWebApiApplication.md) + +[Get-AdfsWebApiApplication](./Get-AdfsWebApiApplication.md) + +[Remove-AdfsWebApiApplication](./Remove-AdfsWebApiApplication.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsWebApplicationProxyRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Set-AdfsWebApplicationProxyRelyingPartyTrust.md new file mode 100644 index 0000000000..e6f363a5d7 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsWebApplicationProxyRelyingPartyTrust.md @@ -0,0 +1,331 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfswebapplicationproxyrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsWebApplicationProxyRelyingPartyTrust +--- + +# Set-AdfsWebApplicationProxyRelyingPartyTrust + +## SYNOPSIS +Modifies properties of the relying party trust object for the Web Application Proxy. + +## SYNTAX + +``` +Set-AdfsWebApplicationProxyRelyingPartyTrust [-AlwaysRequireAuthentication ] [-Identifier ] + [-AccessControlPolicyName ] [-AccessControlPolicyParameters ] + [-IssuanceAuthorizationRules ] [-IssuanceAuthorizationRulesFile ] + [-IssuanceTransformRules ] [-IssuanceTransformRulesFile ] + [-AdditionalAuthenticationRules ] [-AdditionalAuthenticationRulesFile ] [-Name ] + [-NotBeforeSkew ] [-Notes ] [-PassThru] [-TokenLifetime ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AdfsWebApplicationProxyRelyingPartyTrust** cmdlet modifies properties of the relying party trust object for Web Application Proxy. +You can modify authentication and authorization policies that control all external access through the proxy. + +## EXAMPLES + +### Example 1: Specify authorization rules by using a file +``` +PS C:\> Set-AdfsWebApplicationProxyRelyingPartyTrust -IssuanceAuthorizationRulesFile "C:\Rules\RulesFile07" +``` + +This command specifies authorization rules for the Web Application Proxy relying party trust, based on a file that contains the rules. + +## PARAMETERS + +### -AccessControlPolicyName +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AccessControlPolicyParameters +Specifies access control policy parameters. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRules +Specifies rules for additional authentication on the proxy. +For more information about the claim language for rules, see [Understanding Claim Rule Language in AD FS 2.0 & Higher](https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx) on TechNet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdditionalAuthenticationRulesFile +Specifies a file that contains rules for additional authentication for this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlwaysRequireAuthentication +Indicates whether access requires authentication, even if this relying party has previously authenticated credentials for access. +Specify a value of $True to require users to always supply credentials to access sensitive resources. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Identifier +Specifies an array of unique identifiers. +The proxy uses the identifiers that you specify to specify its corresponding relying party trust when it initiates sign-in requests to obtain tokens for itself. +No other trust can use an identifier from this list. +As common practice, you can use Uniform Resource Identifiers (URIs) as unique identifiers for a relying party trust, or you can use any string. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRules +Specifies the issuance authorization rules for issuing claims to this relying party. +Issuance authorization rules control access to applications that are enabled for pre-authentication through Active Directory Federation Services (AD FS), and then accessed through the proxy. +By default, all authenticated users can access applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceAuthorizationRulesFile +Specifies a file that contains the issuance authorization rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IssuanceTransformRules +Specifies the issuance transform rules for issuing claims to this relying party. +You should not, typically, modify the value of this setting. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IssuanceTransformRulesFile +Specifies a file that contains the issuance transform rules for issuing claims to this relying party. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies a name. +The cmdlet modifies the Web Application Proxy relying party trust that has the friendly name that you specify. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBeforeSkew +Specifies the skew, as an integer, for the time stamp that marks the beginning of the validity period. +The higher this number is, the farther back in time the validity period begins with respect to the time that the claims are issued for the relying party. +By default, this value is 0. +Specify a positive value if validation fails on the Web Application Proxy relying party because the validity period has not yet begun. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Notes +Specifies notes. +The cmdlet stores the notes that you specify for the Web Application Proxy relying party trust. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TokenLifetime +Specifies the duration, in minutes, for which the claims that are issued to the relying party are valid. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AdfsWebApplicationProxyRelyingPartyTrust](./Add-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Disable-AdfsWebApplicationProxyRelyingPartyTrust](./Disable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Enable-AdfsWebApplicationProxyRelyingPartyTrust](./Enable-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Get-AdfsWebApplicationProxyRelyingPartyTrust](./Get-AdfsWebApplicationProxyRelyingPartyTrust.md) + +[Remove-AdfsWebApplicationProxyRelyingPartyTrust](./Remove-AdfsWebApplicationProxyRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsWebConfig.md b/docset/winserver2025-ps/adfs/Set-AdfsWebConfig.md new file mode 100644 index 0000000000..f5b60dc841 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsWebConfig.md @@ -0,0 +1,209 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfswebconfig?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsWebConfig +--- + +# Set-AdfsWebConfig + +## SYNOPSIS +Modifies web customization configuration settings. + +## SYNTAX + +``` +Set-AdfsWebConfig [-ActiveThemeName ] [-CDCCookieReader ] [-CDCCookieWriter ] + [-HRDCookieLifetime ] [-HRDCookieEnabled ] [-ContextCookieEnabled ] [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsWebConfig** cmdlet modifies web customization configuration settings. +These settings impact any protocol that Active Directory Federation Services (AD FS) supports where a web browser facilitates token requests for home realm discovery (HRD) and authentication. + +## EXAMPLES + +### Example 1: Set customization configuration properties +``` +PS C:\> Set-AdfsWebConfig -ActiveThemeName "Default" -CDCCookieReader https://www.Contoso.com/reader.aspx -CDCCookieWriter https://www.Contoso.com/writer.aspx -ContextCookieEnabled $True -HRDCookieEnabled $True -HRDCookieLifetime 30 + +ActiveThemeName : Default + +CDCCookieReader : + +CDCCookieWriter : + +HRDCookieLifetime : 30 + +HRDCookieEnabled : True + +ContextCookieEnabled : True +``` + +This command sets properties in the web customization configuration settings. + +## PARAMETERS + +### -ActiveThemeName +Specifies the name of a web theme to be set as the active web theme in the web customization configuration. +To create a web theme, use the **New-AdfsWebTheme** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CDCCookieReader +Specifies the Uniform Resource Identifier (URI) of the Common Domain Cookie (CDC) reader. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CDCCookieWriter +Specifies the URI of the CDC writer. + +```yaml +Type: Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContextCookieEnabled +Indicates whether to enable the context cookie. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HRDCookieEnabled +Indicates whether to enable the HRD cookie. +If you specify a value of $False, when AD FS has more than one claims provider trust enabled, end users must select the home realm in every application request. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HRDCookieLifetime +Specifies the lifetime, in days, of an HRD cookie. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String;System.String[];System.Uri;System.Int32;System.Boolean + +## OUTPUTS + +### +This cmdlet generates string for a theme to save as the active theme. + +## NOTES + +## RELATED LINKS + +[Get-AdfsWebConfig](./Get-AdfsWebConfig.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Set-AdfsWebTheme.md b/docset/winserver2025-ps/adfs/Set-AdfsWebTheme.md new file mode 100644 index 0000000000..137acb8272 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Set-AdfsWebTheme.md @@ -0,0 +1,288 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/set-adfswebtheme?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AdfsWebTheme +--- + +# Set-AdfsWebTheme + +## SYNOPSIS +Modifies properties of a web theme. + +## SYNTAX + +### IdentifierName (Default) +``` +Set-AdfsWebTheme [-StyleSheet ] [-RTLStyleSheetPath ] [-OnLoadScriptPath ] + [-Logo ] [-Illustration ] [-AdditionalFileResource ] [-PassThru] + [-TargetName] [-WhatIf] [-Confirm] [] +``` + +### IdentifierObject +``` +Set-AdfsWebTheme [-StyleSheet ] [-RTLStyleSheetPath ] [-OnLoadScriptPath ] + [-Logo ] [-Illustration ] [-AdditionalFileResource ] [-PassThru] + [-TargetWebTheme] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AdfsWebTheme** cmdlet modifies properties of an **AdfsWebTheme** object. +Specify a web theme by name or by using the **Get-AdfsWebTheme** cmdlet. + +## EXAMPLES + +### Example 1: Modify a web named theme +``` +PS C:\> Set-AdfsWebTheme -TargetName "Theme01" -Illustration @{Locale="";Path="c:\illustration.png"} -Logo @{Locale="";Path="c:\logo.png"} -RTLStyleSheetPath "C:\StyleSheet.css" -StyleSheet @{Locale="";Path="c:\stylesheet.css"} +``` + +This command modifies a web theme named Theme01. +The command uses standard Windows PowerShell® syntax to create hash tables. +For more information, type `Get-Help about_Hash_Tables`. +The command specifies an illustration image, a logo image, an RTL style sheet, and a cascading style sheet for Theme01. +The command specifies no value for **Locale** for any of these parameters, and, therefore, the illustration, logo, and style sheet all use the invariant locale. + +### Example 2: Specify an additional resource +``` +PS C:\> Set-AdfsWebTheme -TargetName "Theme02" -AdditionalFileResource @{Uri="/adfs/portal/Background.png";Path="Background.png"} +``` + +This command specifies an additional file resource for the web theme named Theme02. +The command makes a resource, in this case, BackGround.png, available to cascading style sheets or JavaScript applications. + +### Example 3: Modify a web theme by using a variable +``` +PS C:\> $Theme = Get-AdfsWebTheme -Name "Theme03" +PS C:\> Set-AdfsWebTheme -TargetWebTheme $Theme -Illustration @{Locale="";Path="C:\Illustration.png"} -Logo @{Locale="";Path="C:\Logo.png"} -RTLStyleSheetPath "C:\StyleSheet.css" -StyleSheet @{Locale="";Path="C:\StyleSheet.css"} +``` + +The first command uses the **Get-AdfsWebTheme** cmdlet to get the web theme named Theme03, and then stores it in the $Theme variable. + +The second command modifies the web theme stored in the $Theme. +The command specifies an illustration image, a logo image, an RTL style sheet, and a cascading style sheet for that theme. + +## PARAMETERS + +### -AdditionalFileResource +Specifies an array of **Hashtable** objects that specify additional file resources by using two string keys: **Uri** and **Path**. +For more information, type `Get-Help about_Hash_Tables`. +**Uri** is the relative Uniform Resource Identifier (URI) string for a resource. +The URI always begins with /adfs/portal/. +**Path** is the file path of a resource. +If you do not specify the path, the cmdlet removes the file resource that corresponds to the specified URI. + +Specify this parameter to make resources, such as images, available to cascading style sheets or JavaScript applications. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Illustration +Specifies an array of **Hashtable** objects that specify illustrations by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object. +**Path** is a file path. +If you do not specify a locale, **Locale** refers to the invariant locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logo +Specifies an array of **Hashtable** objects that specify logos by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object. +**Path** is a file path. +If you do not specify a locale, **Locale** refers to the invariant locale. +If you do not specify a path, the cmdlet removes the file content that corresponds to the specified locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OnLoadScriptPath +Specify this parameter to make resources, such as images, available to cascading style sheets or JavaScript applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RTLStyleSheetPath +Specifies a file path to a run-time library (RTL) style sheet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StyleSheet +Specifies an array of **Hashtable** objects that specify style sheets by using two string keys: **Locale** and **Path**. +**Locale** is a **CultureInfo** object for a style sheet. +**Path** is a file path of the style sheet. +If you do not specify a locale, **Locale** refers to the invariant locale. +If you do not specify a path, the cmdlet removes the file content that corresponds to the specified locale. + +```yaml +Type: Hashtable[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetName +Specifies a name. +The cmdlet modifies the theme that you specify by name. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetWebTheme +Specifies an **AdfsWebTheme** object. +The cmdlet modifies the theme that you specify. +To obtain an **AdfsWebTheme** object, use the **Get-AdfsWebTheme** cmdlet. + +```yaml +Type: AdfsWebTheme +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.IdentityServer.Management.Resources.AdfsWebTheme +This cmdlet generates a web customization object, **System.IdentityServer.Management.Resources.AdfsWebTheme**. +This object includes the following properties: + +- Name: **System.String** +- IsBuiltinTheme: **System.Boolean** +- StyleSheet: **IDictionary\** +- Logo: **IDictionary\** +- Illustration: **IDictionary\** +- RTLStyleSheet: **byte\[\]** +- AdditionalFileResources: **IDictionary\** + +## NOTES + +## RELATED LINKS + +[Export-AdfsWebTheme](./Export-AdfsWebTheme.md) + +[Get-AdfsWebTheme](./Get-AdfsWebTheme.md) + +[New-AdfsWebTheme](./New-AdfsWebTheme.md) + +[Remove-AdfsWebTheme](./Remove-AdfsWebTheme.md) + diff --git a/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRaise.md b/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRaise.md new file mode 100644 index 0000000000..a83e0dc0d2 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRaise.md @@ -0,0 +1,139 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/test-adfsfarmbehaviorlevelraise?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-AdfsFarmBehaviorLevelRaise +--- + +# Test-AdfsFarmBehaviorLevelRaise + +## SYNOPSIS +Tests whether you can raise the behavior level of a farm. + +## SYNTAX + +### AdfsUpgradeServiceAccount (Default) +``` +Test-AdfsFarmBehaviorLevelRaise [-Member ] [-Credential ] + [-ServiceAccountCredential ] [-Force] [] +``` + +### AdfsUpgradeGmsaAccount +``` +Test-AdfsFarmBehaviorLevelRaise [-Member ] [-Credential ] + [-GroupServiceAccountIdentifier ] [-Force] [] +``` + +## DESCRIPTION +The **Test-AdfsFarmBehaviorLevelRaise** cmdlet tests whether the **Invoke-AdfsFarmBehaviorLevelRaise** cmdlet can raise the behavior level of an Active Directory Federation Services (AD FS) farm to enable the new features that are available in later versions of the Windows operating system. + +To test raising the behavior level of a farm that uses SQL Server as the policy database, specify the *Credential* parameter. + +## EXAMPLES + +### Example 1: Test raising the farm behavior level +``` +PS C:\> Test-AdfsFarmBehaviorLevelRaise +``` + +This command tests whether you can raise the farm behavior level. + +## PARAMETERS + +### -Credential +Specifies credentials necessary to run this cmdlet for an AD FS farm that uses SQL Server as the policy database. +The credentials provided must be an administrator on each AD FS server. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the ID of a group Managed Service Account. + +```yaml +Type: String +Parameter Sets: AdfsUpgradeGmsaAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Member +Specifies an array of members. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies credentials for a service account. + +```yaml +Type: PSCredential +Parameter Sets: AdfsUpgradeServiceAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Invoke-AdfsFarmBehaviorLevelRaise](./Invoke-AdfsFarmBehaviorLevelRaise.md) + +[Restore-AdfsFarmBehaviorLevel](./Restore-AdfsFarmBehaviorLevel.md) + +[Test-AdfsFarmBehaviorLevelRestore](./Test-AdfsFarmBehaviorLevelRestore.md) + diff --git a/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRestore.md b/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRestore.md new file mode 100644 index 0000000000..01e43b4bb0 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Test-AdfsFarmBehaviorLevelRestore.md @@ -0,0 +1,108 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/test-adfsfarmbehaviorlevelrestore?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-AdfsFarmBehaviorLevelRestore +--- + +# Test-AdfsFarmBehaviorLevelRestore + +## SYNOPSIS +Tests whether you can restore an AD FS farm to a previous behavior level. + +## SYNTAX + +``` +Test-AdfsFarmBehaviorLevelRestore [-Member ] [-Credential ] -FarmBehavior + [-Force] [] +``` + +## DESCRIPTION +The **Test-AdfsFarmBehaviorLevelRestore** cmdlet tests whether the **Restore-AdfsFarmBehaviorLevel** cmdlet can restore an Active Directory Federation Services (AD FS) farm to a previous behavior level. + +## EXAMPLES + +## PARAMETERS + +### -Credential +Specifies credentials necessary to run this cmdlet for an AD FS farm that uses SQL Server as the policy database. +The credentials provided must be an administrator on each AD FS server. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FarmBehavior +Specifies the farm behavior. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Member +Specifies an array of members. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Invoke-AdfsFarmBehaviorLevelRaise](./Invoke-AdfsFarmBehaviorLevelRaise.md) + +[Restore-AdfsFarmBehaviorLevel](./Restore-AdfsFarmBehaviorLevel.md) + +[Test-AdfsFarmBehaviorLevelRaise](./Test-AdfsFarmBehaviorLevelRaise.md) + diff --git a/docset/winserver2025-ps/adfs/Test-AdfsFarmInstallation.md b/docset/winserver2025-ps/adfs/Test-AdfsFarmInstallation.md new file mode 100644 index 0000000000..df49b5b7bc --- /dev/null +++ b/docset/winserver2025-ps/adfs/Test-AdfsFarmInstallation.md @@ -0,0 +1,334 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/test-adfsfarminstallation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-AdfsFarmInstallation +--- + +# Test-AdfsFarmInstallation + +## SYNOPSIS +Runs prerequisite checks for installing a new federation server farm. + +## SYNTAX + +### ADFSFarmCreateLocalDatabase (Default) +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -FederationServiceName [-FederationServiceDisplayName ] + -ServiceAccountCredential [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [] +``` + +### ADFSFarmCreateLocalDatabaseDisableAutoCertRollover +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential + -SigningCertificateThumbprint [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [] +``` + +### ADFSFarmCreateSharedDatabaseDisableAutoCertRollover +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -ServiceAccountCredential + -SigningCertificateThumbprint -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [] +``` + +### AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier + -SigningCertificateThumbprint [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [] +``` + +### AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -DecryptionCertificateThumbprint -FederationServiceName + [-FederationServiceDisplayName ] -GroupServiceAccountIdentifier + -SigningCertificateThumbprint -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [] +``` + +### ADFSFarmCreateSharedDatabase +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -FederationServiceName [-FederationServiceDisplayName ] + -ServiceAccountCredential -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [] +``` + +### AdfsFarmCreateLocalDatabaseGmsa +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -FederationServiceName [-FederationServiceDisplayName ] + -GroupServiceAccountIdentifier [-OverwriteConfiguration] [-SSLPort ] [-TlsClientPort ] + [-AdminConfiguration ] [] +``` + +### AdfsFarmCreateSharedDatabaseGmsa +``` +Test-AdfsFarmInstallation [-CertificateThumbprint ] [-Credential ] + -FederationServiceName [-FederationServiceDisplayName ] + -GroupServiceAccountIdentifier -SQLConnectionString [-OverwriteConfiguration] + [-SSLPort ] [-TlsClientPort ] [-AdminConfiguration ] [] +``` + +## DESCRIPTION +The **Test-AdfsFarmInstallation** cmdlet performs the checks that you must complete before you run the Install-AdfsFarm cmdlet to install a new federation server farm. + +## EXAMPLES + +### Example 1: Test the creation of a node in a federation server farm +``` +PS C:\> $Cred = Get-Credential +PS C:\> Test-AdfsFarmInstallation -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName "FS.Corp.Contoso.com" -ServiceAccountCredential $Cred +``` + +The first command uses the **Get-Credential** cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. +The command stores the credential object in the $Cred variable. + +The second command tests the creation the first node in a federation server farm that uses the Windows Internal Database on the local server computer. +The command specifies a thumbprint of the certificate. +AD FS uses this certificate as the SSL certificate and the service communications certificate. +The command uses automatically generated, self-signed certificates for the token signing and token decryption certificates. +The command specifies the credentials stored in $Cred for the Active Directory account under which the AD FS service runs. + +## PARAMETERS + +### -AdminConfiguration +Specifies admin configuration. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateThumbprint +Specifies the value of the thumbprint of the certificate that the Secure Sockets Layer (SSL) binding of the default website uses in Internet Information Services (IIS). +This value must match the thumbprint of a valid certificate in the certificate store of the local computer. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a **PSCredential** object based on a user name and password. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. +For more information, type `Get-Help Get-Credential`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DecryptionCertificateThumbprint +Specifies the value of the thumbprint of the certificate that Active Directory Federation Services (AD FS) uses for token decryption. +If you specify this parameter, AD FS disables automatic certificate rollover, and you must specify a token signing certificate by specifying the **SigningCertificateThumbprint** parameter. +This value must match the thumbprint of a valid certificate in the certificate store of the local computer. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationServiceDisplayName +Specifies the display name of the Federation Service. +The name of the Federation Service appears by default in sign-in pages. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationServiceName +Specifies the Domain Name System (DNS) name of the Federation Service. +This value must match the subject name of the certificate that you configure on the SSL binding in IIS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the name of the group Managed Service Account that the AD FS service uses as the logon identity for the AD FS Windows service. + +```yaml +Type: String +Parameter Sets: AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateLocalDatabaseGmsa, AdfsFarmCreateSharedDatabaseGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OverwriteConfiguration +Indicates that the AD FS service removes an existing AD FS configuration database and overwrites it with a new database. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies a **PSCredential** object based on a user name and password for the service account in Active Directory® Domain Services under which the AD FS service runs. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. +For more information, type `Get-Help Get-Credential`. + +```yaml +Type: PSCredential +Parameter Sets: ADFSFarmCreateLocalDatabase, ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabase +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SigningCertificateThumbprint +Specifies the value of the thumbprint of the certificate that the AD FS service uses for token signing. +If you specify this parameter, AD FS disables automatic certificate rollover, and you must also specify a token decryption certificate by using the **DecryptionCertificateThumbprint** parameter. +This value must match the thumbprint of a valid certificate in the certificate store of the local computer. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover, ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SQLConnectionString +Specifies the Microsoft SQL Server database that stores the AD FS configuration settings. +If you do not specify this parameter, the AD FS installer uses the Windows Internal Database to store configuration settings. + +```yaml +Type: String +Parameter Sets: ADFSFarmCreateSharedDatabaseDisableAutoCertRollover, AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa, ADFSFarmCreateSharedDatabase, AdfsFarmCreateSharedDatabaseGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SSLPort +Specifies the value of the port number of the SSL binding that the AD FS website uses. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TlsClientPort +Specifies the port number that the AD FS service uses for Transport Layer Security (TLS) authentication for the user certificate client. +The default value is 49443. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-Credential](https://go.microsoft.com/fwlink/?LinkID=293936) + +[Install-AdfsFarm](./Install-AdfsFarm.md) + +[Test-AdfsFarmJoin](./Test-AdfsFarmJoin.md) + diff --git a/docset/winserver2025-ps/adfs/Test-AdfsFarmJoin.md b/docset/winserver2025-ps/adfs/Test-AdfsFarmJoin.md new file mode 100644 index 0000000000..d2c4a93a42 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Test-AdfsFarmJoin.md @@ -0,0 +1,223 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Deployment.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/test-adfsfarmjoin?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-AdfsFarmJoin +--- + +# Test-AdfsFarmJoin + +## SYNOPSIS +Runs prerequisite checks for adding the server computer to a federation server farm. + +## SYNTAX + +### AdfsFarmJoinWidGmsa (Default) +``` +Test-AdfsFarmJoin [-CertificateThumbprint ] -GroupServiceAccountIdentifier + [-Credential ] -PrimaryComputerName [-PrimaryComputerPort ] [] +``` + +### ADFSFarmJoinWidSvcAcct +``` +Test-AdfsFarmJoin [-CertificateThumbprint ] -ServiceAccountCredential + [-Credential ] -PrimaryComputerName [-PrimaryComputerPort ] [] +``` + +### ADFSFarmJoinSqlSvcAcct +``` +Test-AdfsFarmJoin [-CertificateThumbprint ] -ServiceAccountCredential + [-Credential ] -SQLConnectionString [-FarmBehavior ] [] +``` + +### AdfsFarmJoinSqlGmsa +``` +Test-AdfsFarmJoin [-CertificateThumbprint ] -GroupServiceAccountIdentifier + [-Credential ] -SQLConnectionString [-FarmBehavior ] [] +``` + +## DESCRIPTION +The **Test-AdfsFarmJoin** cmdlet performs the checks that you must complete before you run the **Add-AdfsFarmNode** cmdlet to add the local server computer to an existing federation server farm. + +## EXAMPLES + +### Example 1: Test a server computer as a node in an existing federation server farm +``` +PS C:\> $FScred = Get-Credential +PS C:\> Test-AdfsFarmJoin -ServiceAccountCredential $FScred -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" +``` + +The first command uses the **Get-Credential** cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. +The command stores the credential object in the $FScred variable. + +The second command tests the joining of the local server computer as a node in an existing federation server farm that uses a SQL Server database that is installed on a computer named SQLHost. +The command specifies the credentials that are stored in the $FScred variable for the Active Directory account under which the AD FS service runs. + +### Example 2: Test the overwrites of an existing AD FS configuration database +``` +PS C:\> $FScred = Get-Credential +PS C:\> Test-AdfsFarmJoin -PrimaryComputerName "PrimaryWIDHost" -PrimaryComputerPort 80 -ServiceAccountCredential $FScred -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed +``` + +The first command uses the **Get-Credential** cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. +The command stores the credential object in the $FScred variable. + +The second command tests the overwrites of an existing AD FS configuration database and tests the joining of the local server computer as a node in an existing federation server farm that uses the Windows Internal Database. +The primary node of the farm is installed on a computer named PrimaryWIDHost. +The command specifies the credentials that are stored in $FScred for the Active Directory account under which the AD FS service runs. + +The *CertificateThumbprint* parameter must specify the thumbprint of a certificate that is currently installed in the certificate store of the local computer. +The certificate must be the same certificate that is used as the service communications certificate on the primary node. + +## PARAMETERS + +### -CertificateThumbprint +Specifies the value of the certificate thumbprint of the certificate that the Secure Sockets Layer (SSL) binding of the default website uses in Internet Information Services (IIS). +This value must match the thumbprint of a valid certificate in the certificate store of the local computer. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a **PSCredential** object based on a user name and password. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. +For more information, type `Get-Help Get-Credential`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FarmBehavior +Specifies farm behavior. + +```yaml +Type: Int32 +Parameter Sets: ADFSFarmJoinSqlSvcAcct, AdfsFarmJoinSqlGmsa +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupServiceAccountIdentifier +Specifies the name of the group Managed Service Account that the Active Directory Federation Services (AD FS) service uses as the logon identity for the AD FS service. + +```yaml +Type: String +Parameter Sets: AdfsFarmJoinWidGmsa, AdfsFarmJoinSqlGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerName +Specifies the name of the primary federation server in a federation server farm. +The cmdlet checks the federation server farm that has the primary federation server that you specify. + +```yaml +Type: String +Parameter Sets: AdfsFarmJoinWidGmsa, ADFSFarmJoinWidSvcAcct +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryComputerPort +Specifies the primary computer port. +The computer uses the HTTP port that you specify to connect with the primary computer in order to synchronize configuration settings. +Specify a value of 80 for this parameter, or specify an alternative value if the HTTP port on the primary computer is not 80. +If you do not specify this parameter, the cmdlet assigns the default port value of 443. + +```yaml +Type: Int32 +Parameter Sets: AdfsFarmJoinWidGmsa, ADFSFarmJoinWidSvcAcct +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccountCredential +Specifies a **PSCredential** object based on a user name and password for the service account in Active Directory® Domain Services under which the AD FS service runs. +To obtain a **PSCredential** object, use the **Get-Credential** cmdlet. +For more information, type `Get-Help Get-Credential`. + +```yaml +Type: PSCredential +Parameter Sets: ADFSFarmJoinWidSvcAcct, ADFSFarmJoinSqlSvcAcct +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SQLConnectionString +Specifies the Microsoft SQL Server database that will store the AD FS configuration settings. +If you do not specify this parameter, AD FS uses the Windows Internal Database to store configuration settings. + +```yaml +Type: String +Parameter Sets: ADFSFarmJoinSqlSvcAcct, AdfsFarmJoinSqlGmsa +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Add-AdfsFarmNode](./Add-AdfsFarmNode.md) + +[Test-AdfsFarmInstallation](./Test-AdfsFarmInstallation.md) + diff --git a/docset/winserver2025-ps/adfs/Unregister-AdfsAuthenticationProvider.md b/docset/winserver2025-ps/adfs/Unregister-AdfsAuthenticationProvider.md new file mode 100644 index 0000000000..95f9cec11c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Unregister-AdfsAuthenticationProvider.md @@ -0,0 +1,99 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/unregister-adfsauthenticationprovider?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Unregister-AdfsAuthenticationProvider +--- + +# Unregister-AdfsAuthenticationProvider + +## SYNOPSIS +Deletes an external authentication provider from AD FS. + +## SYNTAX + +``` +Unregister-AdfsAuthenticationProvider [-Name] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Unregister-AdfsAuthenticationProvider** cmdlet deletes an external authentication provider from Active Directory Federation Services (AD FS). +Use the **Get-AdfsAuthenticationProvider** cmdlet to get a list of registered authentication providers. + +## EXAMPLES + +### Example 1: Delete a registered authentication provider +``` +PS C:\> Unregister-AdfsAuthenticationProvider -Name "ContosoExternalAuthProvider" +``` + +This command deletes the additional authentication provider named ContosoExternalAuthProvider. + +## PARAMETERS + +### -Name +Specifies the name of an authentication provider to delete from AD FS. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AdfsAuthenticationProvider](./Get-AdfsAuthenticationProvider.md) + +[Register-AdfsAuthenticationProvider](./Register-AdfsAuthenticationProvider.md) + diff --git a/docset/winserver2025-ps/adfs/Update-AdfsCertificate.md b/docset/winserver2025-ps/adfs/Update-AdfsCertificate.md new file mode 100644 index 0000000000..9e9262aa42 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Update-AdfsCertificate.md @@ -0,0 +1,147 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/update-adfscertificate?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-AdfsCertificate +--- + +# Update-AdfsCertificate + +## SYNOPSIS +Updates the certificates of AD FS. + +## SYNTAX + +``` +Update-AdfsCertificate [[-CertificateType] ] [-Urgent] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Update-AdfsCertificate** cmdlet creates new certificates for Active Directory Federation Services (AD FS). +When automatic certificate rollover is enabled and AD FS is managing the certificates that are used for signing, this update cmdlet can be used to initiate a rollover. + +## EXAMPLES + +### Example 1: Update a token-signing certificate +``` +PS C:\> Update-AdfsCertificate -CertificateType "Token-Signing" +``` + +This command updates the token-signing certificate. + +## PARAMETERS + +### -CertificateType +Specifies the type of certificate to rollover. +The acceptable values for this parameter are: + +- Token-Decrypting +- Token-Signing + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Token-Decrypting, Token-Signing + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Urgent +Indicates that the certificate rollover should happen immediately. +An urgent rollover removes older certificates immediately. +It might result in a service outage as trusts update to use the new certificates. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate + +Returns the updated ServiceCertificate object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* The *Urgent* parameter option is useful for emergency rollover situations in which a key might be compromised. + +## RELATED LINKS + +[Add-AdfsCertificate](./Add-AdfsCertificate.md) + +[Get-AdfsCertificate](./Get-AdfsCertificate.md) + +[Remove-AdfsCertificate](./Remove-AdfsCertificate.md) + +[Set-AdfsCertificate](./Set-AdfsCertificate.md) + diff --git a/docset/winserver2025-ps/adfs/Update-AdfsClaimsProviderTrust.md b/docset/winserver2025-ps/adfs/Update-AdfsClaimsProviderTrust.md new file mode 100644 index 0000000000..40bb2cc292 --- /dev/null +++ b/docset/winserver2025-ps/adfs/Update-AdfsClaimsProviderTrust.md @@ -0,0 +1,210 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/update-adfsclaimsprovidertrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-AdfsClaimsProviderTrust +--- + +# Update-AdfsClaimsProviderTrust + +## SYNOPSIS +Updates the claims provider trust from federation metadata. + +## SYNTAX + +### IdentifierObject +``` +Update-AdfsClaimsProviderTrust [-MetadataFile ] -TargetClaimsProviderTrust + [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### TokenSigningCertificates +``` +Update-AdfsClaimsProviderTrust [-MetadataFile ] -TargetCertificate [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +### Identifier +``` +Update-AdfsClaimsProviderTrust [-MetadataFile ] -TargetIdentifier [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### IdentifierName +``` +Update-AdfsClaimsProviderTrust [-MetadataFile ] -TargetName [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Update-AdfsClaimsProviderTrust** cmdlet updates the claims provider trust from federation metadata. + +## EXAMPLES + +## PARAMETERS + +### -MetadataFile +Specifies a UNC file path to a file that contains the federation metadata information for the claims provider. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetCertificate +Specifies the token-signing certificate of the claims provider trust to update. + +```yaml +Type: X509Certificate2 +Parameter Sets: TokenSigningCertificates +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetClaimsProviderTrust +Specifies the claims provider trust to update. +This value is typically taken from the pipeline. + +```yaml +Type: ClaimsProviderTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the claims provider trust to update. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the claims provider trust to update. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Security.Cryptography.X509Certificates.X509Certificate.X509Certificate2 + +X509Certificate2 objects are received by the *TargetCertificate* parameter. + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +ClaimsProviderTrust objects are received by the *TargetClaimsProviderTrust* parameter. + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust + +Returns the updated ClaimsProviderTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-AdfsClaimsProviderTrust](./Add-AdfsClaimsProviderTrust.md) + +[Disable-AdfsClaimsProviderTrust](./Disable-AdfsClaimsProviderTrust.md) + +[Enable-AdfsClaimsProviderTrust](./Enable-AdfsClaimsProviderTrust.md) + +[Get-AdfsClaimsProviderTrust](./Get-AdfsClaimsProviderTrust.md) + +[Remove-AdfsClaimsProviderTrust](./Remove-AdfsClaimsProviderTrust.md) + +[Set-AdfsClaimsProviderTrust](./Set-AdfsClaimsProviderTrust.md) + diff --git a/docset/winserver2025-ps/adfs/Update-AdfsRelyingPartyTrust.md b/docset/winserver2025-ps/adfs/Update-AdfsRelyingPartyTrust.md new file mode 100644 index 0000000000..05433c785c --- /dev/null +++ b/docset/winserver2025-ps/adfs/Update-AdfsRelyingPartyTrust.md @@ -0,0 +1,196 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.IdentityServer.Management.dll-Help.xml +Module Name: ADFS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adfs/update-adfsrelyingpartytrust?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-AdfsRelyingPartyTrust +--- + +# Update-AdfsRelyingPartyTrust + +## SYNOPSIS +Updates the relying party trust from federation metadata. + +## SYNTAX + +### Identifier +``` +Update-AdfsRelyingPartyTrust [-MetadataFile ] -TargetIdentifier [-PassThru] [-WhatIf] + [-Confirm] [] +``` + +### IdentifierObject +``` +Update-AdfsRelyingPartyTrust [-MetadataFile ] -TargetRelyingParty [-PassThru] + [-WhatIf] [-Confirm] [] +``` + +### IdentifierName +``` +Update-AdfsRelyingPartyTrust [-MetadataFile ] -TargetName [-PassThru] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Update-AdfsRelyingPartyTrust** cmdlet updates the relying party trust from the federation metadata that is available at the federation metadata URL. +The cmdlet updates claims, endpoints, and certificates. + +## EXAMPLES + +### Example 1: Update a relying party trust +``` +PS C:\> Update-ADFSRelyingPartyTrust -TargetName "FabrikamApp" +``` + +This command updates the relying party trust named FabrikamApp. + +## PARAMETERS + +### -MetadataFile +Specifies a file path in UNC format. +The file that you specify contains the federation metadata for the relying party application. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TargetIdentifier +Specifies the identifier of the relying party trust to update. + +```yaml +Type: String +Parameter Sets: Identifier +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetName +Specifies the name of the relying party trust to update. + +```yaml +Type: String +Parameter Sets: IdentifierName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -TargetRelyingParty +Specifies a **RelyingPartyTrust** object. +The cmdlet updates the relying party trust that you specify. +To obtain a **RelyingPartyTrust** object, use the **Get-AdfsRelyingPartyTrust** cmdlet. + +```yaml +Type: RelyingPartyTrust +Parameter Sets: IdentifierObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +String objects are received by the *TargetIdentifier* and *TargetName* parameters. + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +RelyingPartytrust objects are received by the *TargetRelyingParty* parameter. + +## OUTPUTS + +### Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust + +Returns the updated RelyingPartyTrust object when the *PassThru* parameter is specified. By default, this cmdlet does not generate any output. + +## NOTES +* A relying party in Active Directory Federation Services (AD FS) is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately consumed by the Web-based resources that are located in the relying party organization. When you configure AD FS in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party consumes the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server at the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party. + +## RELATED LINKS + +[Add-AdfsRelyingPartyTrust](./Add-AdfsRelyingPartyTrust.md) + +[Disable-AdfsRelyingPartyTrust](./Disable-AdfsRelyingPartyTrust.md) + +[Enable-AdfsRelyingPartyTrust](./Enable-AdfsRelyingPartyTrust.md) + +[Get-AdfsRelyingPartyTrust](./Get-AdfsRelyingPartyTrust.md) + +[Remove-AdfsRelyingPartyTrust](./Remove-AdfsRelyingPartyTrust.md) + +[Set-AdfsRelyingPartyTrust](./Set-AdfsRelyingPartyTrust.md) + diff --git a/docset/winserver2025-ps/adrms/ADRMS.md b/docset/winserver2025-ps/adrms/ADRMS.md new file mode 100644 index 0000000000..98e8fcaaba --- /dev/null +++ b/docset/winserver2025-ps/adrms/ADRMS.md @@ -0,0 +1,26 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: a127fb5d-22a6-4056-a043-b16196305cc7 +Module Name: ADRMS +ms.date: 12/20/2016 +title: ADRMS +--- + +# ADRMS Module +## Description +This topic contains brief descriptions of the Windows PowerShell cmdlets used to deploy in Windows Server 2012. Each cmdlet in the table is linked to additional information about that cmdlet. These cmdlets allow you to install, upgrade, or remove a cluster using Windows PowerShell. + +## ADRMS Cmdlets +### [Install-ADRMS](./Install-ADRMS.md) +Configures a new deployment of AD RMS Server. + +### [Uninstall-ADRMS](./Uninstall-ADRMS.md) +Removes configuration for an existing deployment of AD RMS Server. + +### [Update-ADRMS](./Update-ADRMS.md) +Updates an existing deployment of AD RMS Server. + + diff --git a/docset/winserver2025-ps/adrms/Install-ADRMS.md b/docset/winserver2025-ps/adrms/Install-ADRMS.md new file mode 100644 index 0000000000..a3bc6fea2a --- /dev/null +++ b/docset/winserver2025-ps/adrms/Install-ADRMS.md @@ -0,0 +1,160 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Configuration.dll-Help.xml +Module Name: ADRMS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrms/install-adrms?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-ADRMS +--- + +# Install-ADRMS + +## SYNOPSIS +Configures a new deployment of AD RMS Server. + +## SYNTAX + +### MainProvisioningParameterSet +``` +Install-ADRMS [-Path] [-Credential ] [-Force] [-WhatIf] [-Confirm] [] +``` + +### ADFSProvisioningParameterSet +``` +Install-ADRMS [-ADFSUrl] [-Credential ] [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Install-ADRMS** cmdlet configures the Active Directory Rights Management Services (AD RMS) server role. +Before running this cmdlet, create a Windows PowerShell drive specifying the ADRmsInstall provider and the type of installation (RootCluster, LicensingCluster, or JoinCluster) as the root, and then set properties on the containers and child items in the drive to specify the initial values for provisioning the server. + +## EXAMPLES + +### Example 1: configures AD RMS +``` +PS C:\> Install-ADRMS -Path adrmsDrive:\ +``` + +This command configures AD RMS by using configuration settings that were previously set on items in the adrmsdrive:\ drive. +For more information on using this cmdlet, see [Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806). + +### Example 2: Configure Identity Federation Support and set federation server URL +``` +PS C:\> Install-ADRMS -ADFSUrl https://sampleadfsurl.com -Force +``` + +This command configures Identity Federation Support for the AD RMS cluster and sets the federation server URL. + +## PARAMETERS + +### -ADFSUrl +Configures the AD RMS cluster to support Active Directory Federation Services (AD FS) and specifies the federation server URL. + +```yaml +Type: String +Parameter Sets: ADFSProvisioningParameterSet +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies user credentials to use for the configuration process. +If this parameter is specified, you will be prompted to enter credentials. +This parameter operates in a similar manner to the RunAs command. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces completion of the command by overriding restrictions that would prevent it from succeeding (so long as a the changes made do not compromise security). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +This parameter is required. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String +Parameter Sets: MainProvisioningParameterSet +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### string, PSCredential + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adrms/Uninstall-ADRMS.md b/docset/winserver2025-ps/adrms/Uninstall-ADRMS.md new file mode 100644 index 0000000000..5de3c4f8fc --- /dev/null +++ b/docset/winserver2025-ps/adrms/Uninstall-ADRMS.md @@ -0,0 +1,140 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Configuration.dll-Help.xml +Module Name: ADRMS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrms/uninstall-adrms?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-ADRMS +--- + +# Uninstall-ADRMS + +## SYNOPSIS +Removes configuration for an existing deployment of AD RMS Server. + +## SYNTAX + +``` +Uninstall-ADRMS [-ADFSOnly] [-Credential ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Uninstall-ADRMS** cmdlet removes configuration for the Active Directory Rights Management Services (AD RMS) server role and, if appropriate, role services that were installed with AD RMS. +To remove configuration for Identity Federation Support only, specify the *ADFSOnly* parameter. + +## EXAMPLES + +### Example 1: Remove the AD RMS configuration +``` +PS C:\> Uninstall-ADRMS -Force +``` + +This command removes the AD RMS configuration on this computer. +For more information on using this cmdlet, see [Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806). + +### Example 2: removes the Identity Federation Support configuration +``` +PS C:\> Uninstall-ADRMS -ADFSOnly -Force +``` + +This command removes the Identity Federation Support configuration on this computer. + +## PARAMETERS + +### -ADFSOnly +Removes configuration support for Active Directory Federated Services (AD FS) from this computer, but does not otherwise change the AD RMS configuration. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies user credentials to use for the configuration process. +If this parameter is specified, you will be prompted to enter credentials. +This parameter operates in a similar manner to the RunAs command. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces completion of the command by overriding restrictions that would prevent it from succeeding (so long as a the changes made do not compromise security). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### SwitchParameter, PSCredential + +## OUTPUTS + +## NOTES +* To totally remove the AD RMS role from the system, the **Remove-WindowsFeature** cmdlet must be run after this cmdlet is used. The command to do so is the `Remove-WindowsFeature ADRMS -IncludeManagementTools` command. + +## RELATED LINKS + +[Install-ADRMS](./Install-ADRMS.md) + +[Update-ADRMS](./Update-ADRMS.md) + diff --git a/docset/winserver2025-ps/adrms/Update-ADRMS.md b/docset/winserver2025-ps/adrms/Update-ADRMS.md new file mode 100644 index 0000000000..fe362dc4dd --- /dev/null +++ b/docset/winserver2025-ps/adrms/Update-ADRMS.md @@ -0,0 +1,190 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Configuration.dll-Help.xml +Module Name: ADRMS +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrms/update-adrms?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-ADRMS +--- + +# Update-ADRMS + +## SYNOPSIS +Updates an existing deployment of AD RMS Server. + +## SYNTAX + +``` +Update-ADRMS [-ServiceAccount] [[-PrivateKeyPassword] ] [[-NewCspName] ] + [-UpdateCryptographicModeOnly] [-Credential ] [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Update-ADRMS** cmdlet updates the Active Directory Rights Management Services (AD RMS) server role on a server that has been upgraded to this version of Windows. +The cmdlet can also be used to update the AD RMS cryptographic mode on a server. + +## EXAMPLES + +### Example 1: Upgrade an AD RMS server +``` +PS C:\> $mySecureStringPassword = ConvertTo-SecureString -String -AsPlainText -Force +PS C:\> $myCred = Get-Credential +PS C:\> Update-ADRMS -PrivateKeyPassword $mySecureStringPassword -ServiceAccount $myCred +``` + +This example upgrades an AD RMS server and cluster that is using a cluster key password. +The password must be specified securely as console input. +The **Get-Credential** cmdlet will launch a popup dialog to enter the AD RMS Service Account credentials (username and password) that are also required to upgrade AD RMS. + +### Example 2: Upgrade an AD RMS server to cryptographic mode 2 +``` +PS C:\> $myCred = Get-Credential +PS C:\> Update-ADRMS -UpdateCryptographicModeOnly -ServiceAccount $myCred +``` + +This example updates an AD RMS server that is using a cluster key password to cryptographic mode 2. +The **Get-Credential** command will launch a popup dialog to enter the AD RMS Service Account credentials (username and password) which are required for this update. +The cluster key password is not required; but if the server is using CSP key storage, the *NewCspName* parameter must be included. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies user credentials to use for the update process. +If this parameter is specified, you will be prompted to enter credentials. +This parameter operates in a similar manner to the RunAs command. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces completion of the command by overriding restrictions that would prevent it from succeeding (so long as a the changes made do not compromise security). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewCspName +Specifies the new name of the cryptographic service provider (CSP) to use for storing the private key of the AD RMS server. +This parameter is used in combination with the *UpdateCryptographicMode* parameter for AD RMS servers that are using CSP key storage. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrivateKeyPassword +Specifies the password for the AD RMS centrally managed key. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceAccount +Specifies the identity of the domain account that is used for the AD RMS service account. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UpdateCryptographicModeOnly +Indicates that only the cryptographic mode of the server is to be updated. +To update the cryptographic mode of an AD RMS server, you must be logged in with an account that has membership in the local AD RMS Enterprise Administrators Group on that server. +If the AD RMS server is using CSP key storage, the *NewCspName* parameter should also be specified. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### SwitchParameter, string, PSCredential, SecureString + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/adrmsadmin/ADRMSAdmin.md b/docset/winserver2025-ps/adrmsadmin/ADRMSAdmin.md new file mode 100644 index 0000000000..7da2ad3edb --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/ADRMSAdmin.md @@ -0,0 +1,80 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.1.1 +Locale: en-US +Module Guid: beb3db13-eed6-4f7b-8420-079e395b58f9 +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +title: ADRMSAdmin +--- + +# ADRMSAdmin Module +## Description +This topic contains brief descriptions of the Windows PowerShell cmdlets that are for use in administering Active Directory Rights Management Services (AD RMS) in Windows Server 2016. Each cmdlet in the table is linked to additional information about that cmdlet. These cmdlets give you the ability to administer an AD RMS cluster using PowerShell. + +## ADRMSAdmin Cmdlets +### [Export-RmsReportDefinitionLanguage](./Export-RmsReportDefinitionLanguage.md) +Exports all report definition (.rdl) files. + +### [Export-RmsTPD](./Export-RmsTPD.md) +Exports a TPD in AD RMS. + +### [Export-RmsTUD](./Export-RmsTUD.md) +Exports a TUD. + +### [Get-RmsCertChain](./Get-RmsCertChain.md) +Generates a report about the certificate chain of a particular user request for the AD RMS cluster. + +### [Get-RmsCertInfo](./Get-RmsCertInfo.md) +Generates a report about a certificate used in a user request for the AD RMS cluster. + +### [Get-RmsChildCert](./Get-RmsChildCert.md) +Returns all child certificates from a parent certificate used in a user request for the AD RMS cluster. + +### [Get-RmsEncryptedIL](./Get-RmsEncryptedIL.md) +Returns use-license information from an issuance license used in a user request for the Active Directory Rights Management Services (AD RMS) cluster. + +### [Get-RmsRequestInfo](./Get-RmsRequestInfo.md) +Generates a report about a particular user request for the AD RMS cluster. + +### [Get-RmsSvcAccount](./Get-RmsSvcAccount.md) +Gets service account credentials for an Active Directory Rights Management Services (AD RMS) cluster. + +### [Get-RmsSystemHealthReport](./Get-RmsSystemHealthReport.md) +Generates a system health report of the Active Directory Rights Management Services (AD RMS) cluster. + +### [Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) +Generates a user requests statistical report for the AD RMS cluster. + +### [Import-RmsTPD](./Import-RmsTPD.md) +Imports a TPD from a file in AD RMS. + +### [Import-RmsTUD](./Import-RmsTUD.md) +Imports a TUD from a file in AD RMS or specifies to trust Microsoft account IDs. + +### [Initialize-RmsCryptoMode2](./Initialize-RmsCryptoMode2.md) +Prepares an AD RMS server for transitioning to Cryptographic Mode 2. + +### [Install-RmsMfgEnrollment](./Install-RmsMfgEnrollment.md) +Enrolls an AD RMS server with Microsoft Federation Gateway. + +### [Install-RmsMfgSupport](./Install-RmsMfgSupport.md) +Adds Microsoft Federation Gateway support to an AD RMS server. + +### [Set-RmsSvcAccount](./Set-RmsSvcAccount.md) +Sets the service account for an AD RMS cluster. + +### [Uninstall-RmsMfgEnrollment](./Uninstall-RmsMfgEnrollment.md) +Terminates the enrollment of an AD RMS server with the Microsoft Federation Gateway. + +### [Uninstall-RmsMfgSupport](./Uninstall-RmsMfgSupport.md) +Removes Microsoft Federation Gateway support from an AD RMS server. + +### [Update-RmsCluster](./Update-RmsCluster.md) +Updates the AD RMS cluster information. + +### [Update-RmsMfgEnrollment](./Update-RmsMfgEnrollment.md) +Updates enrollment information for an AD RMS server enrolled with the Microsoft Federation Gateway service. + + diff --git a/docset/winserver2025-ps/adrmsadmin/Export-RmsReportDefinitionLanguage.md b/docset/winserver2025-ps/adrmsadmin/Export-RmsReportDefinitionLanguage.md new file mode 100644 index 0000000000..f756353f8c --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Export-RmsReportDefinitionLanguage.md @@ -0,0 +1,147 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/export-rmsreportdefinitionlanguage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-RmsReportDefinitionLanguage +--- + +# Export-RmsReportDefinitionLanguage + +## SYNOPSIS +Exports all report definition (.rdl) files. + +## SYNTAX + +``` +Export-RmsReportDefinitionLanguage [-ExportLocation] [-Force] [-Path] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Export-RmsReportDefinitionLanguage** cmdlet exports the following report definition (.rdl) files for this version of Active Directory Rights Management Services (AD RMS): + +- Report_Health_MultiReport.rdl +- Report_TroubleShooting_UserRequestSummary.rdl +- Report_TroubleShooting_UserRequestTypeList.rdl +- Report_TroubleShooting_UserRequestDetail.rdl +- Report_TroubleShooting_UserRequestCertificateInfo.rdl +- Report_TroubleShooting_AllILsFromCLC.rdl.rdl +- Report_TroubleShooting_AllEULsFromIssuanceLicense.rdl + +This cmdlet does not export the Report_TroubleShooting_DecryptILRightsLabel.rdl file. +This file cannot be used by the SQL Server report service because it requires a private key. + +To export the report definition files, specify the *ExportLocation* where you want to save the files, and set the *Path* parameter to the AD RMS provider drive subdirectory `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +## EXAMPLES + +### Example 1: Export report definition files +``` +PS C:\> Export-RmsReportDefinitionLanguage -Path "." -ExportLocation "c:\temp\" +``` + +This command exports the report definition files to the directory C:\temp\. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExportLocation +Specifies the path of the exported file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding if the restrictions do not compromise security. +For example, *Force* overrides the read-only attribute or creates directories to complete a file path, but it does not attempt to change file permissions. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsSystemHealthReport](./Get-RmsSystemHealthReport.md) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Export-RmsTPD.md b/docset/winserver2025-ps/adrmsadmin/Export-RmsTPD.md new file mode 100644 index 0000000000..e80abc4285 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Export-RmsTPD.md @@ -0,0 +1,188 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/export-rmstpd?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-RmsTPD +--- + +# Export-RmsTPD + +## SYNOPSIS +Exports a TPD in AD RMS. + +## SYNTAX + +``` +Export-RmsTPD [-SavedFile] [-Password] [-V1Compatible] [-Force] [-Path] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Export-RmsTPD** cmdlet exports a trusted publishing domain (TPD) in Active Directory Rights Management Services (AD RMS) to a file. + +To perform the export, set the *SavedFilePath* parameter to the export file path, and then set the *Path* parameter to the AD RMS provider path `:\TrustPolicy\TrustedPublishingDomain\` where `` is the provider drive ID and `` is the ID of the TPD that you want to export. + +## EXAMPLES + +### Example 1: Export a TPD by ID +``` +PS C:\> Export-RmsTPD -Path ".\100" -SavedFile "c:\temp\test.xml" +``` + +This command exports the TPD with the ID of 100 to the file C:\temp\test.xml. +Because the *Password* parameter is not specified, the command prompts for the password. + +### Example 2: Read a password and use it to export a TPD +``` +PS C:\> $pswd = Read-Host -AsSecureString +PS C:\> Export-RmsTPD -Path "100" -SavedFile "c:\temp\test.xml" -Password $pswd +``` + +The first command prompts for a password and saves it in the variable $pswd. +The variable is then passed to the **Export-RmsTPD** command as the *Password* parameter. +Note that the **Export-RmsTPD** command prompts for a confirmation password that must match the password stored in the $pswd variable. + +### Example 3: Export a TPD without prompting for the password +``` +PS C:\> $pswd=Read-Host -AsSecureString +PS C:\> Export-RmsTPD -Path "100" -SavedFile "c:\temp\test.xml" -Password $pswd -Force +``` + +The first command prompts for a password and saves it in the variable $pswd. +The variable is then passed to the **Export-RmsTPD** command as the *Password* parameter. +Because the *Force* parameter is specified, the **Export-RmsTPD** command does not prompt for a confirmation password. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding if the restrictions do not compromise security. +For example, *Force* overrides the read-only attribute or creates directories to complete a file path, but it does not attempt to change file permissions. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Password +Specifies a password as a **SecureString** object. +To create a **SecureString** object that contains a password, use the Read-Host cmdlet and specify the *AsSecureString* parameter. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SavedFile +Specifies the full path and filename of the file that receives the exported content. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -V1Compatible +Allows the trusted publishing domain to be imported to Windows Rights Management Services (RMS) 1.0. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Export-RmsTUD](./Export-RmsTUD.md) + +[Import-RmsTPD](./Import-RmsTPD.md) + +[Import-RmsTUD](./Import-RmsTUD.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Export-RmsTUD.md b/docset/winserver2025-ps/adrmsadmin/Export-RmsTUD.md new file mode 100644 index 0000000000..ad18e3c733 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Export-RmsTUD.md @@ -0,0 +1,135 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/export-rmstud?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Export-RmsTUD +--- + +# Export-RmsTUD + +## SYNOPSIS +Exports a TUD. + +## SYNTAX + +``` +Export-RmsTUD [-SavedFile] [-Force] [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Export-RmsTUD** cmdlet exports the internal enterprise trusted user domain (TUD) in Active Directory Rights Management Services (AD RMS) to a file. + +To perform the export, set the *SavedFilePath* parameter to the export file path, and then set the *Path* parameter to the AD RMS provider subpath `:\TrustPolicy\TrustedUserDomain\` where `` is the provider drive ID and `` is the ID of the internal TUD. + +## EXAMPLES + +### Example 1: Export a TUD by ID +``` +PS C:\> Export-RmsTuD -Path ".\100" -SavedFile "c:\temp\test.xml" +``` + +This command exports the TUD with the ID of 100 to the file c:\temp\test.xml. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding if the restrictions do not compromise security. +For example, *Force* overrides the read-only attribute or creates directories to complete a file path, but it does not attempt to change file permissions. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SavedFile +Specifies the full path and filename of the file that receives the exported content. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Export-RmsTPD](./Export-RmsTPD.md) + +[Import-RmsTPD](./Import-RmsTPD.md) + +[Import-RmsTUD](./Import-RmsTUD.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsCertChain.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsCertChain.md new file mode 100644 index 0000000000..7ab18d2342 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsCertChain.md @@ -0,0 +1,130 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmscertchain?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsCertChain +--- + +# Get-RmsCertChain + +## SYNOPSIS +Generates a report about the certificate chain of a particular user request for the AD RMS cluster. + +## SYNTAX + +``` +Get-RmsCertChain -RequestId [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsCertChain** cmdlet generates a report about the certificate chain of a particular user request on the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain the report, specify the RequestID of the user request for which you want a report and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +Use the **Get-RmsUserRequestReport** cmdlet to obtain the RequestID of the user request for which you want a certificate chain report. + +## EXAMPLES + +### Example 1: Get a certificate chain by ID +``` +PS C:\> Get-RmsCertChain -Path "." -RequestId 100 +``` + +This command displays the certification chain of the request with the ID of 100. + +### Example 2: Pass in a user request ID to get its certificate chain +``` +PS C:\> Get-RmsUserRequestReport -Path "." -RequestType GetClientLicensorCertificate -UserId 1 | Get-RmsCertChain -Path "." +``` + +This command uses the **Get-RmsUserRequestReport** cmdlet to retrieve the ID of a user request and then pipes the ID to the **Get-RmsCertChain** cmdlet to display the certificate chain of the request. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestId +Specifies the unique internal ID of a user request. + +```yaml +Type: Int64 +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsCertInfo](./Get-RmsCertInfo.md) + +[Get-RmsChildCert](./Get-RmsChildCert.md) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsCertInfo.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsCertInfo.md new file mode 100644 index 0000000000..eed2fe3e8f --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsCertInfo.md @@ -0,0 +1,133 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmscertinfo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsCertInfo +--- + +# Get-RmsCertInfo + +## SYNOPSIS +Generates a report about a certificate used in a user request for the AD RMS cluster. + +## SYNTAX + +``` +Get-RmsCertInfo -CertificateId [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsCertInfo** cmdlet generates a report about a certificate used in a user request on the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain the report, specify the CertificateID of the certificate for which you want a report and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +Use the **Get-RmsCertChain** cmdlet to obtain the *CertificateID* of the certificate for which you want a report. +The *CertificateID* value returned is valid only for the cluster identified by the *Path* parameter of **Get-RmsCertChain**. +You cannot use a *CertificateID* to identify the same certificate in different clusters. + +## EXAMPLES + +### Example 1: Get a certificate report +``` +PS C:\> Get-RmsCertInfo -Path "." -CertificateId "sH+lchPGEP9IKIajmnw5QGUqOl4=" +``` + +This command displays detailed information for a particular certificate. + +### Example 2: Pass a certificate and get a report for it +``` +PS C:\> $certs= Get-RmsCertChain -Path "." -RequestId 2 | Where {$_.CertificateType -eq 'DRM-CA-Certificate'} +PS C:\> $certs[0] | Get-RmsCertInfo -Path "." +``` + +This command stores filtered results of the **Get-RmsCertChain** cmdlet in a variable and then pipes the first certificate in the array to the **Get-RmsCertInfo** cmdlet to display details about that certificate. + +## PARAMETERS + +### -CertificateId +Specifies a unique internal certificate ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsCertChain](./Get-RmsCertChain.md) + +[Get-RmsChildCert](./Get-RmsChildCert.md) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsChildCert.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsChildCert.md new file mode 100644 index 0000000000..05b011e8cb --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsChildCert.md @@ -0,0 +1,216 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmschildcert?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsChildCert +--- + +# Get-RmsChildCert + +## SYNOPSIS +Returns all child certificates from a parent certificate used in a user request for the AD RMS cluster. + +## SYNTAX + +``` +Get-RmsChildCert [-StartTime ] [-EndTime ] -ParentCertId -ParentCertType + [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsChildCert** cmdlet returns all issuance licenses from a parent client licensor certificate (CLC) or all end-user licenses (EULs) from a parent issuance license used in a user request on the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain licenses, specify the *ParentCertID* and *ParentCertType* of the parent certificate for which you want to retrieve child certificates and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +Use the **Get-RmsCertChain** cmdlet to obtain the *ParentCertID* and the *ParentCertType* of the certificate for which you to retrieve child certificates. +The *ParentCertID* value returned is valid only for the cluster identified by the *Path* parameter of **Get-RmsCertChain**. +You cannot use a *ParentCertID* to identify the same certificate in different clusters. + +## EXAMPLES + +### Example 1: Get all child certificates for a parent +``` +PS C:\> Get-RmsChildCert -Path "." -ParentCertId "8AGI9GoWuobJDsTmr/CUHTCEpsI=" -ParentCertType CLC +``` + +This command returns all child certificates from a parent client licensor certificate. + +### Example 2: Pass a certificate ID and get all child certificates +``` +PS C:\> $parentCert = Get-RmsCertChain -Path "." -RequestID 3 | Where {$_.CertificateType -eq 'Client-Licensor-Certificate'} +PS C:\> Get-RmsChildCert -Path "." -ParentCertId $parentCert.CertificateID -ParentCertType $parentCert.CertificateType +``` + +This command stores a certificate obtained from the **Get-RmsCertChain** cmdlet in a variable and then uses that variable to pass the certificate ID and type to the **Get-RmsChildCert** cmdlet to return child certificates. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EndTime +Specifies the end of a time period for a system health report. +This parameter specifies a time value. +See the description of the StartTime parameter for information on specifying a time. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -ParentCertId +Specifies the parent certificate for which child certificates are to be returned. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -ParentCertType +Specifies the type of parent certificate for which child certificates are to be returned. +Possible values for this parameter are Client-Licensor-Certificate (or CLC) or Issuance-License (or IL). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: CLC, Client-Licensor-Certificate, IL, Issuance-License + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +This parameter is required. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartTime +Specifies the beginning of a time period. +This parameter specifies a time value. + +The following examples show commonly-used syntax to specify a time. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +`4/17/2006` + +`Monday, April 17, 2006` + +`2:22:45 PM` + +`Monday, April 17, 2006 2:22:45 PM` + +These examples specify the same date and the time without the seconds. + +`4/17/2006 2:22 PM` + +`Monday, April 17, 2006 2:22 PM` + +`2:22 PM` + +The following example shows how to specify a date and time by using the RFC1123 standard. +This example defines time by using Greenwich Mean Time (GMT). + +`Mon, 17 Apr 2006 21:22:48 GMT` + +The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). +This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. + +`2000-04-17T14:22:48.0000000` + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsCertChain](./Get-RmsCertChain.md) + +[Get-RmsCertInfo](./Get-RmsCertInfo.md) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsEncryptedIL.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsEncryptedIL.md new file mode 100644 index 0000000000..66b40e26d2 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsEncryptedIL.md @@ -0,0 +1,130 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmsencryptedil?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsEncryptedIL +--- + +# Get-RmsEncryptedIL + +## SYNOPSIS +Returns use-license information from an issuance license used in a user request for the Active Directory Rights Management Services (AD RMS) cluster. + +## SYNTAX + +``` +Get-RmsEncryptedIL -ILCertificateId [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsEncryptedIL** cmdlet generates a report containing information about an issuance license used in a user request on the Active Directory Rights Management Services (AD RMS) cluster. +You must be logged in as an Enterprise Administrator to use this cmdlet. + +To obtain licenses, specify the ILCertificateID of the certificate for which you want to obtain use-license information and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +Use the **Get-RmsCertChain** cmdlet to obtain the *ILCertificateID* of the certificate for which you want to obtain use-license information. +The *ILCertificateID* value returned is valid only for the cluster identified by the *Path* parameter of **Get-RmsCertChain**. +You cannot use an *ILCertificateID* to identify the same certificate in different clusters. + +## EXAMPLES + +### Example 1: Get use-license information +``` +PS C:\> Get-RmsEncryptedIL -Path "." -ILCertificateId "YJ3HGsG/ADg3rLm5LwWGgpAJmz4=" | Out-File -FilePath "C:\temp\RightsPolicyData.xml" +``` + +This command returns use-license information from an issuance license and saves the results in a file. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ILCertificateId +Specifies the issuance license certificate hash ID. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsCertChain](./Get-RmsCertChain.md) + +[Get-RmsCertInfo](./Get-RmsCertInfo.md) + +[Get-RmsChildCert](./Get-RmsChildCert.md) + +[Get-RmsRequestInfo](./Get-RmsRequestInfo.md) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsRequestInfo.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsRequestInfo.md new file mode 100644 index 0000000000..60dfd1a28a --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsRequestInfo.md @@ -0,0 +1,127 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmsrequestinfo?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsRequestInfo +--- + +# Get-RmsRequestInfo + +## SYNOPSIS +Generates a report about a particular user request for the AD RMS cluster. + +## SYNTAX + +``` +Get-RmsRequestInfo -RequestId [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsRequestInfo** cmdlet generates a report about a specified user request on the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain the report, specify the *RequestID* of the user request for which you want a report and then set the *Path* parameter to the AD RMS provider drive subpath `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +Use the **Get-RmsUserRequestReport** cmdlet to obtain the *RequestID* of the user request for which you want a detailed report. + +## EXAMPLES + +### Example 1: Get a specified user request +``` +PS C:\> Get-RmsRequestInfo -Path "." -RequestID 1000 +``` + +This command displays information about a particular user request. + +### Example 2: Get a user request by type +``` +PS C:\> Get-RmsUserRequestReport -Path "." -RequestType AcquireLicense -UserID 1 | Get-RmsRequestInfo -Path "." +``` + +This command displays detailed information about a user's request to acquire a license. +The **Get-RmsUserRequestReport** cmdlet retrieves the user's license request and then pipes the results to the **Get-RmsRequestInfo** cmdlet to display the details of the request. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestId +Specifies the unique internal ID of a user request. + +```yaml +Type: Int64 +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsSvcAccount.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsSvcAccount.md new file mode 100644 index 0000000000..cdf318ea51 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsSvcAccount.md @@ -0,0 +1,102 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmssvcaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsSvcAccount +--- + +# Get-RmsSvcAccount + +## SYNOPSIS +Gets service account credentials for an Active Directory Rights Management Services (AD RMS) cluster. + +## SYNTAX + +``` +Get-RmsSvcAccount [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsSvcAccount** cmdlet gets service account credentials for an Active Directory Rights Management Services (AD RMS) cluster. + +To get the service account credentials, set the *Path* parameter to `:\` where `` is the drive ID of the provider drive associated with AD RMS cluster. + +## EXAMPLES + +### Example 1: Get the service account +``` +PS C:\> Get-RmsSvcAccount -Path "." +``` + +This command displays the AD RMS service account. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Management.Automation.PSCredential + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Set-RmsSvcAccount](./Set-RmsSvcAccount.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsSystemHealthReport.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsSystemHealthReport.md new file mode 100644 index 0000000000..da6d10e263 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsSystemHealthReport.md @@ -0,0 +1,267 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmssystemhealthreport?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsSystemHealthReport +--- + +# Get-RmsSystemHealthReport + +## SYNOPSIS +Generates a system health report of the Active Directory Rights Management Services (AD RMS) cluster. + +## SYNTAX + +``` +Get-RmsSystemHealthReport [-StartTime ] [-EndTime ] [-ServerName ] + [-RequestType ] [-DomainName ] [-UserName ] -ReportType + [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsSystemHealthReport** cmdlet generates a report that contains information about the overall health of the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain the report, set the parameters for the type of report you want and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. + +The cmdlet generates a summary report for the specified ReportType unless you specify *RequestType*, *ServerName*, *DomainName*, or *UserName*. + +## EXAMPLES + +### Example 1: Get a report for requests +``` +PS C:\> Get-RmsSystemHealthReport -Path "." -ReportType Request +``` + +This command displays a summary report of requests processed by the AD RMS cluster. + +### Example 2: Get a report of user activity +``` +PS C:\> Get-RmsSystemHealthReport -Path "." -StartTime 12/1/2008 -EndTime 12/31/2008 -ReportType User +``` + +This command displays a summary report of user activity during calendar year 2008. + +### Example 3: Get a report of users in a domain +``` +PS C:\> Get-RmsSystemHealthReport -Path "." -ReportType User -DomainName "Research" +``` + +This command displays a summary report of requests by all users in the Research domain. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DomainName +Specifies the domain name of the e-mail of the user. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -EndTime +Specifies the end of a time period for a system health report. +This parameter specifies a time value. +See the description of the *StartTime* parameter for information on specifying a time. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +This parameter is required. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportType +Specifies the type of report. +The acceptable values for this parameter are: + +- Server +- Request +- Domain +- User + +```yaml +Type: ReportType +Parameter Sets: (All) +Aliases: +Accepted values: Server, Request, Domain, User + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -RequestType +Specifies the type of user request, such as Acquire License, Pre-Certify, and Get Client Licensor Certificate. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -ServerName +Specifies the name of the server for which you are requesting the health report. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -StartTime +Specifies the beginning of a time period. +This parameter specifies a time value. + +The following examples show commonly-used syntax to specify a time. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +`4/17/2006` + +`Monday, April 17, 2006` + +`2:22:45 PM` + +`Monday, April 17, 2006 2:22:45 PM` + +These examples specify the same date and the time without the seconds. + +`4/17/2006 2:22 PM` + +`Monday, April 17, 2006 2:22 PM` + +`2:22 PM` + +The following example shows how to specify a date and time by using the RFC1123 standard. +This example defines time by using Greenwich Mean Time (GMT). + +`Mon, 17 Apr 2006 21:22:48 GMT` + +The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). +This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. + +`2000-04-17T14:22:48.0000000` + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -UserName +Specifies the user name for which you are requesting a system health report. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsUserRequestReport](./Get-RmsUserRequestReport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Get-RmsUserRequestReport.md b/docset/winserver2025-ps/adrmsadmin/Get-RmsUserRequestReport.md new file mode 100644 index 0000000000..43b105f45b --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Get-RmsUserRequestReport.md @@ -0,0 +1,221 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/get-rmsuserrequestreport?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-RmsUserRequestReport +--- + +# Get-RmsUserRequestReport + +## SYNOPSIS +Generates a user requests statistical report for the AD RMS cluster. + +## SYNTAX + +``` +Get-RmsUserRequestReport [-StartTime ] [-EndTime ] [-UserName ] + [-RequestType ] [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-RmsUserRequestReport** cmdlet generates a report that contains statistics about the request activity of a single user on the Active Directory Rights Management Services (AD RMS) cluster. + +To obtain the report, specify the *UserName* of the user for which you want a report and then set the *Path* parameter to the AD RMS provider drive path `:\`Report where `` is the provider drive ID. +You can also specify a relative path. +For example, a dot (.) specifies the current location. +This returns a UserId and applicable request types that you can then use with the cmdlet to produce a more detailed report. + +The UserID value returned for a particular *UserName* is valid only for the cluster identified by the *Path* parameter specified when the UserID value was returned. +You cannot use the UserID to identify the same user in different clusters. + +## EXAMPLES + +### Example 1: Get a request report for a user +``` +PS C:\> Get-RmsUserRequestReport -Path "." -UserName "CONTOSO\PFuller" +``` + +This command displays a summary report of the requests from the user PFuller of the Contoso domain. + +### Example 2: Get an AcquireLicense request report for a user +``` +PS C:\> Get-RmsUserRequestReport -Path "." -StartTime 2/1/2009 -EndTime 2/28/2009 -UserName "CONTOSO\PFuller" -RequestType "AcquireLicense" +``` + +This command displays the request by a specified user to acquire a license. + +### Example 3: Get a user request report and display its information +``` +PS C:\> Get-RmsUserRequestReport -Path "." -RequestType "AcquireLicense" -UserName "CONTOSO\PFuller" | Get-RmsRequestInfo -Path "." +``` + +This command displays detailed information about a user's request to acquire a license. +The **Get-RmsUserRequestReport** cmdlet retrieves the user's license request and then pipes the results to the **Get-RmsRequestInfo** cmdlet to display the details of the request. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EndTime +Specifies the end of a time period for a system health report. +This parameter specifies a time value. +See the description of the *StartTime* parameter for information on specifying a time. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +This parameter is required. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequestType +Specifies the type of user request, such as Acquire License, Pre-Certify, and Get Client Licensor Certificate. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -StartTime +Specifies the beginning of a time period. +This parameter specifies a time value. + +The following examples show commonly-used syntax to specify a time. +Time is assumed to be local time unless otherwise specified. +When a time value is not specified, the time is assumed to 12:00:00 AM local time. +When a date is not specified, the date is assumed to be the current date. + +`4/17/2006` + +`Monday, April 17, 2006` + +`2:22:45 PM` + +`Monday, April 17, 2006 2:22:45 PM` + +These examples specify the same date and the time without the seconds. + +`4/17/2006 2:22 PM` + +`Monday, April 17, 2006 2:22 PM` + +`2:22 PM` + +The following example shows how to specify a date and time by using the RFC1123 standard. +This example defines time by using Greenwich Mean Time (GMT). + +`Mon, 17 Apr 2006 21:22:48 GMT` + +The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). +This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. + +`2000-04-17T14:22:48.0000000` + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -UserName +Specifies the user for which you are requesting a user request report, in the format \\\\. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsCertChain](./Get-RmsCertChain.md) + +[Get-RmsCertInfo](./Get-RmsCertInfo.md) + +[Get-RmsRequestInfo](./Get-RmsRequestInfo.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Import-RmsTPD.md b/docset/winserver2025-ps/adrmsadmin/Import-RmsTPD.md new file mode 100644 index 0000000000..40b5183120 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Import-RmsTPD.md @@ -0,0 +1,189 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/import-rmstpd?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Import-RmsTPD +--- + +# Import-RmsTPD + +## SYNOPSIS +Imports a TPD from a file in AD RMS. + +## SYNTAX + +``` +Import-RmsTPD [-DisplayName] [-SourceFile] [-Password] [-Force] [-PassThru] + [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Import-RmsTPD** cmdlet imports a trusted publishing domain (TPD) from a file in Active Directory Rights Management Services (AD RMS). + +To perform the import, specify the *DisplayName*, *SourceFile* and *Password* parameters, and then set the *Path* parameter to the AD RMS provider drive path `:\TrustPolicy\TrustedPublishingDomain` where `` is the provider drive ID. + +## EXAMPLES + +### Example 1: Import a TPD and assign it a name +``` +PS C:\> Import-RmsTPD -Path "." -DisplayName "Fabrikam" -SourceFile "c:\transfer\fabrikam.xml" +``` + +This command imports the TPD information stored in the specified file and assigns the name Fabrikam to the TPD. +Because the *Password* parameter is not specified, the **Import-RmsTPD** cmdlet prompts for the domain password. + +### Example 2: Read a password and use it to import a TPD +``` +PS C:\> $pswd = Read-Host -Prompt "Password:" -AsSecureString +PS C:\> Import-RmsTPD -Path "." -DisplayName "Fabrikam" -SourceFile "c:\transfer\fabrikam.xml" -Password $pswd +``` + +This command uses the **Read-Host** cmdlet to prompt the user for a password and then stores the password in a variable that is passed to the **Import-RmsTPD** cmdlet. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the name that will be used to identify the domain being imported. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding, just so the changes do not compromise security. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Passes the object created by this cmdlet through the pipeline. +By default, this cmdlet does not pass any objects through the pipeline. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Password +Specifies a password as a **SecureString** object. +To create a **SecureString** object that contains a password, use the Read-Host cmdlet and specify the *AsSecureString* parameter. + +```yaml +Type: SecureString +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceFile +Specifies the path to the file that contains the domain information to import. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.RightsManagementServices.PowerShell.TrustedPublishingDomainImportedItem + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Export-RmsTPD](./Export-RmsTPD.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Import-RmsTUD.md b/docset/winserver2025-ps/adrmsadmin/Import-RmsTUD.md new file mode 100644 index 0000000000..8575ece1ca --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Import-RmsTUD.md @@ -0,0 +1,195 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/import-rmstud?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Import-RmsTUD +--- + +# Import-RmsTUD + +## SYNOPSIS +Imports a TUD from a file in AD RMS or specifies to trust Microsoft account IDs. + +## SYNTAX + +### EnterpriseTUD (Default) +``` +Import-RmsTUD [-DisplayName] [-SourceFile] [-TrustADFederatedUser] [-PassThru] + [-Path] [-WhatIf] [-Confirm] [] +``` + +### WindowsLiveID +``` +Import-RmsTUD [-WindowsLiveId] [-PassThru] [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Import-RmsTUD** cmdlet imports an enterprise trusted user domain (TUD) from a file in Active Directory Rights Management Services (AD RMS) or it specifies to trust a Microsoft account ID. + +To perform the import of enterprise TUDs, specify the *DisplayName* and *SourceFile* parameters and set the *Path* parameter to the AD RMS provider drive folder `:\TrustPolicy\TrustedUserDomain` where `` is the provider drive ID. + +To trust a Microsoft account ID, specify the *WindowsLiveID* parameter, and set the *Path* parameter to the AD RMS provider drive folder `:\TrustPolicy\TrustedUserDomain`. + +## EXAMPLES + +### Example 1: Import a TUD and assign it a name +``` +PS C:\> Import-TUD -Path "." -DisplayName "Fabrikam" -SourceFile "c:\transfer\fabrikam.xml" +``` + +This command imports the TUD information stored in the specified file and assigns the name Fabrikam to the TUD. + +### Example 2: Configure a TUD to trust Microsoft account IDs +``` +PS C:\> Import-RmsTUD -Path "." -WindowsLiveId +``` + +This command configures the AD RMS cluster to trust Microsoft account IDs. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies the name that will be used to identify the domain being imported. + +```yaml +Type: String +Parameter Sets: EnterpriseTUD +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +This parameter is required. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SourceFile +Specifies the path to the file that contains the domain information to import. + +```yaml +Type: String +Parameter Sets: EnterpriseTUD +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TrustADFederatedUser +Specifies to trust Active Directory Federation Services (ADFS) users. + +```yaml +Type: SwitchParameter +Parameter Sets: EnterpriseTUD +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowsLiveId +Indicates to trust Microsoft account IDs. + +```yaml +Type: SwitchParameter +Parameter Sets: WindowsLiveID +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.RightsManagementServices.PowerShell.TrustedUserDomainImportedItem + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Export-RmsTUD](./Export-RmsTUD.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Initialize-RmsCryptoMode2.md b/docset/winserver2025-ps/adrmsadmin/Initialize-RmsCryptoMode2.md new file mode 100644 index 0000000000..2ef1b07b1f --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Initialize-RmsCryptoMode2.md @@ -0,0 +1,188 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/initialize-rmscryptomode2?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Initialize-RmsCryptoMode2 +--- + +# Initialize-RmsCryptoMode2 + +## SYNOPSIS +Prepares an AD RMS server for transitioning to Cryptographic Mode 2. + +## SYNTAX + +``` +Initialize-RmsCryptoMode2 -FilePath [-CspName ] [-Regenerate] [-Force] [-Path] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Initialize-RmsCryptoMode2** cmdlet prepares an Active Directory Rights Management Services (AD RMS) server for transitioning to Cryptographic Mode 2. + +Cryptographic Mode 2 is an updated and enhanced AD RMS cryptographic implementation. +It supports 2048-bit RSA encryption and 256-bit length keys using the SHA-2 hashing algorithm (SHA-2/SHA-256) standards. + +While this cmdlet is useful for performing the initial steps required in transitioning an AD RMS deployment to Cryptographic Mode 2, additional tasks are required. +First, all client computers in the AD RMS cluster environment must be patched to support this updated and enhanced mode. +Depending on your deployment configuration, you may need to update some or all servers. +When all computers are updated, as the final transition task to Cryptographic Mode 2, you can run the **Update-ADRMS** cmdlet with the *UpdateCryptographicModeOnly* parameter specified to effectively switch the cluster to using mode 2 instead of mode 1. + +## EXAMPLES + +### Example 1: Export the SLC +``` +PS C:\> Initialize-RmsCryptoMode2 -Path "." -FilePath "c:\test.tud" +``` + +This command exports the server licensor certificate (SLC) for the current AD RMS server to the trusted user domain c:\test.tud for a server that uses centrally managed keys. + +### Example 2: Force regeneration of cryptographic mode 2 keys +``` +PS C:\> Initialize-RmsCryptoMode2 -Path "." -FilePath "c:\test2.tud" -Regenerate + +Initialize cryptographic mode 2 + +This will regenerate the cryptographic mode 2 key pair. Are you sure you want to continue? + +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): +``` + +This command forces regeneration of the cryptographic mode 2 keys. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CspName +Specifies the name of the cryptographic service provider (CSP) to use for generating the mode 2 TUD when this cmdlet is executed. +This CSP must be of the type PROV_RSA_AES to support mode 2 operation (in contrast to mode 1 keys which use the CSP type PROV_RSA_FULL). + +The *CspName* parameter is for CSP-based installs only. +If a CSP name is specified for a server with a centrally managed key, an error is returned if this parameter is included in the command. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -FilePath +Specifies the name and location for the file generated when this cmdlet is executed. +This file contains the mode 2 SLC (server licensor certificate) which is exported as part of transitioning a trusted user domain (TUD) to mode operation. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Force +Forces the cmdlet to save (overwrite) an existing file if one is found to exist under the name and location specified as part of the *FilePath* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +This parameter is for CSP-based installs only. +If a CSP name is specified for a server with a centrally managed key, an error is returned if this parameter is included in the command. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Regenerate +Forces the AD RMS server to generate a new key even if the cmdlet has previously run. +This overwrites any previously generated key. +Because you can run this cmdlet multiple times, if this parameter is omitted, the same key is exported each subsequent time the cmdlet is run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### string[], string, bool, SwitchParameter + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + diff --git a/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgEnrollment.md b/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgEnrollment.md new file mode 100644 index 0000000000..855bacd082 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgEnrollment.md @@ -0,0 +1,138 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/install-rmsmfgenrollment?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-RmsMfgEnrollment +--- + +# Install-RmsMfgEnrollment + +## SYNOPSIS +Enrolls an AD RMS server with Microsoft Federation Gateway. + +## SYNTAX + +``` +Install-RmsMfgEnrollment [-Force] [-GetDefaultCertificate] [-CertificateThumbprint ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Install-RmsMfgEnrollment** cmdlet enrolls an Active Directory Rights Management Services (AD RMS) server with the Microsoft Federation Gateway. + +## EXAMPLES + +### Example 1: Enroll in the Microsoft Federation Gateway using the default certificate +``` +PS C:\> Install-RmsMfgEnrollment -GetDefaultCertificate +``` + +This command enrolls the AD RMS cluster in the Microsoft Federation Gateway by retrieving and using the thumbprint hash of the AD RMS default certificate. + +### Example 2: Enroll in the Microsoft Federation Gateway using a specified certificate +``` +PS C:\> Install-RmsMfgEnrollment -CertificateThumbprint "a909502dd82ae41433e6f83886b00d4277a32a7b" +``` + +This command enrolls the AD RMS cluster in the Microsoft Federation Gateway using the thumbprint hash of a non-default certificate. + +## PARAMETERS + +### -CertificateThumbprint +Specifies a string containing the thumbprint hash of the certificate being used to enroll with the Microsoft Federation Gateway. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -GetDefaultCertificate +Indicates that the thumbprint hash of the AD RMS default certificate should be retrieved and used to enroll with the Microsoft Federation Gateway. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Uninstall-RmsMfgEnrollment](./Uninstall-RmsMfgEnrollment.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgSupport.md b/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgSupport.md new file mode 100644 index 0000000000..f8d0c0031d --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Install-RmsMfgSupport.md @@ -0,0 +1,117 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/install-rmsmfgsupport?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Install-RmsMfgSupport +--- + +# Install-RmsMfgSupport + +## SYNOPSIS +Adds Microsoft Federation Gateway support to an AD RMS server. + +## SYNTAX + +``` +Install-RmsMfgSupport [-Force] [-FederationUrl ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Install-RmsMfgSupport** cmdlet adds Microsoft Federation Gateway support to an Active Directory Rights Management Services (AD RMS) server. + +## EXAMPLES + +### Example 1: Add Microsoft Federation Gateway support +``` +PS C:\> Install-RmsMfgSupport +``` + +This command adds Microsoft Federation Gateway support to an AD RMS server. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FederationUrl +Specifies the uniform resource locator (URL) for the AD RMS server to use to connect to the Microsoft Federation Gateway. +If this parameter is not specified, AD RMS connects to the Microsoft Federation Gateway using the default value. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES +* Before adding Microsoft Federation Gateway Support, it is very important that you back up the AD RMS configuration database. +* Do not run this command if the AD RMS snap-in is open in the Microsoft Management Console (MMC). If you do, the command will not respond until you close the AD RMS MMC snap-in. +* Before uninstalling Service Pack 1 for Windows® 7, you must remove Microsoft Federation Gateway Support from the AD RMS cluster by running the **Uninstall-RmsMfgSupport** cmdlet. Failure to do so may cause an inconsistent configuration of your AD RMS cluster. + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + diff --git a/docset/winserver2025-ps/adrmsadmin/Set-RmsSvcAccount.md b/docset/winserver2025-ps/adrmsadmin/Set-RmsSvcAccount.md new file mode 100644 index 0000000000..a1d468ff1e --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Set-RmsSvcAccount.md @@ -0,0 +1,166 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/set-rmssvcaccount?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-RmsSvcAccount +--- + +# Set-RmsSvcAccount + +## SYNOPSIS +Sets the service account for an AD RMS cluster. + +## SYNTAX + +``` +Set-RmsSvcAccount [-Credential] [-Force] [-PassThru] [-Path] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-RmsSvcAccount** cmdlet sets the service account of an Active Directory Rights Management Services (AD RMS) cluster. + +To specify the service account, set the *Credential* parameter to the service account credentials, and then set the *Path* parameter to `:\` where `` is the AD RMS provider drive ID. + +## EXAMPLES + +### Example 1: Modify the service account +``` +PS C:\> Set-RmsSvcAccount -Path "." +``` + +This command changes the AD RMS service account. +Because the *Credential* parameter is not used, the **Set-RmsSvcAccount** cmdlet prompts for the user name and password of the new service account. + +### Example 2: Modify the service account with specified credentials +``` +PS C:\> Set-RmsSvcAccount -Path "." -Force -PassThru -Credential ITDOMAIN\adrmssvc +``` + +This command changes the AD RMS service account. +Because the *Credential* parameter specifies the domain and user name of the account, the **Set-RmsSvcAccount** cmdlet prompts for the password of the new service account. + +### Example 3: Get credentials to use to modify a service account +``` +PS C:\> $userAccount = Get-Credential ITDOMAIN\adrmssvc +PS C:\> Set-RmsSvcAccount -Path "." -Force -PassThru -Credential $userAccount +``` + +This command uses the **Get-Credential** cmdlet to prompt for the password for the ITDOMAIN\adrmsvc account and then stores the account credentials securely in a variable, which is then passed to the **Set-RmsSvcAccount** cmdlet. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user name and password as a **PSCredential** object. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding if the restrictions do not compromise security. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### PSCredential + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Get-RmsSvcAccount](./Get-RmsSvcAccount.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgEnrollment.md b/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgEnrollment.md new file mode 100644 index 0000000000..98aeb1f1ac --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgEnrollment.md @@ -0,0 +1,138 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/uninstall-rmsmfgenrollment?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-RmsMfgEnrollment +--- + +# Uninstall-RmsMfgEnrollment + +## SYNOPSIS +Terminates the enrollment of an AD RMS server with the Microsoft Federation Gateway. + +## SYNTAX + +``` +Uninstall-RmsMfgEnrollment [-Force] [-GetDefaultCertificate] [-CertificateThumbprint ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Uninstall-RmsMfgEnrollment** cmdlet terminates the enrollment of an Active Directory Rights Management Services (AD RMS) server with the Microsoft Federation Gateway. + +## EXAMPLES + +### Example 1: Terminate enrollment to the Microsoft Federation Gateway with a specified thumbprint +``` +PS C:\> Uninstall-RmsMfgEnrollment -CertificateThumbprint "a909502dd82ae41433e6f83886b00d4277a32a7b" +``` + +This command removes support for Microsoft Federation Gateway from the AD RMS server using the specified certificate thumbprint. + +### Example 2: Terminate enrollment with the default certificate +``` +PS C:\> Uninstall-RmsMfgEnrollment -GetDefaultCertificate +``` + +This command removes support for Microsoft Federation Gateway from the AD RMS server by retrieving and using the certificate thumbprint hash for the AD RMS default certificate. + +## PARAMETERS + +### -CertificateThumbprint +Specifies a string containing the thumbprint hash of the certificate that was used to enroll AD RMS with the Microsoft Federation Gateway. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the unenrollment process to be completed, even if there are issues. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -GetDefaultCertificate +Indicates that the thumbprint hash of the AD RMS default certificate should be retrieved and used during the removal of support for the AD RMS server to use the Microsoft Federation Gateway. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Install-RmsMfgEnrollment](./Install-RmsMfgEnrollment.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgSupport.md b/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgSupport.md new file mode 100644 index 0000000000..ca597c25bb --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Uninstall-RmsMfgSupport.md @@ -0,0 +1,101 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/uninstall-rmsmfgsupport?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Uninstall-RmsMfgSupport +--- + +# Uninstall-RmsMfgSupport + +## SYNOPSIS +Removes Microsoft Federation Gateway support from an AD RMS server. + +## SYNTAX + +``` +Uninstall-RmsMfgSupport [-Force] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Uninstall-RmsMfgSupport** cmdlet removes Microsoft Federation Gateway support from an Active Directory Rights Management Services (AD RMS) server. + +## EXAMPLES + +### Example 1: Force removal of Microsoft Federation Gateway support +``` +PS C:\> Uninstall-RmsMfgSupport -Force +``` + +This command forces removal of Microsoft Federation Gateway support for AD RMS. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces completion of the current operation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES +* Before uninstalling Service Pack 1 for Windows Server® 2008 R2, you must remove Microsoft Federation Gateway Support from the AD RMS cluster. Failure to do this may cause an inconsistent configuration of your AD RMS cluster. + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + +[Install-RmsMfgSupport](./Install-RmsMfgSupport.md) + diff --git a/docset/winserver2025-ps/adrmsadmin/Update-RmsCluster.md b/docset/winserver2025-ps/adrmsadmin/Update-RmsCluster.md new file mode 100644 index 0000000000..36cfd7717b --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Update-RmsCluster.md @@ -0,0 +1,119 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/update-rmscluster?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-RmsCluster +--- + +# Update-RmsCluster + +## SYNOPSIS +Updates the AD RMS cluster information. + +## SYNTAX + +``` +Update-RmsCluster [-Force] [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Update-RmsCluster** cmdlet updates the cluster information including the hierarchy of content that defines the cluster in Active Directory Rights Management Services (AD RMS). +The AD RMS cluster hierarchy is reflected in the directory structure of the provider drive associated with the cluster. +For example, you can access the rights policy template information from the RightsPolicyTemplate subdirectory. + +To update AD RMS cluster information, set the *Path* parameter to `:\` where `` is the AD RMS provider drive ID associated with the cluster that you want to update. + +## EXAMPLES + +### Example 1: Update cluster information +``` +PS C:\> Update-RmsCluster -Path "." -Force +``` + +This command updates the AD RMS cluster information. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overrides restrictions that prevent the command from succeeding if the changes do not compromise security. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a provider drive and path or relative path on the current drive. +Use a dot (.) to specify the current location. +This parameter does not accept wildcards and has no default value. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + diff --git a/docset/winserver2025-ps/adrmsadmin/Update-RmsMfgEnrollment.md b/docset/winserver2025-ps/adrmsadmin/Update-RmsMfgEnrollment.md new file mode 100644 index 0000000000..da0595f139 --- /dev/null +++ b/docset/winserver2025-ps/adrmsadmin/Update-RmsMfgEnrollment.md @@ -0,0 +1,206 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.RightsManagementServices.Admin.dll-Help.xml +Module Name: ADRMSAdmin +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/adrmsadmin/update-rmsmfgenrollment?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-RmsMfgEnrollment +--- + +# Update-RmsMfgEnrollment + +## SYNOPSIS +Updates enrollment information for an AD RMS server enrolled with the Microsoft Federation Gateway service. + +## SYNTAX + +``` +Update-RmsMfgEnrollment [-TokenCert] [-SigningCert] [-SetCertificatePermissions] [-Force] + [-GetDefaultCertificate] [-CertificateThumbprint ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Update-RmsMfgEnrollment** cmdlet updates enrollment information for an Active Directory Rights Management Services (AD RMS) server enrolled with the Microsoft Federation Gateway service. + +## EXAMPLES + +### Example 1: Update support enrollment using the default certificate +``` +PS C:\> Update-RmsMfgEnrollment -GetDefaultCertificate +``` + +This command updates the Microsoft Federation Gateway support enrollment for the current AD RMS server by retrieving and using the thumbprint hash of the AD RMS default certificate. + +### Example 2: Update support enrollment using a specified certificate +``` +PS C:\> Update-RmsMfgEnrollment -CertificateThumbprint "a909502dd82ae41433e6f83886b00d4277a32a7b" +``` + +This command updates the Microsoft Federation Gateway support enrollment for the current AD RMS server using the thumbprint hash of a non-default certificate. + +### Example 3: Update the signing certificate for the enrollment +``` +PS C:\> Update-RmsMfgEnrollment -SigningCert +``` + +This command updates the Microsoft Federation Gateway support enrollment for the current AD RMS server. + +### Example 4: Update the token decryption certificate +``` +PS C:\> Update-RmsMfgEnrollment -TokenCert +``` + +This command updates the token decryption certificate for the current AD RMS server. + +### Example 5: Set certificate permissions for the Microsoft Federation Gateway +``` +PS C:\> Update-RmsMfgEnrollment -SetCertificatePermissions +``` + +This command sets certificate permissions for the Microsoft Federation Gateway support enrollment for the current AD RMS. + +## PARAMETERS + +### -CertificateThumbprint +Specifies a string containing the thumbprint hash of the certificate being used to update enrollment with the Microsoft Federation Gateway. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -GetDefaultCertificate +When specified, indicates that the thumbprint hash of the AD RMS default certificate should be retrieved and used to update enrollment with the Microsoft Federation Gateway. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -SetCertificatePermissions +When specified, indicates that permissions are to be set on the AD RMS server enrollment with the Microsoft Federation Gateway. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -SigningCert +When specified, indicates that the Microsoft Federation Gateway signing certificate should be updated (or refreshed in metadata) for the current AD RMS server enrollment. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -TokenCert +When specified, indicates that the token decryption certificate should be updated for the AD RMS server enrollment with the Microsoft Federation Gateway. + +You can update the token decryption certificate or the Microsoft Federation Gateway certificate, as needed. +Because the token decryption certificate is the SSL certificate for the AD RMS cluster, you must update the token decryption certificate if the cluster SSL certificate expires. +After you update the token decryption certificate, you must grant the AD RMS Services group permission to access the certificate on all servers in the AD RMS cluster. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Using Windows PowerShell with AD RMS](https://go.microsoft.com/fwlink/?LinkId=136806) + diff --git a/docset/winserver2025-ps/appbackgroundtask/AppBackgroundTask.md b/docset/winserver2025-ps/appbackgroundtask/AppBackgroundTask.md new file mode 100644 index 0000000000..2ba9961d3e --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/AppBackgroundTask.md @@ -0,0 +1,36 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.2 +Locale: en-US +Module Guid: eb40bd55-3bab-4fa6-88ee-0dcf3cad5a25 +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +title: AppBackgroundTask +--- + +# AppBackgroundTask Module +## Description +This reference provides cmdlet descriptions and syntax for all App Background Task cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +## AppBackgroundTask Cmdlets +### [Disable-AppBackgroundTaskDiagnosticLog](./Disable-AppBackgroundTaskDiagnosticLog.md) +Disables background task logging in Event Viewer. + +### [Enable-AppBackgroundTaskDiagnosticLog](./Enable-AppBackgroundTaskDiagnosticLog.md) +Enables background task logging in Event Viewer. + +### [Get-AppBackgroundTask](./Get-AppBackgroundTask.md) +Gets background task information. + +### [Set-AppBackgroundTaskResourcePolicy](./Set-AppBackgroundTaskResourcePolicy.md) +Configures the use of the global pool by background tasks. + +### [Start-AppBackgroundTask](./Start-AppBackgroundTask.md) +Starts a background task. + +### [Unregister-AppBackgroundTask](./Unregister-AppBackgroundTask.md) +Unregisters a background task. + + + diff --git a/docset/winserver2025-ps/appbackgroundtask/Disable-AppBackgroundTaskDiagnosticLog.md b/docset/winserver2025-ps/appbackgroundtask/Disable-AppBackgroundTaskDiagnosticLog.md new file mode 100644 index 0000000000..75814ca92e --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Disable-AppBackgroundTaskDiagnosticLog.md @@ -0,0 +1,80 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: microsoft.windows.appbackgroundtask.commands.dll-Help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/disable-appbackgroundtaskdiagnosticlog?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AppBackgroundTaskDiagnosticLog +--- + +# Disable-AppBackgroundTaskDiagnosticLog + +## SYNOPSIS +Disables background task logging in Event Viewer. + +## SYNTAX + +``` +Disable-AppBackgroundTaskDiagnosticLog [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AppBackgroundTaskDiagnosticLog** cmdlet disables background task logging in Event Viewer. +You must have administrator access to disable background task logging. + +## EXAMPLES + +### Example 1: Disable background task logging +``` +PS C:\> Disable-AppBackgroundTaskDiagnosticLog +``` + +This command turns off background task logging in Event Viewer. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Enable-AppBackgroundTaskDiagnosticLog](./Enable-AppBackgroundTaskDiagnosticLog.md) + diff --git a/docset/winserver2025-ps/appbackgroundtask/Enable-AppBackgroundTaskDiagnosticLog.md b/docset/winserver2025-ps/appbackgroundtask/Enable-AppBackgroundTaskDiagnosticLog.md new file mode 100644 index 0000000000..c291083680 --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Enable-AppBackgroundTaskDiagnosticLog.md @@ -0,0 +1,80 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: microsoft.windows.appbackgroundtask.commands.dll-Help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/enable-appbackgroundtaskdiagnosticlog?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AppBackgroundTaskDiagnosticLog +--- + +# Enable-AppBackgroundTaskDiagnosticLog + +## SYNOPSIS +Enables background task logging in Event Viewer. + +## SYNTAX + +``` +Enable-AppBackgroundTaskDiagnosticLog [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AppBackgroundTaskDiagnosticLog** cmdlet enables background task logging in Event Viewer. +You must have administrator access to enable background task logging. + +## EXAMPLES + +### Example 1: Enable background task logging +``` +PS C:\> Enable-AppBackgroundTaskDiagnosticLog +``` + +This command turns on background task logging in Event Viewer. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-AppBackgroundTaskDiagnosticLog](./Disable-AppBackgroundTaskDiagnosticLog.md) + diff --git a/docset/winserver2025-ps/appbackgroundtask/Get-AppBackgroundTask.md b/docset/winserver2025-ps/appbackgroundtask/Get-AppBackgroundTask.md new file mode 100644 index 0000000000..d377c82ebf --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Get-AppBackgroundTask.md @@ -0,0 +1,155 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: PS_BackgroundTask.cdxml-help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/get-appbackgroundtask?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppBackgroundTask +--- + +# Get-AppBackgroundTask + +## SYNOPSIS +Gets background task information. + +## SYNTAX + +``` +Get-AppBackgroundTask [-PackageFamilyName ] [-IncludeResourceUsage] [-CimSession ] + [-ThrottleLimit ] [-AsJob] [] +``` + +## DESCRIPTION +The **Get-AppBackgroundTask** cmdlet gets background task information for a task specified in the *PackageFamilyName* parameter. +A background task performs an activity for an application, such as downloading a file. +You must have administrator access to get background task information. + +## EXAMPLES + +### Example 1: Display background tasks +``` +PS C:\> Get-AppBackgroundTask -PackageFamilyName "Microsoft.BingSports_8wekyb3d8bbwe" +``` + +This command displays the registered background tasks that belong to the Microsoft.BingSports_8wekyb3d8bbwe package family. + +### Example 2: Display background tasks with resource usage data +``` +PS C:\> Get-AppBackgroundTask -PackageFamilyName "Microsoft.BingSports_8wekyb3d8bbwe" -IncludeResourceUsage +``` + +This command displays the registered background tasks that belong to the Microsoft.BingSports_8wekyb3d8bbwe package family, including detailed resource usage information. + +### Example 3: Display all background tasks for a user +``` +PS C:\> Get-AppBackgroundTask +``` + +This command displays all registered background tasks for the current user. + +## PARAMETERS + +### -AsJob +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. + +The cmdlet immediately returns an object that represents the job and then displays the command prompt. +You can continue to work in the session while the job completes. +To manage the job, use the `*-Job` cmdlets. +To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. + +For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CimSession +Runs the cmdlet in a remote session or on a remote computer. +Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. +The default is the current session on the local computer. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: Session + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeResourceUsage +Indicates that the cmdlet displays detailed resource usage data for a background task. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: iru + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageFamilyName +Specifies the package family name for which to display background task information. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: pfn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. +If this parameter is omitted or a value of `0` is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. +The throttle limit applies only to the current cmdlet, not to the session or to the computer. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Management.Infrastructure.CimInstance# MSFT_BackgroundTask[] + +## NOTES + +## RELATED LINKS + +[Start-AppBackgroundTask](./Start-AppBackgroundTask.md) + +[Unregister-AppBackgroundTask](./Unregister-AppBackgroundTask.md) + diff --git a/docset/winserver2025-ps/appbackgroundtask/Set-AppBackgroundTaskResourcePolicy.md b/docset/winserver2025-ps/appbackgroundtask/Set-AppBackgroundTaskResourcePolicy.md new file mode 100644 index 0000000000..1a859e9b13 --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Set-AppBackgroundTaskResourcePolicy.md @@ -0,0 +1,106 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: microsoft.windows.appbackgroundtask.commands.dll-Help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/set-appbackgroundtaskresourcepolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppBackgroundTaskResourcePolicy +--- + +# Set-AppBackgroundTaskResourcePolicy + +## SYNOPSIS +Configures the use of the global pool by background tasks. + +## SYNTAX + +``` +Set-AppBackgroundTaskResourcePolicy -Mode [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AppBackgroundTaskResourcePolicy** cmdlet configures the use of the global pool by background tasks. +The global pool is a shared resource that provides CPU or network resources when an application requires additional resources to complete a task. +You must have administrator access to set the background task resource policy. + +## EXAMPLES + +### Example 1: Set global resource policy to Conservative mode +``` +PS C:\> Set-AppBackgroundTaskResourcePolicy -Mode Conservative +``` + +This command sets the global resource policy for background tasks to Conservative, which ensures that background tasks use the minimum CPU. + +### Example 2: Set global resource policy to Normal mode +``` +PS C:\> Set-AppBackgroundTaskResourcePolicy -Mode Normal +``` + +This command sets the global resource policy for background tasks to Normal. +A restart is required if the previous setting was Conservative. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Mode +Specifies the global pool settings for background tasks on the system. +Valid values are Normal and Conservative. +Use Normal to enable the global pool for all applications. +Use Conservative to disable the global pool for all applications. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Normal, Conservative + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/appbackgroundtask/Start-AppBackgroundTask.md b/docset/winserver2025-ps/appbackgroundtask/Start-AppBackgroundTask.md new file mode 100644 index 0000000000..c5d5dca59f --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Start-AppBackgroundTask.md @@ -0,0 +1,156 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: PS_BackgroundTask.cdxml-help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/start-appbackgroundtask?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Start-AppBackgroundTask +--- + +# Start-AppBackgroundTask + +## SYNOPSIS +Starts a background task. + +## SYNTAX + +``` +Start-AppBackgroundTask -TaskID [-CimSession ] [-ThrottleLimit ] [-AsJob] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Start-AppBackgroundTask** cmdlet starts a background task. +A background task performs an activity for an application, such as downloading a file. +You must have administrator access to start a background task. + +## EXAMPLES + +### Example 1: Start a background task +``` +PS C:\> Start-AppBackgroundTask -TaskID "6D99C4A8-839E-5440-BEFD-2A8DB30A6461" +``` + +This command starts a registered background task that has the TaskID 6D99C4A8-839E-5440-BEFD-2A8DB30A6461. + +## PARAMETERS + +### -AsJob +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. + +The cmdlet immediately returns an object that represents the job and then displays the command prompt. +You can continue to work in the session while the job completes. +To manage the job, use the `*-Job` cmdlets. +To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. + +For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CimSession +Runs the cmdlet in a remote session or on a remote computer. +Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. +The default is the current session on the local computer. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: Session + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TaskID +Specifies a TaskID, in GUID format, for a background task. +You can get the TaskID by using the **Get-AppBackgroundTask** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: tid + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. +If this parameter is omitted or a value of `0` is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. +The throttle limit applies only to the current cmdlet, not to the session or to the computer. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AppBackgroundTask](./Get-AppBackgroundTask.md) + +[Unregister-AppBackgroundTask](./Unregister-AppBackgroundTask.md) + diff --git a/docset/winserver2025-ps/appbackgroundtask/Unregister-AppBackgroundTask.md b/docset/winserver2025-ps/appbackgroundtask/Unregister-AppBackgroundTask.md new file mode 100644 index 0000000000..9dcf14c56f --- /dev/null +++ b/docset/winserver2025-ps/appbackgroundtask/Unregister-AppBackgroundTask.md @@ -0,0 +1,156 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: PS_BackgroundTask.cdxml-help.xml +Module Name: AppBackgroundTask +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appbackgroundtask/unregister-appbackgroundtask?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Unregister-AppBackgroundTask +--- + +# Unregister-AppBackgroundTask + +## SYNOPSIS +Unregisters a background task. + +## SYNTAX + +``` +Unregister-AppBackgroundTask -TaskID [-CimSession ] [-ThrottleLimit ] [-AsJob] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Unregister-AppBackgroundTask** cmdlet unregisters a background task. +A background task performs an activity for an application, such as downloading a file. +You must have administrator access to unregister a background task. + +## EXAMPLES + +### Example 1: Unregister a background task +``` +PS C:\> Unregister-AppBackgroundTask -TaskID "6D99C4A8-839E-5440-BEFD-2A8DB30A6461" +``` + +This command unregisters the registered background task identified by the GUID 6D99C4A8-839E-5440-BEFD-2A8DB30A6461. + +## PARAMETERS + +### -AsJob +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. + +The cmdlet immediately returns an object that represents the job and then displays the command prompt. +You can continue to work in the session while the job completes. +To manage the job, use the `*-Job` cmdlets. +To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. + +For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CimSession +Runs the cmdlet in a remote session or on a remote computer. +Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. +The default is the current session on the local computer. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: Session + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TaskID +Specifies a TaskID, in GUID format, for a background task. +You can get the TaskID by using the **Get-AppBackgroundTask** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: tid + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. +If this parameter is omitted or a value of `0` is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. +The throttle limit applies only to the current cmdlet, not to the session or to the computer. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AppBackgroundTask](./Get-AppBackgroundTask.md) + +[Start-AppBackgroundTask](./Start-AppBackgroundTask.md) + diff --git a/docset/winserver2025-ps/applocker/AppLocker.md b/docset/winserver2025-ps/applocker/AppLocker.md new file mode 100644 index 0000000000..035261bcce --- /dev/null +++ b/docset/winserver2025-ps/applocker/AppLocker.md @@ -0,0 +1,33 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 9dafd409-67de-4108-8ee9-73cd61f5b7bf +Module Name: AppLocker +ms.date: 09/28/2020 +title: AppLocker +--- + +# AppLocker Module +## Description +The Windows PowerShell cmdlets for AppLocker are designed to streamline the administration of application control policies. The cmdlets can be used to help author, test, maintain, and troubleshoot application control policies and can be used in conjunction with the AppLocker user interface that is accessed through the Microsoft Management Console (MMC) snap-in extension to the Local Security Policy snap-in and Group Policy Management Console. + +Note that AppLocker cmdlets only interact with group policy and do not have any knowledge of the AppLocker CSP. + +## AppLocker Cmdlets +### [Get-AppLockerFileInformation](./Get-AppLockerFileInformation.md) +Gets the file information necessary to create AppLocker rules from a list of files or an event log. + +### [Get-AppLockerPolicy](./Get-AppLockerPolicy.md) +Gets the local, the effective, or a domain AppLocker policy. + +### [New-AppLockerPolicy](./New-AppLockerPolicy.md) +Creates a new AppLocker policy from a list of file information and other rule creation options. + +### [Set-AppLockerPolicy](./Set-AppLockerPolicy.md) +Sets the AppLocker policy for the specified GPO. + +### [Test-AppLockerPolicy](./Test-AppLockerPolicy.md) +Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user. + diff --git a/docset/winserver2025-ps/applocker/Get-AppLockerFileInformation.md b/docset/winserver2025-ps/applocker/Get-AppLockerFileInformation.md new file mode 100644 index 0000000000..bc4722797d --- /dev/null +++ b/docset/winserver2025-ps/applocker/Get-AppLockerFileInformation.md @@ -0,0 +1,301 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml +Module Name: AppLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/applocker/get-applockerfileinformation?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppLockerFileInformation +--- + +# Get-AppLockerFileInformation + +## SYNOPSIS +Gets the file information necessary to create AppLocker rules from a list of files or an event log. + +## SYNTAX + +### ByFilePath (Default) +``` +Get-AppLockerFileInformation [[-Path] ] [] +``` + +### ByAppx +``` +Get-AppLockerFileInformation + [[-Packages] ] + [] +``` + +### ByDirectory +``` +Get-AppLockerFileInformation -Directory + [-FileType ] + [-Recurse] [] +``` + +### ByEventLog +``` +Get-AppLockerFileInformation [-EventLog] [-LogPath ] + [-EventType ] + [-Statistics] [] +``` + +## DESCRIPTION +The **Get-AppLockerFileInformation** cmdlet gets the AppLocker file information from a list of files or an event log. +File information includes the publisher information, file hash, and file path. + +The file information from an event log may not contain all of the publisher information, file hash, and file path fields. +Files that are not signed will not have any publisher information. + +## EXAMPLES + +### Example 1: Get file information for .exe files and scripts +``` +PS C:\> Get-AppLockerFileInformation -Directory C:\Windows\system32\ -Recurse -FileType exe, script +``` + +This example gets the file information for all the .exe files and scripts under %windir%\system32. + +### Example 2: Get file information for a file +``` +PS C:\> Get-AppLockerFileInformation -Path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" | Format-List +Path : %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE +Publisher : CN=WINDOWS MAIN BUILD LAB ACCOUNT\WINDOWS® INTERNET EXPLORER\IEXPLORE.EXE,10.0.8421.0 +Hash : SHA256 0x5F374C2DD91A6F9E9E96F149EE221EC0454649F50E1AF6D3DAEFB849FB7C551C +AppX : False + + +PS C:\> Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe" | Format-List +Path : %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE +Publisher : CN=WINDOWS MAIN BUILD LAB ACCOUNT\WINDOWS® INTERNET EXPLORER\IEXPLORE.EXE,10.0.8421.0 +Hash : SHA256 0x5F374C2DD91A6F9E9E96F149EE221EC0454649F50E1AF6D3DAEFB849FB7C551C +AppX : False +``` + +This example gets the file information for the file specified by the path. + +### Example 3: Get file information for all packaged applications for all users +``` +PS C:\> Get-AppXPackage -AllUsers | Get-AppLockerFileInformation +Path : windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.appx +Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, + C=US\windows.immersivecontrolpanel\APPX,6.2.0.0 +Hash : +AppX : True + +Path : windows.RemoteDesktop_1.0.0.0_neutral_neutral_cw5n1h2txyewy.appx +Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, + C=US\windows.RemoteDesktop\APPX,1.0.0.0 +Hash : +AppX : True + +Path : WinStore_1.0.0.0_neutral_neutral_cw5n1h2txyewy.appx +Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US\WinStore\APPX,1.0.0.0 +Hash : +AppX : True +``` + +This example outputs the file information for all the packaged applications installed on this computer for all users. + +### Example 4: Get file information for Audited events +``` +PS C:\> Get-AppLockerFileInformation -EventLog -EventType Audited +``` + +This example outputs the file information for all the Audited events in the local event log. +Audited events correspond to the Warning event in the AppLocker audit log. + +### Example 5: Get statistics for Allowed events +``` +PS C:\> Get-AppLockerFileInformation -EventLog -EventType Allow -Statistics +``` + +This example displays statistics for all the Allowed events in the local event log. +For each file in the event log, the cmdlet will sum the number of times the event type occurred. + +### Example 6: Create an AppLocker policy +``` +PS C:\> Get-AppLockerFileInformation -EventLog -EventType Audited | New-AppLockerPolicy -RuleType Publisher, Hash, Path -User Everyone -Optimize | Set-AppLockerPolicy -LDAP LDAP://TestGPO +``` + +This example creates a new AppLocker policy from the warning events in the local event log and sets the policy of a test Group Policy Object (GPO). + +## PARAMETERS + +### -Directory +Specifies the directory that contains the files for which to get the file information. +If all subfolders and files in the specified directory are to be searched, then include the *Recurse* parameter + +```yaml +Type: String +Parameter Sets: ByDirectory +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EventLog +Specifies that the file information is retrieved from the event log. + +```yaml +Type: SwitchParameter +Parameter Sets: ByEventLog +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EventType +Specifies the event type by which to filter the events. +The acceptable values for this parameter are: Allowed, Denied, or Audited. +The event types correspond to the Informational, Error, and Warning level events in the AppLocker event logs. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.AppLockerEventType] +Parameter Sets: ByEventLog +Aliases: +Accepted values: Allowed, Denied, Audited + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FileType +Specifies the generic file type for which to search. +All files having the appropriate file name extension will be included. +The acceptable values for this parameter are: + +- Exe +- Dll +- WindowsInstaller +- Script +- Appx. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerFileType] +Parameter Sets: ByDirectory +Aliases: +Accepted values: Exe, Dll, WindowsInstaller, Script, Appx + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LogPath +Specifies the log name or file path of the event log where the AppLocker events are located. +By default, if this parameter is not specified, the local Microsoft-Windows-AppLocker/EXE and DLL channel is used. + +```yaml +Type: String +Parameter Sets: ByEventLog +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Packages +Specifies a list of installed packaged applications, from which the file information is retrieved. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage] +Parameter Sets: ByAppx +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies a list of paths to the files from which the file information is retrieved. +Supports regular expressions. + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: ByFilePath +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Recurse +Specifies that all files and folders in the specified directory will be searched. + +```yaml +Type: SwitchParameter +Parameter Sets: ByDirectory +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Statistics +Specifies the statistics to retrieve on the files included in the event log. +Calculates a simple sum of the number of times a file is included in the event log based on specified parameters. + +```yaml +Type: SwitchParameter +Parameter Sets: ByEventLog +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileInformation + +### System.String + +## NOTES + +## RELATED LINKS + +[Get-AppLockerPolicy](./Get-AppLockerPolicy.md) + +[New-AppLockerPolicy](./New-AppLockerPolicy.md) + +[Set-AppLockerPolicy](./Set-AppLockerPolicy.md) + +[Test-AppLockerPolicy](./Test-AppLockerPolicy.md) + diff --git a/docset/winserver2025-ps/applocker/Get-AppLockerPolicy.md b/docset/winserver2025-ps/applocker/Get-AppLockerPolicy.md new file mode 100644 index 0000000000..df8d977cf7 --- /dev/null +++ b/docset/winserver2025-ps/applocker/Get-AppLockerPolicy.md @@ -0,0 +1,177 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml +Module Name: AppLocker +ms.date: 09/28/2020 +online version: https://learn.microsoft.com/powershell/module/applocker/get-applockerpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppLockerPolicy +--- + +# Get-AppLockerPolicy + +## SYNOPSIS +Gets the local, the effective, or a domain AppLocker policy. + +## SYNTAX + +### LocalPolicy (Default) +``` +Get-AppLockerPolicy [-Local] [-Xml] [] +``` + +### DomainPolicy +``` +Get-AppLockerPolicy [-Domain] -Ldap [-Xml] [] +``` + +### EffectivePolicy +``` +Get-AppLockerPolicy [-Effective] [-Xml] [] +``` + +## DESCRIPTION +The **Get-AppLockerPolicy** cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified GPO, or the GP-deployed effective policy on the computer. + +By default, the output is an **AppLockerPolicy** object. +If the *Xml* parameter is used, then the output will be the AppLocker policy as an XML-formatted string. + +Note that the Get-AppLockerPolicy cmdlet only functions with policies deployed via GP. It does not have any knowledge of the AppLocker CSP, so it will return incorrect data if the policy in place has been applied via the CSP. + +## EXAMPLES + +### Example 1: Get an AppLocker policy +``` +PS C:\> Get-AppLockerPolicy -Local + Version RuleCollections RuleCollectionTypes + ------- --------------- ------------------- + 1 {} {} +``` + +This example gets the local AppLocker policy as an **AppLockerPolicy** object. + +### Example 2: Get the AppLocker policy for a GPO +``` +PS C:\> Get-AppLockerPolicy -Domain -LDAP "LDAP:// DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" +``` + +This example gets the AppLocker policy of the unique GPO specified by the LDAP path as an **AppLockerPolicy** object. + +### Example 3: Get the effective policy +``` +PS C:\> Get-AppLockerPolicy -Effective -Xml | Set-Content ('c:\temp\curr.xml') +``` + +This example gets the effective policy on the computer, and then sends it in XML-format to the specified file on an existing path. + +### Example 4: Get and test an AppLocker policy +``` +PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone +``` + +This example gets the local AppLocker policy on the computer, and then tests the policy using the **Test-AppLockerPolicy** cmdlet to test whether the .exe files in C:\Windows\System32 will be allowed to run by the Everyone group. + +## PARAMETERS + +### -Domain +Gets the AppLocker policy from the GPO specified by the path given in the *Ldap* parameter. + +```yaml +Type: SwitchParameter +Parameter Sets: DomainPolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Effective +Gets the effective AppLocker policy on the local computer. +The effective policy is the merge of the local AppLocker policy and any applied AppLocker domain policies on the local computer. + +```yaml +Type: SwitchParameter +Parameter Sets: EffectivePolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Ldap +Specifies the LDAP path of the GPO and must specify a unique GPO. + +```yaml +Type: String +Parameter Sets: DomainPolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Local +Gets the AppLocker policy from the local GPO. + +```yaml +Type: SwitchParameter +Parameter Sets: LocalPolicy +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Xml +Specifies that the AppLocker policy be output as an XML-formatted string. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy +**AppLockerPolicy** + +### System.String + +## NOTES + +## RELATED LINKS + +[Get-AppLockerFileInformation](./Get-AppLockerFileInformation.md) + +[New-AppLockerPolicy](./New-AppLockerPolicy.md) + +[Set-AppLockerPolicy](./Set-AppLockerPolicy.md) + +[Test-AppLockerPolicy](./Test-AppLockerPolicy.md) + diff --git a/docset/winserver2025-ps/applocker/New-AppLockerPolicy.md b/docset/winserver2025-ps/applocker/New-AppLockerPolicy.md new file mode 100644 index 0000000000..bc84a202d7 --- /dev/null +++ b/docset/winserver2025-ps/applocker/New-AppLockerPolicy.md @@ -0,0 +1,267 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml +Module Name: AppLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/applocker/new-applockerpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AppLockerPolicy +--- + +# New-AppLockerPolicy + +## SYNOPSIS +Creates a new AppLocker policy from a list of file information and other rule creation options. + +## SYNTAX + +### FileInformation +``` +New-AppLockerPolicy + [-FileInformation] + [-AllowWindows] + [-RuleType ] + [-RuleNamePrefix ] [-User ] [-Optimize] [-IgnoreMissingFileInformation] [-Xml] + [-ServiceEnforcement ] [] +``` + +### AllowWindows +``` +New-AppLockerPolicy [-AllowWindows] + [-RuleType ] + [-RuleNamePrefix ] [-User ] [-Optimize] [-IgnoreMissingFileInformation] [-Xml] + [-ServiceEnforcement ] [] +``` + +## DESCRIPTION +The **New-AppLockerPolicy** cmdlet uses a list of file information to automatically generate a list of rules for a given user or group. +Rules can be generated based on publisher, hash, or path information. + +Run the **Get-AppLockerFileInformation** cmdlet to create the list of file information. + +By default, the output is an **AppLockerPolicy** object. +If the *Xml* parameter is specified, the output will be the AppLocker policy as an XML-formatted string. + +## EXAMPLES + +### Example 1: Create an AppLocker policy with allow rules +``` +C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -RuleNamePrefix System32 + + Version RuleCollections RuleCollectionTypes + ------- --------------- ------------------- + 1 {Microsoft.Security.ApplicationId.Po... {Exe} +``` + +This example creates an AppLocker policy that contains allow rules for all of the executable files in C:\Windows\System32. +The policy contains publisher rules for those files with publisher information and hash rules for those that do not. +The rules are prefixed with `System32:` and the rules apply to the Everyone group. + +### Example 2: Create an AppLocker policy +``` +C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -AllowWindows -RuleType Path -User Everyone -Optimize -XML + + +``` + +This example creates an XML-formatted AppLocker policy for all of the executable files in `C:\Windows\System32`. +The policy contains only path rules. +The rules are applied to the Everyone group. +The *Optimize* parameter indicates that similar rules are grouped together where possible. +The AppLocker policy trusts all local Windows components. + +### Example 3: Create an AppLocker policy from audited events +``` +C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL" -EventType Audited | New-AppLockerPolicy -RuleType Publisher,Hash -User domain\FinanceGroup -IgnoreMissingFileInformation | Set-AppLockerPolicy -LDAP "LDAP://DC13.TailspinToys.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=WingTipToys,DC=com" +``` + +This example creates a new AppLocker policy from the audited events in the local Microsoft-Windows-AppLocker/EXE and DLL event log. +All of the rules will be applied to the domain\FinanceGroup group. +Publisher rules are created when the publisher information is available, and hash rules are created if the publisher information is not available. +If only path information is available for a file, then the file is skipped because the *IgnoreMissingFileInformation* parameter is specified, and the file is included in the warning log. +If the *IgnoreMissingFileInformation* parameter is not specified when file information is missing, then the cmdlet exits because it cannot create the specified rule type. +After the new AppLocker policy is created, the AppLocker policy of the specified Group Policy Object (GPO) is set. +The existing AppLocker policy in the specified GPO will be overwritten. + +## PARAMETERS + +### -AllowWindows +Indicates that the AppLocker policy allows all local Windows components. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FileInformation +Specifies a file that can contain publisher, path, and hash information. +Some information may be missing, such as publisher information for an unsigned file. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileInformation] +Parameter Sets: FileInformation +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -IgnoreMissingFileInformation +Specifies that, if a rule cannot be created for a file because of missing file information, then evaluation of the remaining file information will continue and a warning log of the files skipped will be generated. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Optimize +Specifies that similar rules will be grouped together. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleNamePrefix +Specifies a name to add as the prefix for each rule that is created. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleType +Specifies the type of rules to create from the file information. +Publisher, path, or hash rules can be created from the file information. +Multiple rule types may be specified. +Therefore, that there are backup rule types if the necessary file information is not available. + +For example, if `Publisher, Hash` is specified for this parameter, then the hash rules are applied when publisher information is not available. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.RuleType] +Parameter Sets: (All) +Aliases: +Accepted values: Publisher, Path, Hash + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceEnforcement +Specifies whether the AppLocker policy for EXE and DLL rule collections applies to non-interactive processes. +The acceptable values for this parameter are: + +- NotConfigured +- Enabled +- ServicesOnly + +```yaml +Type: ServiceEnforcementMode +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User +Specifies the user or group to which the rules are applied. +The acceptable values for this parameter are: + +- DNS user name (domain\username) +- User Principal Name (username@domain.com) +- SAM user name (username) +- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Xml +Specifies that the output of the AppLocker policy be as an XML-formatted string. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileInformation + +## OUTPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy + +### System.String + +## NOTES + +## RELATED LINKS + +[Get-AppLockerFileInformation](./Get-AppLockerFileInformation.md) + +[Get-AppLockerPolicy](./Get-AppLockerPolicy.md) + +[Set-AppLockerPolicy](./Set-AppLockerPolicy.md) + +[Test-AppLockerPolicy](./Test-AppLockerPolicy.md) + diff --git a/docset/winserver2025-ps/applocker/Set-AppLockerPolicy.md b/docset/winserver2025-ps/applocker/Set-AppLockerPolicy.md new file mode 100644 index 0000000000..c1ad6a9cc5 --- /dev/null +++ b/docset/winserver2025-ps/applocker/Set-AppLockerPolicy.md @@ -0,0 +1,183 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml +Module Name: AppLocker +ms.date: 09/28/2020 +online version: https://learn.microsoft.com/powershell/module/applocker/set-applockerpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppLockerPolicy +--- + +# Set-AppLockerPolicy + +## SYNOPSIS +Sets the AppLocker policy for the specified GPO. + +## SYNTAX + +### ByXmlPolicy (Default) +``` +Set-AppLockerPolicy [-XmlPolicy] [-Ldap ] [-Merge] [-WhatIf] [-Confirm] [] +``` + +### ByPolicyObject +``` +Set-AppLockerPolicy [-PolicyObject] [-Ldap ] [-Merge] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Set-AppLockerPolicy cmdlet** sets the specified GPO to contain the specified AppLocker policy. +If no Lightweight Directory Access Protocol (LDAP) is specified, then the default is the local GPO. + +The input values for the AppLocker policy can be an **AppLockerPolicy** object or an XML-formatted file that contains the AppLocker policy. + +Note that the Set-AppLockerPolicy cmdlet only works with GP. It cannot interact with the AppLocker CSP. + +## EXAMPLES + +### Example 1: Set the local AppLocker policy +``` +PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml +``` + +This example sets the local AppLocker policy to the policy specified in C:\Policy.xml. + +### Example 2: Set the GPO to contain an AppLocker policy. +``` +PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" +``` + +This example sets the GPO specified in the LDAP path to contain the AppLocker policy that is specified in C:\Policy.xml. + +### Example 3: Merge the local AppLocker policy with another +``` +PS C:\> Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge +``` + +This example gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. +For more information on how two policies are merged, see the *Merge* parameter description. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Ldap +Specifies the LDAP path of the GPO. +It must specify a unique GPO. +If this parameter is not specified, then the local AppLocker policy is set. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Merge +Merges the rules in the specified AppLocker policy with the AppLocker rules in the target GPO specified in the LDAP path. +The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. +If the *Merge* parameter is not specified, then the new policy will overwrite the existing policy. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyObject +Specifies the **AppLockerPolicy** object that contains the AppLocker policy. +Can be obtained from the Get-AppLockerPolicy and the New-AppLockerPolicy cmdlets. + +```yaml +Type: AppLockerPolicy +Parameter Sets: ByPolicyObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -XmlPolicy +Specifies the path where the XML-formatted file that contains the AppLocker policy is saved. + +```yaml +Type: String +Parameter Sets: ByXmlPolicy +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy +**AppLockerPolicy** + +### System.String + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Get-AppLockerFileInformation](./Get-AppLockerFileInformation.md) + +[Get-AppLockerPolicy](./Get-AppLockerPolicy.md) + +[New-AppLockerPolicy](./New-AppLockerPolicy.md) + +[Test-AppLockerPolicy](./Test-AppLockerPolicy.md) + diff --git a/docset/winserver2025-ps/applocker/Test-AppLockerPolicy.md b/docset/winserver2025-ps/applocker/Test-AppLockerPolicy.md new file mode 100644 index 0000000000..94570ccc52 --- /dev/null +++ b/docset/winserver2025-ps/applocker/Test-AppLockerPolicy.md @@ -0,0 +1,205 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml +Module Name: AppLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/applocker/test-applockerpolicy?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Test-AppLockerPolicy +--- + +# Test-AppLockerPolicy + +## SYNOPSIS +Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user. + +## SYNTAX + +### ByXmlPolicy (Default) +``` +Test-AppLockerPolicy [-XmlPolicy] -Path + [-User ] + [-Filter ] + [] +``` + +### ByXmlPolicyAppx +``` +Test-AppLockerPolicy [-XmlPolicy] + -Packages + [-User ] + [-Filter ] + [] +``` + +### ByPolicyObject +``` +Test-AppLockerPolicy [-PolicyObject] -Path + [-User ] + [-Filter ] + [] +``` + +## DESCRIPTION +The **Test-AppLockerPolicy** cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user. + +To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the *User* parameter. +For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the *User* parameter is specified. +Instead, a representative member of the Finance group should be specified for the *User* parameter. + +## EXAMPLES + +### Example 1: Report if programs are allowed to run +``` +PS C:\> Test-AppLockerPolicy -XMLPolicy C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone +``` + +This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml. + +### Example 2: List executables specified by no policy +``` +PS C:\> Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault +``` + +This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the file. + +### Example 3: List executables specified by no policy to a text file +``` +PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ) +``` + +This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to run, and then redirects the list to a text file. + +### Example 4: Lists packages and test against a policy +``` +PS C:\> Get-AppxPackage -AllUsers | Test-AppLockerPolicy -XmlPolicy .\SamplePolicy.xml +``` + +This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy. + +## PARAMETERS + +### -Filter +Specifies the policy decision by which to filter the output for each input file. +The acceptable values for this parameter are: Allowed, Denied, DeniedByDefault, or AllowedByDefault. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision] +Parameter Sets: (All) +Aliases: +Accepted values: Allowed, AllowedByDefault, Denied, DeniedByDefault + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Packages +Specifies a list of installed packaged applications, from which the file information is retrieved. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage] +Parameter Sets: ByXmlPolicyAppx +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Path +Specifies the list of the file paths to test. +Regular expressions are supported. + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: ByXmlPolicy, ByPolicyObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PolicyObject +Specifies the Applocker policy. +Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet. + +```yaml +Type: AppLockerPolicy +Parameter Sets: ByPolicyObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -User +Defines the user or group to be used for testing the rules in a specified AppLocker policy. +The acceptable values for this parameter are: + +- DNS user name (`domain\username`) +- User Principal Name (`username@domain.com`) +- SAM user name (`username`) +- Security identifier (`S-1-5-21-3165297888-301567370-576410423-1103`) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -XmlPolicy +Specifies the file path and name of the XML-formatted file that contains the AppLocker policy. + +```yaml +Type: String +Parameter Sets: ByXmlPolicy, ByXmlPolicyAppx +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy +**AppLockerPolicy** + +## OUTPUTS + +### Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDecision + +## NOTES + +## RELATED LINKS + +[Get-AppLockerFileInformation](./Get-AppLockerFileInformation.md) + +[Get-AppLockerPolicy](./Get-AppLockerPolicy.md) + +[New-AppLockerPolicy](./New-AppLockerPolicy.md) + +[Set-AppLockerPolicy](./Set-AppLockerPolicy.md) + diff --git a/docset/winserver2025-ps/appvclient/Add-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Add-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..d54d7dd674 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Add-AppvClientConnectionGroup.md @@ -0,0 +1,80 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/add-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppvClientConnectionGroup +--- + +# Add-AppvClientConnectionGroup + +## SYNOPSIS +Creates a composition of multiple packages. + +## SYNTAX + +``` +Add-AppvClientConnectionGroup [-Path] [] +``` + +## DESCRIPTION +The **Add-AppvClientConnectionGroup** cmdlet creates a Microsoft Application Virtualization (App-V) connection group. +In order for the group to be applied, all packages in the group must be added to the target computer, and must not be running. + +This cmdlet can also be used to update an already existing connection group definition. + +## EXAMPLES + +### Example 1: Add a connection group +``` +PS C:\> Add-AppvClientConnectionGroup -Path "C:\MyApps\MyGroup.xml" +``` + +This command adds the connection group file to the computer from the path provided. + +## PARAMETERS + +### -Path +Specifies the App-V connection group definition file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: PSPath + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## NOTES + +## RELATED LINKS + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Add-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Add-AppvClientPackage.md new file mode 100644 index 0000000000..cdc729c963 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Add-AppvClientPackage.md @@ -0,0 +1,121 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/add-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppvClientPackage +--- + +# Add-AppvClientPackage + +## SYNOPSIS +Adds a package to a computer running the App-V client. + +## SYNTAX + +``` +Add-AppvClientPackage [-Path] [[-DynamicDeploymentConfiguration] ] [] +``` + +## DESCRIPTION +The **Add-AppvClientPackage** cmdlet adds a new package to a computer that runs the Microsoft Application Virtualization (App-V) client. +You can also upgrade an existing package running on a computer that runs the App-V client. +The newly added package or package version is registered with the App-V client. + +If the package already exists on the computer, but the package to be added is a different version, the new version is added. +Existing versions remain unchanged. + +## EXAMPLES + +### Example 1: Add a package to the client +``` +PS C:\> Add-AppvClientPackage -Path "http://MyServer/content/package.APPV" +``` + +This command adds a new package to the client computer. +If the package is a different version of an already existing package, the App-V agent adds this new version, but does not modify any existing versions. +Since no computer policy is provided, the package receives the default computer policy. + +### Example 2: Add a package with a configuration file +``` +PS C:\> Add-AppvClientPackage -Path "http://MyServer/content/package.appv" -DynamicDeploymentConfiguration "C:\MyConfigfiles\DynamicDeploymentConfig.xml" +``` + +This command adds a package with a Dynamic Deployment Configuration file. + +### Example 3: Add a package to the client and store the result +``` +PS C:\> $Package = Add-AppvClientPackage -Path "http://MyServer/content/package.APPV" +``` + +This command adds a new package to the client and assigns the resulting **AppvClientPackage** object to the variable $Package. + +## PARAMETERS + +### -DynamicDeploymentConfiguration +Specifies the path of a dynamic deployment configuration file for the specified App-V package to be added. +The cmdlet uses the dynamic deployment configuration file to override the default configuration provided in the package manifest. + +If you do not specify this parameter, the App-V client assigns the default computer policy to the App-V package to be added. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the location of the .appv file that contains the package to be added. +This value can be a local directory, a network directory, or an HTTP or HTTPS URL. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: PSPath + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES + +## RELATED LINKS + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Add-AppvPublishingServer.md b/docset/winserver2025-ps/appvclient/Add-AppvPublishingServer.md new file mode 100644 index 0000000000..37312fdaae --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Add-AppvPublishingServer.md @@ -0,0 +1,211 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/add-appvpublishingserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppvPublishingServer +--- + +# Add-AppvPublishingServer + +## SYNOPSIS +Adds a publishing server for the computer that runs the App-V client. + +## SYNTAX + +``` +Add-AppvPublishingServer [-Name] [-URL] [[-GlobalRefreshEnabled] ] + [[-GlobalRefreshOnLogon] ] [[-GlobalRefreshInterval] ] + [[-GlobalRefreshIntervalUnit] ] [[-UserRefreshEnabled] ] + [[-UserRefreshOnLogon] ] [[-UserRefreshInterval] ] + [[-UserRefreshIntervalUnit] ] [] +``` + +## DESCRIPTION +The **Add-AppvPublishingServer** cmdlet adds a new publishing server for the computer that runs the Microsoft Application Virtualization (App-V) client to connect to. +After the server has been added, the computer that runs the App-V client can use the server to obtain publishing refresh data, stream packages, and perform other operations. + +## EXAMPLES + + +## PARAMETERS + +### -GlobalRefreshEnabled +Specifies whether to turn on the refreshing of the publishing server for all packages that are published globally. +You can set the refresh to be at the time of logon or on a defined time interval. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshInterval +Specifies the time interval for the refresh of globally published packages. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshIntervalUnit +Specifies the unit of time measurement. +The acceptable values for this parameter are: day and hour. + +```yaml +Type: IntervalUnit +Parameter Sets: (All) +Aliases: +Accepted values: Hour, Day + +Required: False +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshOnLogon +Specifies whether a refresh of all packages published to globally occurs every time that a user logs into the target computer. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the publishing server. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -URL +Specifies the URL path of the App-V publishing server. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshEnabled +Specifies whether to turn on the refreshing of the publishing server for all packages that are published to the user. +The refresh can be set to be at the time of logon or on a defined time interval. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshInterval +Specifies the time interval for refreshes of user-published packages. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 8 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshIntervalUnit +Specifies the unit of time measurement. +The acceptable values for this parameter are: day and hour. + +```yaml +Type: IntervalUnit +Parameter Sets: (All) +Aliases: +Accepted values: Hour, Day + +Required: False +Position: 9 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshOnLogon +Specifies whether a refresh of all packages published to the user occurs every time that a user logs into the target computer. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppvAgent.AppvPublishingServer + +## NOTES + +## RELATED LINKS + +[Get-AppvPublishingServer](./Get-AppvPublishingServer.md) + +[Remove-AppvPublishingServer](./Remove-AppvPublishingServer.md) + +[Set-AppvPublishingServer](./Set-AppvPublishingServer.md) + +[Sync-AppvPublishingServer](./Sync-AppvPublishingServer.md) + diff --git a/docset/winserver2025-ps/appvclient/AppvClient.md b/docset/winserver2025-ps/appvclient/AppvClient.md new file mode 100644 index 0000000000..e79c3b7ceb --- /dev/null +++ b/docset/winserver2025-ps/appvclient/AppvClient.md @@ -0,0 +1,116 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 596d7b43-928b-44d4-89e7-17d34740ecc2 +Module Name: AppvClient +ms.date: 12/20/2016 +title: AppvClient +--- + +# AppvClient Module +## Description +The following list contains links to the help topics for the Microsoft Application Virtualization (App-V) Client cmdlets. + +## AppvClient Cmdlets +### [Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) +Creates a composition of multiple packages. + +### [Add-AppvClientPackage](./Add-AppvClientPackage.md) +Adds a package to a computer running the App-V client. + +### [Add-AppvPublishingServer](./Add-AppvPublishingServer.md) +Adds a publishing server for the computer that runs the App-V client. + +### [Disable-Appv](./Disable-Appv.md) +Disables the App-V service. + +### [Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) +Disables a connection group on the computer running the App-V client. + +### [Enable-Appv](./Enable-Appv.md) +Enables the App-V service. + +### [Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) +Enables a running connection group on the computer running the App-V client. + +### [Get-AppvClientApplication](./Get-AppvClientApplication.md) +Returns applications that are part of App-V Client Packages. + +### [Get-AppvClientConfiguration](./Get-AppvClientConfiguration.md) +Returns the configuration for the App-V client. + +### [Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) +Returns an App-V connection group object. + +### [Get-AppvClientMode](./Get-AppvClientMode.md) +Displays the mode for the App-V Client. + +### [Get-AppvClientPackage](./Get-AppvClientPackage.md) +Returns App-V Client Packages. + +### [Get-AppvPublishingServer](./Get-AppvPublishingServer.md) +Returns App-V Server objects. + +### [Get-AppvStatus](./Get-AppvStatus.md) +Gets the status of the App-V service. + +### [Get-AppvVirtualProcess](./Get-AppvVirtualProcess.md) +Displays the virtual processes running on a computer. + +### [Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) +Streams the contents of packages to the local disk. + +### [Mount-AppvClientPackage](./Mount-AppvClientPackage.md) +Loads a package into the App-V cache. + +### [Publish-AppvClientPackage](./Publish-AppvClientPackage.md) +Publishes the App-V package. + +### [Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) +Deletes an App-V connection group on the client. + +### [Remove-AppvClientPackage](./Remove-AppvClientPackage.md) +Removes the package from a computer. + +### [Remove-AppvPublishingServer](./Remove-AppvPublishingServer.md) +Removes an App-V publishing server. + +### [Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) +Resets the user package settings for the connection group. + +### [Repair-AppvClientPackage](./Repair-AppvClientPackage.md) +Resets the user settings of a package. + +### [Send-AppvClientReport](./Send-AppvClientReport.md) +Sends reporting data from the client. + +### [Set-AppvClientConfiguration](./Set-AppvClientConfiguration.md) +Applies configuration settings to the App-V Client. + +### [Set-AppvClientMode](./Set-AppvClientMode.md) +Sets the mode in which the client runs. + +### [Set-AppvClientPackage](./Set-AppvClientPackage.md) +Configures an App-V Client Package. + +### [Set-AppvPublishingServer](./Set-AppvPublishingServer.md) +Modifies properties of an App-V Publishing Server. + +### [Start-AppvVirtualProcess](./Start-AppvVirtualProcess.md) +Starts a virtual process. + +### [Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) +Shuts down the shared virtual environment of a connection group. + +### [Stop-AppvClientPackage](./Stop-AppvClientPackage.md) +Shuts down virtual environments for specified packages. + +### [Sync-AppvPublishingServer](./Sync-AppvPublishingServer.md) +Initiates the App-V Publishing Refresh operation. + +### [Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) +Removes the extension points for packages. + + diff --git a/docset/winserver2025-ps/appvclient/Disable-Appv.md b/docset/winserver2025-ps/appvclient/Disable-Appv.md new file mode 100644 index 0000000000..fad3748bba --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Disable-Appv.md @@ -0,0 +1,53 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/disable-appv?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-Appv +--- + +# Disable-Appv + +## SYNOPSIS +Disables the App-V service. + +## SYNTAX + +``` +Disable-Appv [] +``` + +## DESCRIPTION +The **Disable-Appv** cmdlet disables the Microsoft Application Virtualization (App-V) service on Windows 10 Anniversary Edition computers. +This cmdlet disables the download of all App-V apps from App-V Server or Configuration Manager. +If this cmdlet succeeds, it returns a message. +You must restart the computer for the change to take effect. + +## EXAMPLES + +### Example 1: Disable the App-V service +``` +PS C:\> Disable-Appv +``` + +This command disables the App-V service. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Enable-Appv](./Enable-Appv.md) + +[Get-AppvStatus](./Get-AppvStatus.md) + diff --git a/docset/winserver2025-ps/appvclient/Disable-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Disable-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..be39b8a2ba --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Disable-AppvClientConnectionGroup.md @@ -0,0 +1,186 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/disable-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-AppvClientConnectionGroup +--- + +# Disable-AppvClientConnectionGroup + +## SYNOPSIS +Disables a connection group on the computer running the App-V client. + +## SYNTAX + +### ByGuid (Default) +``` +Disable-AppvClientConnectionGroup [-Global] [-UserSID ] [-GroupId] [-VersionId] + [] +``` + +### ByName +``` +Disable-AppvClientConnectionGroup [-Global] [-UserSID ] [-Name] [] +``` + +### ByConnectionGroup +``` +Disable-AppvClientConnectionGroup [-Global] [-UserSID ] [-ConnectionGroup] + [] +``` + +## DESCRIPTION +The **Disable-AppvClientConnectionGroup** cmdlet disables an already existing connection group on the computer that runs the Microsoft Application Virtualization (App-V) client. + +## EXAMPLES + +### Example 1: Disable a connection group by using its name +``` +PS C:\> Disable-AppvClientConnectionGroup -Name "MyGroup" +``` + +This command disables the connection group named MyGroup. + +### Example 2: Disable a connection group by using its ID +``` +PS C:\> Disable-AppvClientConnectionGroup -GroupID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182 +``` + +This command disables the connection group that has the group ID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182. + +### Example 3: Disable all connection groups by names that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Disable-AppvClientConnectionGroup +``` + +This command gets all the connection groups that have the string MyGr in the name, and then disables them. + +## PARAMETERS + +### -ConnectionGroup +Specifies an App-V Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Global +Indicates that this cmdlet disables the connection group is disabled for all users that log into the target computer. +Otherwise, it disables the connection group only for the currently running user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupId +Specifies the GUID associated with a specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V connection group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserSID +Specifies the SID of the intended user, in the form of S-1-2-34-56789012-3456789012-345678901-2345. +This parameter requires elevated rights to run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates the connection group version from other versions. +If you do not specify this parameter, the cmdlet operates on all versions of the connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns the following error: The action could not be performed due to current App-V permissions. Please modify the permissions and try the operation again. +* If the disable operation fails, the cmdlet returns the following error: The disable operation could not be completed. An error code is returned. +* If any package in the specified group is running, the connection group will not be disabled until all packages in the new group are shutdown. The cmdlet will still return success as long as the file is valid. +* If the cmdlet cannot find the connection group, the cmdlet returns the following error: The specified connection group could not be found on the target system. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Enable-Appv.md b/docset/winserver2025-ps/appvclient/Enable-Appv.md new file mode 100644 index 0000000000..002a6899f7 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Enable-Appv.md @@ -0,0 +1,53 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/enable-appv?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-Appv +--- + +# Enable-Appv + +## SYNOPSIS +Enables the App-V service. + +## SYNTAX + +``` +Enable-Appv [] +``` + +## DESCRIPTION +The **Enable-Appv** cmdlet enables the Microsoft Application Virtualization (App-V) service on computers running at least Windows 10 Anniversary Edition (version 1607) . +If this cmdlet succeeds, it returns a message. + +Before you enable the App-V service, configure App-V service settings by using Windows PowerShell or Group Policy. + +## EXAMPLES + +### Example 1: Enable the service +``` +PS C:\> Enable-Appv +``` + +This command enables the App-V service. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-Appv](./Disable-Appv.md) + +[Get-AppvStatus](./Get-AppvStatus.md) + diff --git a/docset/winserver2025-ps/appvclient/Enable-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Enable-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..392919da55 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Enable-AppvClientConnectionGroup.md @@ -0,0 +1,186 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/enable-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-AppvClientConnectionGroup +--- + +# Enable-AppvClientConnectionGroup + +## SYNOPSIS +Enables a running connection group on the computer running the App-V client. + +## SYNTAX + +### ByGuid (Default) +``` +Enable-AppvClientConnectionGroup [-Global] [-UserSID ] [-GroupId] [-VersionId] + [] +``` + +### ByName +``` +Enable-AppvClientConnectionGroup [-Global] [-UserSID ] [-Name] [] +``` + +### ByConnectionGroup +``` +Enable-AppvClientConnectionGroup [-Global] [-UserSID ] [-ConnectionGroup] + [] +``` + +## DESCRIPTION +The **Enable-AppvClientConnectionGroup** cmdlet enables a connection group to the computer that runs the Microsoft Application Virtualization (App-V) client. + +## EXAMPLES + +### Example 1: Enable a connection group by using its name +``` +PS C:\> Enable-AppvClientConnectionGroup -Name "MyGroup" -Global +``` + +This command enables the connection group named MyGroup to all users on the computer. + +### Example 2: Enable a connection group by using its ID +``` +PS C:\> Enable-AppvClientConnectionGroup -GroupID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182 +``` + +This command enables the connection group that has the group ID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182. + +### Example 3: Enable all connection groups by names that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Enable-AppvClientConnectionGroup +``` + +This command finds all connection groups that have the string MyGr in the name, and then enables them. + +## PARAMETERS + +### -ConnectionGroup +Specifies an App-V Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Global +Indicates that this cmdlet enables the connection group is disabled for all users that log into the target computer. +Otherwise, it enables the connection group only for the currently running user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupId +Specifies the ID associated with a connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V connection group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserSID +Specifies the SID of the intended user, in the form of S-1-2-34-56789012-3456789012-345678901-2345. +This parameter requires elevated rights to run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a connection group version from other versions. +If you do not specify this parameter, the cmdlet operates on all versions of the connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns the following error: The action could not be performed due to current App-V permissions. Please modify the permissions and try the operation again. +* If the enable operation fails, the cmdlet returns the following error: The enable operation could not be completed. An error code is returned. +* If any package in the specified group is running, the connection group will not be enabled until all packages in the new group are shutdown. The cmdlet will still return success as long as the file is valid. +* If the cmdlet cannot find the connection group, the cmdlet returns an error stating The specified connection group could not be found on the target system. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvClientApplication.md b/docset/winserver2025-ps/appvclient/Get-AppvClientApplication.md new file mode 100644 index 0000000000..c91a3b2b5f --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvClientApplication.md @@ -0,0 +1,104 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvclientapplication?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvClientApplication +--- + +# Get-AppvClientApplication + +## SYNOPSIS +Returns applications that are part of App-V Client Packages. + +## SYNTAX + +``` +Get-AppvClientApplication [[-Name] ] [[-Version] ] [-All] [] +``` + +## DESCRIPTION +The **Get-AppvClientApplication** cmdlet returns a set of applications that are part of Microsoft Application Virtualization (App-V) Client Packages, based on the criteria provided. + +## EXAMPLES + +### Example 1: Get a version of an application for the current user +``` +PS C:\> Get-AppvClientApplication -Name "AppName" -Version 1 +``` + +This command gets the application on the client that is published to the user and has the name AppName and is version 1. + +### Example 2: Get all applications +``` +PS C:\> Get-AppvClientApplication -All +``` + +This command gets all of the applications on the client. + +## PARAMETERS + +### -All +Indicates that the cmdlet returns all applications that have been added to the computer, not just those that are visible to the current user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the application. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of the application. +If you do not specify this parameter, the cmdlet operates on all available versions of the applications on the target computer. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvClientApplication + +## NOTES + +## RELATED LINKS + +[Get-AppvClientConfiguration](./Get-AppvClientConfiguration.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvClientConfiguration.md b/docset/winserver2025-ps/appvclient/Get-AppvClientConfiguration.md new file mode 100644 index 0000000000..15b8d391bc --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvClientConfiguration.md @@ -0,0 +1,80 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvclientconfiguration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvClientConfiguration +--- + +# Get-AppvClientConfiguration + +## SYNOPSIS +Returns the configuration for the App-V client. + +## SYNTAX + +``` +Get-AppvClientConfiguration [[-Name] ] [] +``` + +## DESCRIPTION +The **Get-AppvClientConfiguration** cmdlet returns an object that contains all of the settings and permissions for the Microsoft Application Virtualization (App-V) client. +These settings include both App-V client settings and permissions. + +If a particular setting is specified, the cmdlet returns the value for that setting. + +## EXAMPLES + +### Example 1: Display all configuration settings +``` +PS C:\> Get-AppvClientConfiguration +``` + +This command displays all of the App-V Client Configuration settings. + +### Example 2: Display a single configuration setting +``` +PS C:\> Get-AppvClientConfiguration -Name "PackageSourceRoot" +``` + +This command displays the value of the **PackageSourceRoot** setting. + +## PARAMETERS + +### -Name +Specifies the name of a setting. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvClientConfiguration +The cmdlet returns an **AppvClientConfiguration** object, if you do not specify the *Name* parameter. +The object is displayed as a two column table. +The first column contains the specific configuration and the second column contains the associated current value. + +If you specify *Name*, the cmdlet returns the same two column table, but only for the configuration requested. + +## NOTES + +## RELATED LINKS + +[Set-AppvClientConfiguration](./Set-AppvClientConfiguration.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Get-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..8a9f2fef82 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvClientConnectionGroup.md @@ -0,0 +1,144 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvClientConnectionGroup +--- + +# Get-AppvClientConnectionGroup + +## SYNOPSIS +Returns an App-V connection group object. + +## SYNTAX + +### ByName (Default) +``` +Get-AppvClientConnectionGroup [[-Name] ] [-All] [] +``` + +### ByGuid +``` +Get-AppvClientConnectionGroup [-GroupId] [[-VersionId] ] [-All] [] +``` + +## DESCRIPTION +The **Get-AppvClientConnectionGroup** cmdlet returns a specific Microsoft Application Virtualization (App-V) connection group object. + +## EXAMPLES + +### Example 1: Get all versions of a group by name +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyConnectionGroup" +``` + +This command gets all versions of the enabled connection groups named MyConnectionGroup. + +### Example 2: Get a connection group by using its ID +``` +PS C:\> Get-AppvClientConnectionGroup -GroupID 793afd37-bd68-4ea1-859a-669f6afd0aa8 +``` + +This command gets the enabled connection group that has the group ID of 793afd37-bd68-4ea1-859a-669f6afd0aa8. + +### Example 3: Get all connection groups +``` +PS C:\> Get-AppvClientConnectionGroup -All +``` + +This command gets all of the connection groups on the computer. + +## PARAMETERS + +### -All +Indicates that the cmdlet returns all connection groups that have been added to the computer, not just those that are enabled to the current user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupId +Specifies the GUID of specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V Connection Group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvClientConnectionGroup + +## NOTES +* The cmdlet returns an error if the name of the specified App-V connection group cannot be found on the target computer. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvClientMode.md b/docset/winserver2025-ps/appvclient/Get-AppvClientMode.md new file mode 100644 index 0000000000..49433eb46b --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvClientMode.md @@ -0,0 +1,46 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvclientmode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvClientMode +--- + +# Get-AppvClientMode + +## SYNOPSIS +Displays the mode for the App-V Client. + +## SYNTAX + +``` +Get-AppvClientMode [] +``` + +## DESCRIPTION +The **Get-AppvClientMode** cmdlet displays the mode to which the Microsoft Application Virtualization (App-V) Client is currently. +The valid values are Normal and Uninstall. + +## EXAMPLES + + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvClientMode +This cmdlet generates **AppvClientMode** object that describes the current App-V Client mode, either Normal or Uninstall. + +## NOTES + +## RELATED LINKS + +[Set-AppvClientMode](./Set-AppvClientMode.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Get-AppvClientPackage.md new file mode 100644 index 0000000000..e5ad581547 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvClientPackage.md @@ -0,0 +1,168 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvClientPackage +--- + +# Get-AppvClientPackage + +## SYNOPSIS +Returns App-V Client Packages. + +## SYNTAX + +### ByName (Default) +``` +Get-AppvClientPackage [[-Name] ] [[-Version] ] [-All] [] +``` + +### ByGuid +``` +Get-AppvClientPackage [-PackageId] [[-VersionId] ] [-All] [] +``` + +## DESCRIPTION +The **Get-AppvClientPackage** cmdlet returns a set of Microsoft Application Virtualization (App-V) Client Packages based on the criteria provided. + +## EXAMPLES + +### Example 1: Get packages that have names that match a string +``` +PS C:\> Get-AppvClientPackage -Name "MyApp*" -All +``` + +This command gets the set of packages that have names that start with the string MyApp. + +### Example 2: Get a specific version of a package by name +``` +PS C:\> Get-AppvClientPackage -Name "MyApp" -Version 4 +``` + +This command gets the version 4 of the package named MyApp. + +### Example 3: Get a package by using its package ID +``` +PS C:\> Get-AppvClientPackage -PackageID 793afd37-bd68-4ea1-859a-669f6afd0aa8 +``` + +This command gets the package with the package ID of 793afd37-bd68-4ea1-859a-669f6afd0aa8. + +## PARAMETERS + +### -All +Indicates that the cmdlet uses the set of all packages added to the computers as the searchable set. +If not provided, the cmdlet only uses packages that are entitled to the current user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageId +Specifies the GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the App-V Sequencer. +The package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in one specific lineage. +If you do not specify this parameter, the cmdlet operates on available versions of the package on the target computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies the GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do specify this parameter, the cmdlet operates on all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvClientPackage + +## NOTES +* If you do not specify any parameters, the cmdlet returns a set of all packages on the computer. +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns the following error: The action could not be performed due to current App-V permissions. Please modify the permissions and try the operation again. +* If the cmdlet cannot find the package, the cmdlet returns the following error: The specified package(s) could not be found. An error code is returned. + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvPublishingServer.md b/docset/winserver2025-ps/appvclient/Get-AppvPublishingServer.md new file mode 100644 index 0000000000..03f6de47ed --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvPublishingServer.md @@ -0,0 +1,117 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvpublishingserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvPublishingServer +--- + +# Get-AppvPublishingServer + +## SYNOPSIS +Returns App-V Server objects. + +## SYNTAX + +### ByServerId (Default) +``` +Get-AppvPublishingServer [[-ServerId] ] [] +``` + +### ByNameUrl +``` +Get-AppvPublishingServer [[-Name] ] [[-URL] ] [] +``` + +## DESCRIPTION +The **Get-AppvPublishingServer** cmdlet returns a Microsoft Application Virtualization (App-V) Server object or set of App-V Server objects based on the criteria provided. + +## EXAMPLES + +### Example 1: Get servers by friendly name +``` +PS C:\> Get-AppvPublishingServer -Name "Server*" +``` + +This command gets all publishing servers that have friendly names that start with the string Server. + +### Example 2: Get servers by server ID name +``` +PS C:\> Get-AppvPublishingServer -ServerId 1 +``` + +This command gets the publishing server that has the specified ID. + +## PARAMETERS + +### -Name +Specifies the name of the App-V publishing server. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServerId +Specifies the unique identifier of the App-V Publishing Server. + +```yaml +Type: UInt32 +Parameter Sets: ByServerId +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -URL +Specifies the URL path of the App-V Publishing server. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.AppV.AppvClientPowerShell.AppvPublishingServer + +## NOTES +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns the following error: The action could not be performed due to current App-V permissions. Please modify the permissions and try the operation again. +* If the get operation fails, the cmdlet returns the following error: The get operation could not be completed. An error code is returned. +* If the cmdlet cannot find the servers, the cmdlet returns the following error: The specified App-V publishing server(s) could not be found. An error code is returned. + +## RELATED LINKS + +[Add-AppvPublishingServer](./Add-AppvPublishingServer.md) + +[Remove-AppvPublishingServer](./Remove-AppvPublishingServer.md) + +[Set-AppvPublishingServer](./Set-AppvPublishingServer.md) + +[Sync-AppvPublishingServer](./Sync-AppvPublishingServer.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvStatus.md b/docset/winserver2025-ps/appvclient/Get-AppvStatus.md new file mode 100644 index 0000000000..e6c25bb458 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvStatus.md @@ -0,0 +1,51 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvstatus?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvStatus +--- + +# Get-AppvStatus + +## SYNOPSIS +Gets the status of the App-V service. + +## SYNTAX + +``` +Get-AppvStatus [] +``` + +## DESCRIPTION +The **Get-AppvStatus** cmdlet gets the status of the Microsoft Application Virtualization (App-V) service. +This cmdlet returns a value of $True or $False for whether App-V is enabled and whether a restart is required. + +## EXAMPLES + +### Example 1: Get status +``` +PS C:\> Get-AppvStatus +``` + +This command gets the status of the App-V service. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Disable-Appv](./Disable-Appv.md) + +[Enable-Appv](./Enable-Appv.md) + diff --git a/docset/winserver2025-ps/appvclient/Get-AppvVirtualProcess.md b/docset/winserver2025-ps/appvclient/Get-AppvVirtualProcess.md new file mode 100644 index 0000000000..18676a902e --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Get-AppvVirtualProcess.md @@ -0,0 +1,169 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: AppVClientCmdlets-help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/get-appvvirtualprocess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppvVirtualProcess +--- + +# Get-AppvVirtualProcess + +## SYNOPSIS +Displays the virtual processes running on a computer. + +## SYNTAX + +### Name (Default) +``` +Get-AppvVirtualProcess [[-Name] ] [-ComputerName ] [-Module] [-FileVersionInfo] + [] +``` + +### Id +``` +Get-AppvVirtualProcess -Id [-ComputerName ] [-Module] [-FileVersionInfo] + [] +``` + +### InputObject +``` +Get-AppvVirtualProcess [-ComputerName ] [-Module] [-FileVersionInfo] -InputObject + [] +``` + +## DESCRIPTION +The **Get-AppvVirtualProcess** cmdlet displays each of the virtual processes that are running on a computer. + +## EXAMPLES + +### Example 1: Display all active virtual processes +``` +PS C:\> Get-AppvVirtualProcess +``` + +This command displays all active virtual processes. + +### Example 2: Display file information for a virtual process +``` +PS C:\> Get-AppvVirtualProcess -Name "myVirtualProcess" -FileVersionInfo +``` + +This command displays file information for the process named myVirtualProcess. + +### Example 3: Display file information for a virtual process by using the pipeline operator +``` +PS C:\> Get-Process -Name "myVirtualProcess" | Get-AppvVirtualProcess -FileVersionInfo +``` + +This command displays file information for the process named myVirtualProcess. + +## PARAMETERS + +### -ComputerName +Specifies an array of computer names. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -FileVersionInfo +Indicates that this cmdlet returns the **ProductVersion**, **FileVersion** and un-virtualized **Filename** for each **ProcessName**. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: FV, FVI + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Id +Specifies the Virtual Process ID. + +```yaml +Type: Int32[] +Parameter Sets: Id +Aliases: PID + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +Specifies the input to this cmdlet. +You can use this parameter, or you can pipe the input to this cmdlet. + +```yaml +Type: Process[] +Parameter Sets: InputObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Module +Specifies a module. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of a process, which is also known as **ProcessName**. + +```yaml +Type: String[] +Parameter Sets: Name +Aliases: ProcessName + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Diagnosis.Process + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Start-AppvVirtualProcess](./Start-AppvVirtualProcess.md) + diff --git a/docset/winserver2025-ps/appvclient/Mount-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Mount-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..91cfd933fc --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Mount-AppvClientConnectionGroup.md @@ -0,0 +1,151 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/mount-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Mount-AppvClientConnectionGroup +--- + +# Mount-AppvClientConnectionGroup + +## SYNOPSIS +Streams the contents of packages to the local disk. + +## SYNTAX + +### ByGuid (Default) +``` +Mount-AppvClientConnectionGroup [-GroupId] [-VersionId] [] +``` + +### ByName +``` +Mount-AppvClientConnectionGroup [-Name] [] +``` + +### ByConnectionGroup +``` +Mount-AppvClientConnectionGroup [-ConnectionGroup] [] +``` + +## DESCRIPTION +The **Mount-AppvClientConnectionGroup** cmdlet streams the contents of all packages in a connection group to the local disk. + +## EXAMPLES + +### Example 1: Download packages for a named group +``` +PS C:\> Mount-AppvClientConnectionGroup -Name "MyGroup" +``` + +This command downloads all packages that are part of the enabled connection group named MyGroup. + +### Example 2: Download packages for a group by using group ID +``` +PS C:\> Mount-AppvClientConnectionGroup -GroupID 793afd37-bd68-4ea1-859a-669f6afd0aa8 +``` + +This cmdlet downloads all the packages that are part of the enabled connection group that has the group ID 793afd37-bd68-4ea1-859a-669f6afd0aa8. + +### Example 3: Download packages for groups that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Mount-AppvClientConnectionGroup +``` + +This command gets all enabled connection groups that have the string MyGr in the name, and then downloads all of the packages in those connection groups. + +## PARAMETERS + +### -ConnectionGroup +Specifies the Microsoft Application Virtualization (App-V) Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -GroupId +Specifies the group ID of specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V Connection Group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies the GUID that differentiates a Connection Group version from other versions. +If you do not specify this parameter, the cmdlet operates on all versions of the connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES +* If a previous load has been canceled, the cmdlet resumes that load when it is run again. The package will be added to the system before loading. Otherwise the cmdlet fails. If you do not specify any parameters, the cmdlet loads all packages on the system. +* The cmdlet is synchronous. It returns when the load option has completed. To make the cmdlet asynchronous, use the **Start-Job** cmdlet. +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns an error. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Mount-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Mount-AppvClientPackage.md new file mode 100644 index 0000000000..48bdbda09d --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Mount-AppvClientPackage.md @@ -0,0 +1,202 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/mount-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Mount-AppvClientPackage +--- + +# Mount-AppvClientPackage + +## SYNOPSIS +Loads a package into the App-V cache. + +## SYNTAX + +### ByGuid (Default) +``` +Mount-AppvClientPackage [-Cancel] [-PackageId] [-VersionId] [] +``` + +### ByPackage +``` +Mount-AppvClientPackage [-Cancel] [-Package] [] +``` + +### ByName +``` +Mount-AppvClientPackage [-Name] [[-Version] ] [] +``` + +## DESCRIPTION +The **Mount-AppvClientPackage** cmdlet initiates or resumes the loading of a Microsoft Application Virtualization (App-V) package into the cache. + +## EXAMPLES + +### Example 1: Get a specific version of a package +``` +PS C:\> Mount-AppvClientPackage -Name "MyApp" -Version 2 +``` + +This command downloads the version 2 of the package named MyApp. + +### Example 2: Get all versions of a package +``` +PS C:\> Mount-AppvClientPackage -Name "MyApp" +``` + +This command downloads the all versions of the package named MyApp. + +### Example 3: Download all packages that match a string +``` +PS C:\> Get-AppvClientPackage -Name "My*" | Mount-AppvClientPackage +``` + +This command gets all packages that have the string My in the name, and then downloads them. + +### Example 4: Download and publish a new package +``` +PS C:\> Add-AppvClientPackage -Path "http://MyServer/content/package.Appv" | Mount-AppvClientPackage | Publish-AppvClientPackage -Global +``` + +This command adds the package from the path specified, downloads it, and then publishes it to all users on the computer. + +### Example 5: Cancel a download +``` +PS C:\> Mount-AppvClientPackage -Name "MyApp" -Cancel +``` + +This command cancels the download of the package name MyApp. + +## PARAMETERS + +### -Cancel +Indicates that the cmdlet stops the loading of a package. + +```yaml +Type: SwitchParameter +Parameter Sets: ByGuid, ByPackage +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies a GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the App-V Sequencer. +The package IDs are shared by all versions of a specific package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in one lineage. +If you do not specify this parameter, the cmdlet operates on all versions on the computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES +* If a previous mount has been canceled, the cmdlet resumes that mount when it is run again. The package must be added to the system before mounting. Otherwise the cmdlet fails. If you do not specify any parameters, the cmdlet mounts all packages on the system. +* This cmdlet is synchronous. It returns when the mount option has completed. To make the cmdlet asynchronous, use the **Start-Job** cmdlet. + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Publish-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Publish-AppvClientPackage.md new file mode 100644 index 0000000000..9fa3432692 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Publish-AppvClientPackage.md @@ -0,0 +1,254 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/publish-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Publish-AppvClientPackage +--- + +# Publish-AppvClientPackage + +## SYNOPSIS +Publishes the App-V package. + +## SYNTAX + +### ByGuid (Default) +``` +Publish-AppvClientPackage [-Global] [-UserSID ] [[-DynamicUserConfigurationPath] ] + [-DynamicUserConfigurationType ] [-PackageId] [-VersionId] + [] +``` + +### ByPackage +``` +Publish-AppvClientPackage [-Global] [-UserSID ] [[-DynamicUserConfigurationPath] ] + [-DynamicUserConfigurationType ] [-Package] [] +``` + +### ByName +``` +Publish-AppvClientPackage [-Global] [-UserSID ] [[-DynamicUserConfigurationPath] ] + [-DynamicUserConfigurationType ] [-Name] [[-Version] ] + [] +``` + +## DESCRIPTION +The **Publish-AppvClientPackage** cmdlet publishes the appropriate extension points of a set of Microsoft Application Virtualization (App-V) packages. +Examples of common extension points include shortcuts and FTAs. +You can publish the package to the current user or to all users that log into the targeted computer. +You can also provide a Dynamic User Configuration file for the package. + +## EXAMPLES + +### Example 1: Publish a version of a package to all users +``` +PS C:\> Publish-AppvClientPackage -Name "MyApp" -Version 1 -Global -DynamicUserConfiguration "C:\content\policies\MyApp.policy" +``` + +This command publishes version 1 of the package named MyApp to all users on the computer and applies the Dynamic User Configuration policy file. + +### Example 2: Publish a version of a package to a user +``` +PS C:\> Publish-AppvClientPackage -Name "MyApp" -Version 1 -UserPolicy "C:\content\policies\MyAppConfiguration.xml" +``` + +This command publishes version 1 of the package named "MyApp" to the user and applies the Dynamic User Configuration policy file. + +### Example 3: Publish the latest version of a package to all users +``` +PS C:\> Publish-AppvClientPackage -Name "MyApp" -Global +``` + +This command publishes the package named MyApp to all users on the computer. + +## PARAMETERS + +### -DynamicUserConfigurationPath +Specifies the path of a Dynamic User configuration file for the specified App-V package to be added. +The cmdlet uses the Dynamic User Configuration file to override the default behavior provided in the user section of the package manifest or the Dynamic Deployment Configuration. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DynamicUserConfigurationType +Specifies what should be done without a defined dynamic user configuration file. +The acceptable values for this parameter are: + +- UseDeploymentConfiguration. +The package uses the user configuration part of deployment configuration. +- UseNoConfiguration. +Clear any previous configuration and use settings from the manifest. +- UseExistingConfiguration. +Make no changes to the configuration and use the last published configuration. + +If you do not specify this parameter, this cmdlet uses UseExistingConfiguration if the package is already published or UseDeploymentConfiguration if it is not. + +Use this parameter only during user publishing. +It is not valid for global publish. + +```yaml +Type: DynamicUserConfiguration +Parameter Sets: (All) +Aliases: +Accepted values: UseDeploymentConfiguration, UseNoConfiguration, UseExistingConfiguration + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Global +Indicates that the provided package is published to all users that log into the targeted computer. +Otherwise, the packages are only published to the currently running user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the package given when it was sequenced. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies a GUID that identifies the package. +The information can be found in the package manifest or by opening the package in the App-V sequencer. +The package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserSID +Specifies the SID of the intended user, in the form of S-1-2-34-56789012-3456789012-345678901-2345. +This parameter requires elevated rights to run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in a lineage. +If you do not specify this parameter, the cmdlet operates on the latest of the package on the computer running the App-V client. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions. +If you do not specify this parameter, the cmdlet operates on the latest version of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Remove-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Remove-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..e276846539 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Remove-AppvClientConnectionGroup.md @@ -0,0 +1,153 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/remove-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppvClientConnectionGroup +--- + +# Remove-AppvClientConnectionGroup + +## SYNOPSIS +Deletes an App-V connection group on the client. + +## SYNTAX + +### ByGuid (Default) +``` +Remove-AppvClientConnectionGroup [-GroupId] [-VersionId] [] +``` + +### ByName +``` +Remove-AppvClientConnectionGroup [-Name] [] +``` + +### ByConnectionGroup +``` +Remove-AppvClientConnectionGroup [-ConnectionGroup] [] +``` + +## DESCRIPTION +The **Remove-AppvClientConnectionGroup** cmdlet deletes an existing Microsoft Application Virtualization (App-V) connection group on the client. +All packages that were in the group are separated. + +## EXAMPLES + +### Example 1: Remove a named connection group +``` +PS C:\> Remove-AppvClientConnectionGroup -Name "MyGroup" +``` + +This command removes the connection group named MyGroup from the computer. + +### Example 2: Remove a connection group by using its ID +``` +PS C:\> Remove-AppvClientConnectionGroup -GroupID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182 +``` + +This command removes the connection group that has the group ID 35ec9e5f-ab21-463f-8fe6-b90d4b66d182. + +### Example 3: Remove all connection groups that have names that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Remove-AppvClientConnectionGroup +``` + +This command finds any connection group that has the string MyGr in the name, and then removes them from the computer. + +## PARAMETERS + +### -ConnectionGroup +Specifies an App-V Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -GroupId +Specifies the GUID of specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V Connection Group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies the GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES +* If any packages in the group are still running, the cmdlet returns an error. +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns an error. +* If the remove operation fails, the cmdlet returns the following error: The remove operation could not be completed. An error code is returned. +* If any package in the specified group is running, the connection group is not removed until all packages in the new group are shutdown. The cmdlet still returns success as long as the file is valid. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Remove-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Remove-AppvClientPackage.md new file mode 100644 index 0000000000..a74f6eb8a5 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Remove-AppvClientPackage.md @@ -0,0 +1,163 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/remove-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppvClientPackage +--- + +# Remove-AppvClientPackage + +## SYNOPSIS +Removes the package from a computer. + +## SYNTAX + +### ByGuid (Default) +``` +Remove-AppvClientPackage [-PackageId] [-VersionId] [] +``` + +### ByPackage +``` +Remove-AppvClientPackage [-Package] [] +``` + +### ByName +``` +Remove-AppvClientPackage [-Name] [[-Version] ] [] +``` + +## DESCRIPTION +The **Remove-AppvClientPackage** cmdlet removes the package from computer that runs the Microsoft Application Virtualization (App-V) client. +The cmdlet deletes the **AppvClientPackage** object. + +## EXAMPLES + +### Example 1: Remove a version of a package by using the pipeline operator +``` +PS C:\> Get-AppvPackage -Name "MyPackage" -Version 1 | Remove-Package +``` + +This command gets version 1 of the package named MyPackage, and then removes it from the computer. + +### Example 2: Remove a version of a package +``` +PS C:\> Remove-Package -Name "MyPackage" -Version 1 +``` + +This command removes version 1 of the package named MyPackage from the computer. + +## PARAMETERS + +### -Name +Specifies the friendly name of the package given during sequencing. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies the package ID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the sequencer. +The package ID is shared by all versions of a specific package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in a lineage. +If you do not specify this parameter, the cmdlet operates on all versions on the computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Remove-AppvPublishingServer.md b/docset/winserver2025-ps/appvclient/Remove-AppvPublishingServer.md new file mode 100644 index 0000000000..85ea3cd258 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Remove-AppvPublishingServer.md @@ -0,0 +1,137 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/remove-appvpublishingserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppvPublishingServer +--- + +# Remove-AppvPublishingServer + +## SYNOPSIS +Removes an App-V publishing server. + +## SYNTAX + +### ByServerId (Default) +``` +Remove-AppvPublishingServer [-ServerId] [] +``` + +### ByObject +``` +Remove-AppvPublishingServer [-Server] [] +``` + +### ByNameUrl +``` +Remove-AppvPublishingServer [[-Name] ] [[-URL] ] [] +``` + +## DESCRIPTION +The **Remove-AppvPublishingServer** cmdlet removes the Microsoft Application Virtualization (App-V) publishing server from the App-V client list. + +## EXAMPLES + +### Example 1: Remove a publishing server +``` +PS C:\> Remove-AppvPublishingServer -Name "Server01" +``` + +This command removes the publishing server named Server01. + +### Example 2: Remove multiple publishing servers +``` +PS C:\> Remove-AppvPublishingServer -Name "Server*" +``` + +This command removes all publishing servers that have names that start with the string Server. + +## PARAMETERS + +### -Name +Specifies the name of the composition. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies an **AppvPublishingServer** object. +To obtain an **AppvPublishingServer** object, use the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: AppvPublishingServer +Parameter Sets: ByObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ServerId +Specifies the ID for the publishing server. + +```yaml +Type: UInt32 +Parameter Sets: ByServerId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -URL +Specifies the URL path of the publishing server. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvMgmtServer + +## OUTPUTS + +## NOTES +* If an operation is being done between the server and targeted App-V agent, the cmdlet deletes the App-V server object, but any operation that had already been initiated finishes. Subsequent actions that may have been queued up fail. +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns the following error: The action could not be performed due to current App-V permissions. Please modify the permissions and try the operation again. + +## RELATED LINKS + +[Add-AppvPublishingServer](./Add-AppvPublishingServer.md) + +[Get-AppvPublishingServer](./Get-AppvPublishingServer.md) + +[Set-AppvPublishingServer](./Set-AppvPublishingServer.md) + +[Sync-AppvPublishingServer](./Sync-AppvPublishingServer.md) + diff --git a/docset/winserver2025-ps/appvclient/Repair-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Repair-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..37e723b63d --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Repair-AppvClientConnectionGroup.md @@ -0,0 +1,198 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/repair-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Repair-AppvClientConnectionGroup +--- + +# Repair-AppvClientConnectionGroup + +## SYNOPSIS +Resets the user package settings for the connection group. + +## SYNTAX + +### ByGuid (Default) +``` +Repair-AppvClientConnectionGroup [-Global] [-UserState] [-Extensions] [-GroupId] [-VersionId] + [] +``` + +### ByName +``` +Repair-AppvClientConnectionGroup [-Global] [-UserState] [-Extensions] [-Name] [] +``` + +### ByConnectionGroup +``` +Repair-AppvClientConnectionGroup [-Global] [-UserState] [-Extensions] + [-ConnectionGroup] [] +``` + +## DESCRIPTION +The **Repair-AppvClientConnectionGroup** cmdlet resets the user settings of the connection group. +Resetting the settings causes permanent loss of any user-specific application settings in the package. +The settings are reset to their original state when the connection group was originally added to the system. + +## EXAMPLES + +### Example 1: Repair a named connection group +``` +PS C:\> Repair-AppvClientConnectionGroup -Name "MyGroup" +``` + +This command repairs the connection group named MyGroup. + +### Example 2: Repair a connection group by using its ID +``` +PS C:\> Repair-AppvClientConnectionGroup -GroupID 793afd37-bd68-4ea1-859a-669f6afd0aa8 +``` + +This command repairs the connection group that has the group ID 793afd37-bd68-4ea1-859a-669f6afd0aa8. + +### Example 3: Repair all connection groups that have names that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Repair-AppvClientConnectionGroup +``` + +This command finds all of the connection groups that have the string MyGr in the name, and then repairs them. + +## PARAMETERS + +### -ConnectionGroup +Specifies an App-V Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Extensions +Indicates that the cmdlet repairs the extension points of a connection group only, and does not delete the user state of the connection group. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Global +Indicates that this cmdlet resets user settings for the specified packages for all users on the computer. +Usage of the *Global* parameter requires administrative credentials. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupId +Specifies the group ID of specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the Microsoft Application Virtualization (App-V) Connection Group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserState +Indicates that the cmdlet deletes the user state of the connection group only, and does not perform a repair on the extension points. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a connection group version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Stop-AppvClientConnectionGroup](./Stop-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Repair-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Repair-AppvClientPackage.md new file mode 100644 index 0000000000..2cc4689d49 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Repair-AppvClientPackage.md @@ -0,0 +1,215 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/repair-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Repair-AppvClientPackage +--- + +# Repair-AppvClientPackage + +## SYNOPSIS +Resets the user settings of a package. + +## SYNTAX + +### ByGuid (Default) +``` +Repair-AppvClientPackage [-Global] [-UserState] [-Extensions] [-PackageId] [-VersionId] + [] +``` + +### ByPackage +``` +Repair-AppvClientPackage [-Global] [-UserState] [-Extensions] [-Package] + [] +``` + +### ByName +``` +Repair-AppvClientPackage [-Global] [-UserState] [-Extensions] [-Name] [[-Version] ] + [] +``` + +## DESCRIPTION +The **Repair-AppvClientPackage** cmdlet deletes the user settings and reset the extension points of the package. +Resetting the settings causes permanent loss of any user-specific application settings in the package. +The settings are reset to their original state when the package was originally added to the system. + +## EXAMPLES + +### Example 1: Delete user state for a version of a package +``` +PS C:\> Repair-AppvClientPackage -Name "MyApp" -Version 3 +``` + +This command deletes the user state of version 3 of the package named MyApp. + +### Example 2: Delete user state for packages that have a name that matches a string +``` +PS C:\> Get-AppvClientPackage -Name "MyA*" | Repair-AppvClientPackage +``` + +This command gets all packages that have the string MyA in the name, and then delete the user state for those packages. + +## PARAMETERS + +### -Extensions +Indicates that this cmdlet repairs the extension points of a package only, and does not delete the user state of the package. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Global +Indicates that this cmdlet repairs the extension points for the provided packages for all users that log into the targeted computer. +Otherwise, the extension points of the packages are only repaired for the currently running user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies a GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the Microsoft Application Virtualization (App-V) Sequencer. +The Package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserState +Indicates that the cmdlet deletes the user state of the package only, and does not perform a repair on the extension points. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in a lineage. +If you do not specify this parameter, the cmdlet operates on all versions on the computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies the GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Send-AppvClientReport.md b/docset/winserver2025-ps/appvclient/Send-AppvClientReport.md new file mode 100644 index 0000000000..6672c35f74 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Send-AppvClientReport.md @@ -0,0 +1,133 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/send-appvclientreport?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Send-AppvClientReport +--- + +# Send-AppvClientReport + +## SYNOPSIS +Sends reporting data from the client. + +## SYNTAX + +``` +Send-AppvClientReport [-NetworkCostAware] [-DeleteOnSuccess] [[-URL] ] [] +``` + +## DESCRIPTION +The **Send-AppVClientReport** cmdlet sends all the available reporting data to the specified location in XML format. +You can delete the data from the client. +Reporting must be enabled. +By default, the data is sent to the location that is listed in the **ReportingServer** registry value. +This value can be either an UNC Share or the name of the Microsoft Application Virtualization (App-V) Reporting Server. +To override this location, you can specify a location by using the *URL* parameter. +The location can be either an UNC share or the App-V Reporting Server location. + +By default, after the data is sent, the data is not deleted from the client and is sent to the reporting server as part of the next scheduled sync, if applicable. +You can specify to delete the data from the client. +If the *DeleteOnSuccess* parameter is specified, the reporting data is deleted from the client. + +If the data is successfully sent, this cmdlet displays a success message. + +If reporting is not enabled, the cmdlet fails. + +If there is no valid location specified, the cmdlet fails. + +## EXAMPLES + +### Example 1: Send data to previously configured location +``` +PS C:\> Send-AppVClientReport +The Application Virtualization Client Report was sent successfully +``` + +This command sends the data to the location that is configured in the client and does not delete the data after it is sent. + +### Example 2: Send data to previously configured location and delete data +``` +PS C:\> Send-AppVClientReport -DeleteOnSuccess +Tee Application Virtualization Client Report was sent successfully +``` + +This command sends the data to the location that is configured in the client and deletes the data after it is sent. + +### Example 3: Send data to specified location and delete data +``` +PS C:\> Send-AppVClientReport -URL "http://myreportingserver:port" -DeleteOnSuccess +The Application Virtualization Client Report was sent successfully +``` + +This command sends the data to the location specified by the URL parameter and deletes the data after it is sent. + +### Example 4: Send data to incorrect location +``` +PS C:\> Send-AppVClientReport -URL "http://incorrectservername:port" -DeleteOnSuccess +The reporting server or share location has not been specified. You must specify the reporting server or share location using the following format: -Url +``` + +This command tries to send the data to the location specified by the URL parameter but because the server name is incorrect, the sending action fails and an error is returned. +The data is not deleted. + +## PARAMETERS + +### -DeleteOnSuccess +Indicates that this cmdlet delete the data after it has been sent. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NetworkCostAware +Indicates that this cmdlet is network cost aware. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -URL +Specifies the location on the reporting server where client information is saved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + diff --git a/docset/winserver2025-ps/appvclient/Set-AppvClientConfiguration.md b/docset/winserver2025-ps/appvclient/Set-AppvClientConfiguration.md new file mode 100644 index 0000000000..ebfa9b5f8d --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Set-AppvClientConfiguration.md @@ -0,0 +1,549 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/set-appvclientconfiguration?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppvClientConfiguration +--- + +# Set-AppvClientConfiguration + +## SYNOPSIS +Applies configuration settings to the App-V Client. + +## SYNTAX + +``` +Set-AppvClientConfiguration [-AllowHighCostLaunch ] [-AutoLoad ] + [-CertFilterForClientSsl ] [-EnablePackageScripts ] [-EnablePublishingRefreshUI ] + [-IntegrationRootGlobal ] [-IntegrationRootUser ] [-LocationProvider ] + [-MigrationMode ] [-PackageInstallationRoot ] [-PackageSourceRoot ] + [-RequirePublishAsAdmin ] [-ReestablishmentInterval ] [-ReestablishmentRetries ] + [-ReportingDataBlockSize ] [-ReportingDataCacheLimit ] [-ReportingEnabled ] + [-ReportingInterval ] [-ReportingRandomDelay ] [-ReportingServerURL ] + [-ReportingStartTime ] [-RoamingFileExclusions ] [-RoamingRegistryExclusions ] + [-SharedContentStoreMode ] [-VerifyCertificateRevocationList ] + [-ExperienceImprovementOptIn ] [-ProcessesUsingVirtualComponents ] + [-EnableDynamicVirtualization ] [-IgnoreLocationProvider ] [-SupportBranchCache ] + [] +``` + +## DESCRIPTION +The **Set-AppvClientConfiguration** cmdlet applies configuration settings to the Microsoft Application Virtualization (App-V) client. +Each parameter represents a setting that can be changed. + +## EXAMPLES + +### Example 1: Set a client configuration parameter +``` +PS C:\> Set-AppvClientConfiguration -parameter1 "parameterVal1" +``` + +This schematic example sets a particular client configuration parameter. + +## PARAMETERS + +### -AllowHighCostLaunch +Specifies whether virtualized applications are started on Windows 8 computers that are connected over a metered network connection, for instance, 4G. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AutoLoad +Specifies how new packages should be loaded automatically by App-V on a specific computer. +The acceptable values for this parameter are: + +- 0 for None +- 1 for Previously used +- 2 for All + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertFilterForClientSsl +Specifies the path of a valid certificate in the certificate store. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableDynamicVirtualization +Specifies whether to enable dynamic virtualization. +Dynamic virtualization enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and work with virtual applications. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnablePackageScripts +Specifies whether to enable the ability for scripts defined in the package manifest of configuration files to run. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnablePublishingRefreshUI +Specifies whether to enable the publishing refresh progress bar for the Client. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExperienceImprovementOptIn +Specifies whether to opt in ($True) or opt out ($False) of the Customer Experience Improvement Program. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IgnoreLocationProvider +Specifies whether to force the client to ignore the Location Provider path and instead use the Package Source Root. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IntegrationRootGlobal +Specifies the location to create symbolic links associated with the current version of a globally published package. +All virtual application extensions, for example shortcuts and file type associations, use this path. +If you do not specify a path, symbolic links are not be used when you publish the package. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IntegrationRootUser +Specifies the location to create symbolic links associated with the current version of a per-user published package. +All virtual application extensions, for example shortcuts and file type associations, use this path. +If you do not specify a path, symbolic links will not be used when you publish the package. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LocationProvider +Specifies the class ID (CLSID) for a compatible implementation of the IAppvPackageLocationProvider interface. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MigrationMode +Specifies whether to use migration mode. +Migration mode allows the App-V client to control shortcuts and FTAs for packages published using an earlier version of App-V. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageInstallationRoot +Specifies directory where all new applications and updates are installed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageSourceRoot +Specifies a value that overrides source location for downloading package content. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProcessesUsingVirtualComponents +Specifies a list of process paths which are candidates for using dynamic virtualization of supported shell extensions, browser helper objects, and ActiveX controls. +This parameter may contain wildcard characters. +Only processes whose full path matches one of these items can use dynamic virtualization. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReestablishmentInterval +Specifies the number of seconds between attempts to reestablish a dropped session. +The acceptable values for this parameter are: between 0 and 3600. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReestablishmentRetries +Specifies the number of times to retry a dropped session. +The acceptable values for this parameter are: between 0 and 99. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingDataBlockSize +Specifies the maximum size in bytes to transmit to the server for reporting upload requests. +This can help avoid permanent transmission failures when the log has reached a significant size. +The acceptable values for this parameter are: between 1024 and unlimited. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingDataCacheLimit +Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. +The size applies to the cache in memory. +When the limit is reached, the log file rolls over. +The acceptable values for this parameter are: between 0 and 1024. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingEnabled +Specifies whether to enable the client to return information to a reporting server. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingInterval +Specifies the retry interval that the client uses to resend data to the reporting server. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingRandomDelay +Specifies the maximum delay, in minutes, for data to be sent to the reporting server. +When the scheduled task is started, the client generates a random delay between 0 and *ReportingRandomDelay* and waits the specified duration before it sends data. +This can help prevent collisions on the server. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingServerURL +Specifies the location on the reporting server where client information is saved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReportingStartTime +Specifies the time to initiate the client to send data to the reporting server. +The acceptable values for this parameter are: integers between 0-23 corresponding to the hour of the day. +By default, the *ReportingStartTime* starts on the current day at 10 P.M or 22. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequirePublishAsAdmin +Specifies whether an unelevated user can publish registered App-V packages. + +This parameter is applicable starting in App-V 5.0 SP3. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RoamingFileExclusions +Specifies the file paths relative to `%userprofile%` that do not roam with a user's profile, for example: `'desktop;my pictures'`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RoamingRegistryExclusions +Specifies the registry paths that do not roam with a user profile, for example `'software\\\\classes;software\\\\clients'`. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SharedContentStoreMode +Specifies whether streamed package contents are not saved to the local hard disk. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SupportBranchCache +Specifies whether branch caching is turned on. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VerifyCertificateRevocationList +Specifies whether to verify Server certificate revocation status before steaming using HTTPS. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConfiguration + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientConfiguration +This cmdlet returns an object that is displayed as a two column table. +The first column contains the specific configuration and the second column contains the associated current value. + +In the case where the name/value option is passed, the cmdlet returns the same two column table, but only for the configuration requested. + +## NOTES +* Before applying new configuration, the cmdlet checks if Group Policy already owns any configuration by checking `HKLM\Software\Policies\Microsoft\Application Virtualization`. If any of the provided configuration is in the Group Policy registry node, the cmdlet fails. If Group Policy does not own any of the supplied configuration, the settings are written to the `HKLM\Software\Microsoft\AppV` registry node. If the cmdlet is trying to modify multiple settings, if any are owned by Group Policy, the whole operation fails. +* In the case where Group Policy owns the setting, the cmdlet returns the following error: The App-V configuration trying to be modified is being managed by Group Policy. The cmdlet cannot perform the modification. An error code is returned. +* If any of the provided configuration are not valid App-V Client settings, the cmdlet fails and returns an error. +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns an error. +* If the action to set a property fails, the cmdlet returns an error. + +## RELATED LINKS + +[Get-AppvClientConfiguration](./Get-AppvClientConfiguration.md) + diff --git a/docset/winserver2025-ps/appvclient/Set-AppvClientMode.md b/docset/winserver2025-ps/appvclient/Set-AppvClientMode.md new file mode 100644 index 0000000000..bf62aa3244 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Set-AppvClientMode.md @@ -0,0 +1,82 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/set-appvclientmode?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppvClientMode +--- + +# Set-AppvClientMode + +## SYNOPSIS +Sets the mode in which the client runs. + +## SYNTAX + +### Normal +``` +Set-AppvClientMode [-Normal] [] +``` + +### Uninstall +``` +Set-AppvClientMode [-Uninstall] [] +``` + +## DESCRIPTION +The **Set-AppvClientMode** cmdlet sets the mode in which the client runs. +By default, the cmdlet is set to *Normal* and the Microsoft Application Virtualization (App-V) Client runs normally. +If the *Uninstall* parameter is specified, the App-V Client prevents all client activity from happening which includes adding and publishing packages and creating virtual environments. + +## EXAMPLES + + +## PARAMETERS + +### -Normal +Indicates that the App-V Client functions normally. +This means all adding and publishing of App-V packages and creating of Virtual environments function normally. + +```yaml +Type: SwitchParameter +Parameter Sets: Normal +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Uninstall +Indicates that this cmdlet prevents the App-V Client from adding and publishing packages or creating any virtual environments. +This is set to enable an uninstall of the App-V Client to correctly occur. + +```yaml +Type: SwitchParameter +Parameter Sets: Uninstall +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AppvClientMode](./Get-AppvClientMode.md) + diff --git a/docset/winserver2025-ps/appvclient/Set-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Set-AppvClientPackage.md new file mode 100644 index 0000000000..a21eb891b8 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Set-AppvClientPackage.md @@ -0,0 +1,207 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/set-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppvClientPackage +--- + +# Set-AppvClientPackage + +## SYNOPSIS +Configures an App-V Client Package. + +## SYNTAX + +### ByGuid (Default) +``` +Set-AppvClientPackage [-Path ] [-DynamicDeploymentConfiguration ] [-UseNoConfiguration] + [-PackageId] [-VersionId] [] +``` + +### ByPackage +``` +Set-AppvClientPackage [-Path ] [-DynamicDeploymentConfiguration ] [-UseNoConfiguration] + [-Package] [] +``` + +### ByName +``` +Set-AppvClientPackage [-Path ] [-DynamicDeploymentConfiguration ] [-UseNoConfiguration] + [-Name] [[-Version] ] [] +``` + +## DESCRIPTION +The **Set-AppvClientPackage** cmdlet modifies the configuration files of a Microsoft Application Virtualization (App-V) package. + +## EXAMPLES + +### Example 1: Set a deployment configuration for a package +``` +PS C:\> Set-AppvClientPackage -Name "MyApp" -Version 1 -DynamicDeploymentConfiguration "C:\policies\MyApp.xml" +``` + +This command sets a new deployment configuration for a package. + +## PARAMETERS + +### -DynamicDeploymentConfiguration +Specifies the path of a Dynamic Deployment Configuration file for the App-V package to be added. +The cmdlet uses the Dynamic Deployment Configuration file to override the default behavior provided in the package manifest. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies the GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the App-V Sequencer. +The package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the path specifies the location of the .APPV file that contains the package to be added. +This value can be local directory, a network directory, or an HTTP or HTTPS URL. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: PSPath + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseNoConfiguration +Indicates that this cmdlet applies the default computer policy to the selected package. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in a lineage. +If you do not specify this parameter, the cmdlet operates on all available versions of the package on the target computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Set-AppvPublishingServer.md b/docset/winserver2025-ps/appvclient/Set-AppvPublishingServer.md new file mode 100644 index 0000000000..ab72afc453 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Set-AppvPublishingServer.md @@ -0,0 +1,224 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/set-appvpublishingserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppvPublishingServer +--- + +# Set-AppvPublishingServer + +## SYNOPSIS +Modifies properties of an App-V Publishing Server. + +## SYNTAX + +### ByServerId (Default) +``` +Set-AppvPublishingServer [-ServerId] [[-GlobalRefreshEnabled] ] + [[-GlobalRefreshOnLogon] ] [[-GlobalRefreshInterval] ] + [[-GlobalRefreshIntervalUnit] ] [[-UserRefreshEnabled] ] + [[-UserRefreshOnLogon] ] [[-UserRefreshInterval] ] + [[-UserRefreshIntervalUnit] ] [] +``` + +### ByObject +``` +Set-AppvPublishingServer [-Server] [[-GlobalRefreshEnabled] ] + [[-GlobalRefreshOnLogon] ] [[-GlobalRefreshInterval] ] + [[-GlobalRefreshIntervalUnit] ] [[-UserRefreshEnabled] ] + [[-UserRefreshOnLogon] ] [[-UserRefreshInterval] ] + [[-UserRefreshIntervalUnit] ] [] +``` + +## DESCRIPTION +The **Set-AppvPublishingServer** cmdlet modifies properties of an already existing Microsoft Application Virtualization (App-V) Publishing Server. +To obtain an App-V Publishing Server object, use the **Get-AppvPublishingServer** cmdlet. + +## EXAMPLES + + +## PARAMETERS + +### -GlobalRefreshEnabled +Specifies whether the server does automatic syncs with the publishing server for all globally published packages. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshInterval +Specifies a time span that represents the period where refreshes occur for packages published globally. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshIntervalUnit +Specifies the unit of time measurement. +The acceptable values for this parameter are: day and hour. + +```yaml +Type: IntervalUnit +Parameter Sets: (All) +Aliases: +Accepted values: Hour, Day + +Required: False +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GlobalRefreshOnLogon +Specifies whether a refresh occurs for all package published globally every time that a user logs into the target computer. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies an **AppvPublishingServer** object. +To obtain an **AppvPublishingServer** object, use the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: AppvPublishingServer +Parameter Sets: ByObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ServerId +Specifies the identifier for the App-V Publishing Server. +This can be queried using the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: UInt32 +Parameter Sets: ByServerId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshEnabled +Specifies whether user refresh is enabled. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshInterval +Specifies the identifier for the App-V Publishing Server. +This can be queried using the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshIntervalUnit +Specifies the unit of time measurement. +The acceptable values for this parameter are: day and hour. + +```yaml +Type: IntervalUnit +Parameter Sets: (All) +Aliases: +Accepted values: Hour, Day + +Required: False +Position: 8 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserRefreshOnLogon +Specifies whether a refresh occurs every time that a user logs into the computer. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvPublishingServer + +## OUTPUTS + +### Microsoft.AppvAgent.AppvPublishingServer + +## NOTES + +## RELATED LINKS + +[Add-AppvPublishingServer](./Add-AppvPublishingServer.md) + +[Get-AppvPublishingServer](./Get-AppvPublishingServer.md) + +[Remove-AppvPublishingServer](./Remove-AppvPublishingServer.md) + +[Sync-AppvPublishingServer](./Sync-AppvPublishingServer.md) + diff --git a/docset/winserver2025-ps/appvclient/Start-AppvVirtualProcess.md b/docset/winserver2025-ps/appvclient/Start-AppvVirtualProcess.md new file mode 100644 index 0000000000..38856e13cb --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Start-AppvVirtualProcess.md @@ -0,0 +1,318 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: AppVClientCmdlets-help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/start-appvvirtualprocess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Start-AppvVirtualProcess +--- + +# Start-AppvVirtualProcess + +## SYNOPSIS +Starts a virtual process. + +## SYNTAX + +### Default (Default) +``` +Start-AppvVirtualProcess [-FilePath] [[-ArgumentList] ] [-Credential ] + [-WorkingDirectory ] [-LoadUserProfile] [-NoNewWindow] [-PassThru] [-RedirectStandardError ] + [-RedirectStandardInput ] [-RedirectStandardOutput ] [-Wait] [-UseNewEnvironment] + -AppvClientObject [] +``` + +### UseShellExecute +``` +Start-AppvVirtualProcess [-FilePath] [[-ArgumentList] ] [-WorkingDirectory ] + [-PassThru] [-Verb ] [-Wait] [-WindowStyle ] -AppvClientObject + [] +``` + +## DESCRIPTION +The **Start-AppvVirtualProcess** cmdlet starts a new virtual process. + +## EXAMPLES + +### Example 1: Start a virtual process in a virtual environment of a package +``` +PS C:\> $AppVObj = Get-AppvClientPackage -Name "MyPackage" +PS C:\> Start-AppvVirtualProcess -FilePath "C:\Calc.exe" -AppvClientObject $AppVObj +``` + +The first command gets the client package named MyPackage by using the **Get-AppvClientPackage** cmdlet. +The command stores the result in the $AppVObj variable. + +The second command starts a new virtual process for Calc.exe in virtual environment of in $AppVObj. + +### Example 2: Start a virtual process in a virtual environment of a connection group +``` +PS C:\> $AppVObj = Get-AppvClientConnectionGroup -Name MyConnectionGroup +PS C:\> Start-AppvVirtualProcess -FilePath "C:\Calc.exe" -AppvClientObject $AppVObj +``` + +The first command gets the client package named MyPackage by using the **Get-AppvClientConnectionGroup** cmdlet. +The command stores the result in the $AppVObj variable. + +The second command starts a new virtual process for Calc.exe in the virtual environment of in $AppVObj. + +## PARAMETERS + +### -AppvClientObject +Specifies an **AppvClientPackage** or **AppvClientConnectionGroup** object. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ArgumentList +Specifies the arguments to be passed into the virtual process. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: Args + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the credential to start this process. + +```yaml +Type: PSCredential +Parameter Sets: Default +Aliases: RunAs + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FilePath +Specifies a file path. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: PSPath + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LoadUserProfile +Indicates that the cmdlet loads a user profile for use with the process. + +```yaml +Type: SwitchParameter +Parameter Sets: Default +Aliases: Lup + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoNewWindow +Indicates that the cmdlet attempts to keep the process in the same window instead of opening a new window. + +```yaml +Type: SwitchParameter +Parameter Sets: Default +Aliases: nnw + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. +By default, this cmdlet does not generate any output. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectStandardError +Redirects the stderr to the file specified. + +```yaml +Type: String +Parameter Sets: Default +Aliases: RSE + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectStandardInput +Takes the stdinput from the file specified. + +```yaml +Type: String +Parameter Sets: Default +Aliases: RSI + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RedirectStandardOutput +Redirects the stdout to the file specified. + +```yaml +Type: String +Parameter Sets: Default +Aliases: RSO + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseNewEnvironment +Indicates that this cmdlet uses a new environment for the process. + +```yaml +Type: SwitchParameter +Parameter Sets: Default +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Verb +Specifies a verb for the process. + +```yaml +Type: String +Parameter Sets: UseShellExecute +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Wait +Indicates that the cmdlet uses synchronous operation of the virtual process. +The cmdlet waits to exit until the virtual process exits. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WindowStyle +Specifies what to do without a Process Window Style. +The acceptable values for this parameter are: + +- Normal. +Display the normal window. +- Hidden. +Launch a hidden window. +- Minimized. +Launch a minimized window. +- Maximized. +Launch a maximized window. + +The default value is Normal. + +```yaml +Type: ProcessWindowStyle +Parameter Sets: UseShellExecute +Aliases: +Accepted values: Normal, Hidden, Minimized, Maximized + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkingDirectory +Specifies working directory of the process. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Get-AppvVirtualProcess](./Get-AppvVirtualProcess.md) + diff --git a/docset/winserver2025-ps/appvclient/Stop-AppvClientConnectionGroup.md b/docset/winserver2025-ps/appvclient/Stop-AppvClientConnectionGroup.md new file mode 100644 index 0000000000..e24166b395 --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Stop-AppvClientConnectionGroup.md @@ -0,0 +1,168 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/stop-appvclientconnectiongroup?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Stop-AppvClientConnectionGroup +--- + +# Stop-AppvClientConnectionGroup + +## SYNOPSIS +Shuts down the shared virtual environment of a connection group. + +## SYNTAX + +### ByGuid (Default) +``` +Stop-AppvClientConnectionGroup [-Global] [-GroupId] [-VersionId] [] +``` + +### ByName +``` +Stop-AppvClientConnectionGroup [-Global] [-Name] [] +``` + +### ByConnectionGroup +``` +Stop-AppvClientConnectionGroup [-Global] [-ConnectionGroup] [] +``` + +## DESCRIPTION +The **Stop-AppvClientConnectionGroup** cmdlet shuts down the shared virtual environment of a connection group. +All running processes in the connection group virtual environment are shutdown. + +## EXAMPLES + +### Example 1: Stop a virtual environment for a named group +``` +PS C:\> Stop-AppvClientConnectionGroup -Name "MyGroup" +``` + +This command stops the virtual environment of the enabled connection group that has the name MyGroup. + +### Example 2: Stop a virtual environment for a group by using its ID +``` +PS C:\> Stop-AppvClientConnectionGroup -GroupID 793afd37-bd68-4ea1-859a-669f6afd0aa8 +``` + +This command stops the virtual environment of the enabled connection group that has the group ID 793afd37-bd68-4ea1-859a-669f6afd0aa8. + +### Example 3: Stop virtual environment for groups with names that match a string +``` +PS C:\> Get-AppvClientConnectionGroup -Name "MyGr*" | Stop-AppvClientConnectionGroup +``` + +This command gets all of the enabled connection groups that have the string MyGr in the name, and then stops each of their virtual environments. + +## PARAMETERS + +### -ConnectionGroup +Specifies an App-V Connection Group object. + +```yaml +Type: AppvClientConnectionGroup +Parameter Sets: ByConnectionGroup +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Global +Indicates that the cmdlet shuts down virtual environments for the specified connection groups for all users on the computer. +Usage of the *Global* parameter requires administrative credentials. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupId +Specifies the group ID of a specific connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the Microsoft Application Virtualization (App-V) connection group. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a connection group version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the connection group. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientConnectionGroup + +## OUTPUTS + +## NOTES +* The cmdlet checks that you have permissions to perform the specific action. If not, the cmdlet returns an error. +* If the enable operation fails, the cmdlet returns an error. +* If the cmdlet cannot find the connection group on the target computer, the cmdlet returns an error. + +## RELATED LINKS + +[Add-AppvClientConnectionGroup](./Add-AppvClientConnectionGroup.md) + +[Disable-AppvClientConnectionGroup](./Disable-AppvClientConnectionGroup.md) + +[Enable-AppvClientConnectionGroup](./Enable-AppvClientConnectionGroup.md) + +[Get-AppvClientConnectionGroup](./Get-AppvClientConnectionGroup.md) + +[Mount-AppvClientConnectionGroup](./Mount-AppvClientConnectionGroup.md) + +[Remove-AppvClientConnectionGroup](./Remove-AppvClientConnectionGroup.md) + +[Repair-AppvClientConnectionGroup](./Repair-AppvClientConnectionGroup.md) + diff --git a/docset/winserver2025-ps/appvclient/Stop-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Stop-AppvClientPackage.md new file mode 100644 index 0000000000..bd97c61e7c --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Stop-AppvClientPackage.md @@ -0,0 +1,182 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/stop-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Stop-AppvClientPackage +--- + +# Stop-AppvClientPackage + +## SYNOPSIS +Shuts down virtual environments for specified packages. + +## SYNTAX + +### ByGuid (Default) +``` +Stop-AppvClientPackage [-Global] [-PackageId] [-VersionId] [] +``` + +### ByPackage +``` +Stop-AppvClientPackage [-Global] [-Package] [] +``` + +### ByName +``` +Stop-AppvClientPackage [-Global] [-Name] [[-Version] ] [] +``` + +## DESCRIPTION +The **Stop-AppvClientPackage** cmdlet shuts down the virtual environment for the specified packages. +All applications and processes within that package are forced to shut down. +Any unsaved application data is lost. + +## EXAMPLES + +### Example 1: Shut down a virtual environment for a version of a package +``` +PS C:\> Stop-AppvClientPackage -Name "MyPackage" -Version 2 +``` + +This command shuts down the virtual environment of version 2 of package named MyPackage. + +### Example 2: Shut down a virtual environment for all versions of a package +``` +PS C:\> Get-AppvClientPackage -Name "MyPackage" | Stop-AppvClientPackage +``` + +This command gets all versions of the package named MyPackage, and then shuts down the virtual environment for those results. + +## PARAMETERS + +### -Global +Specifies that the cmdlet shuts down virtual environments for the specified packages for all users on the computer. +Usage of the *Global* parameter requires administrative credentials. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies a GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the Microsoft Application Virtualization (App-V) Sequencer. +The package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in a lineage. +If you do not specify this parameter, the cmdlet operates on all available versions of the package on the computer. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on all versions of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Unpublish-AppvClientPackage](./Unpublish-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvclient/Sync-AppvPublishingServer.md b/docset/winserver2025-ps/appvclient/Sync-AppvPublishingServer.md new file mode 100644 index 0000000000..22848bb73d --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Sync-AppvPublishingServer.md @@ -0,0 +1,193 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/sync-appvpublishingserver?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Sync-AppvPublishingServer +--- + +# Sync-AppvPublishingServer + +## SYNOPSIS +Initiates the App-V Publishing Refresh operation. + +## SYNTAX + +### ByServerId (Default) +``` +Sync-AppvPublishingServer [-ServerId] [-Global] [-Force] [-NetworkCostAware] + [-HidePublishingRefreshUI] [] +``` + +### ByObject +``` +Sync-AppvPublishingServer [-Server] [-Global] [-Force] [-NetworkCostAware] + [-HidePublishingRefreshUI] [] +``` + +### ByNameUrl +``` +Sync-AppvPublishingServer [[-Name] ] [[-URL] ] [-Global] [-Force] [-NetworkCostAware] + [-HidePublishingRefreshUI] [] +``` + +## DESCRIPTION +The **Sync-AppvPublishingServer** cmdlet initiates the Microsoft Application Virtualization (App-V) publishing refresh operation in the context of the current user. +The publishing refresh connects to all added servers on the client and expose new App-V packages and their respective extension points to the user. + +## EXAMPLES + +### Example 1: Start publishing refresh +``` +PS C:\> Sync-AppvPublishingServer -Name "MyServer" +``` + +This command starts publishing refresh for the current user for the server named MyServer. + +## PARAMETERS + +### -Force +Indicates that the cmdlet forces all publishes and unpublishes of packages. + +The Force switch specifies whether to suppress warning and confirmation messages. It can be useful in scripting to suppress interactive prompts. If the Force switch isn't provided in the command, you're prompted for administrative input if required. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Global +Indicates that the cmdlet synchronizes packages from the App-V publishing server that are provisioned to the computer and are published to all users on the computer. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HidePublishingRefreshUI +Indicates that the cmdlet suppresses the Publishing Refresh Progress bar. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the server. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NetworkCostAware +Indicates that this cmdlet is network cost aware. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Specifies an **AppvPublishingServer** object. +To obtain an **AppvPublishingServer** object, use the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: AppvPublishingServer +Parameter Sets: ByObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ServerId +Specifies the identifier for the App-V Publishing Server. +This can be queried using the **Get-AppvPublishingServer** cmdlet. + +```yaml +Type: UInt32 +Parameter Sets: ByServerId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -URL +Specifies the URL path of the server. + +```yaml +Type: String +Parameter Sets: ByNameUrl +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppvPublishingServer](./Add-AppvPublishingServer.md) + +[Get-AppvPublishingServer](./Get-AppvPublishingServer.md) + +[Remove-AppvPublishingServer](./Remove-AppvPublishingServer.md) + +[Set-AppvPublishingServer](./Set-AppvPublishingServer.md) + diff --git a/docset/winserver2025-ps/appvclient/Unpublish-AppvClientPackage.md b/docset/winserver2025-ps/appvclient/Unpublish-AppvClientPackage.md new file mode 100644 index 0000000000..ae1364191c --- /dev/null +++ b/docset/winserver2025-ps/appvclient/Unpublish-AppvClientPackage.md @@ -0,0 +1,202 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.AppVClientPowerShell.dll-Help.xml +Module Name: AppvClient +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvclient/unpublish-appvclientpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Unpublish-AppvClientPackage +--- + +# Unpublish-AppvClientPackage + +## SYNOPSIS +Removes the extension points for packages. + +## SYNTAX + +### ByGuid (Default) +``` +Unpublish-AppvClientPackage [-Global] [-UserSID ] [-PackageId] [-VersionId] + [] +``` + +### ByPackage +``` +Unpublish-AppvClientPackage [-Global] [-UserSID ] [-Package] [] +``` + +### ByName +``` +Unpublish-AppvClientPackage [-Global] [-UserSID ] [-Name] [[-Version] ] + [] +``` + +## DESCRIPTION +The **Unpublish-AppvClientPackage** cmdlet removes all the extension points of the specified packages. +The package contents remain on the target computer. +The package is still added on the client and the appropriate **AppvClientPackage** object persists. + +The package can be unpublished for the current user or if all users that log on to the target computer. + +## EXAMPLES + +### Example 1: Unpublish a version of a package +``` +PS C:\> Unpublish-AppvClientPackage -Name "MyApp" -Version 3 +``` + +This command unpublishes version 3 of the package named MyApp. + +### Example 2: Unpublish a version of a package for all users +``` +PS C:\> Unpublish-AppvClientPackage -Name "MyApp" -Version 3 -Global +``` + +This command unpublishes version 3 of the package named MyApp for all users on the computer. + +## PARAMETERS + +### -Global +Indicates that the packages are unpublished to all users that log into the targeted computer. +Otherwise, the packages are only unpublished to the currently running user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package +Specifies an App-V package. + +```yaml +Type: AppvClientPackage +Parameter Sets: ByPackage +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageId +Specifies a GUID that uniquely identifies the package. +It can be found in the package manifest or by opening the package in the Microsoft Application Virtualization (App-V) Sequencer. +The package ID is shared by all versions of a package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserSID +Specifies the SID of the intended user, in the form of S-1-2-34-56789012-3456789012-345678901-2345. +This cmdlet parameter requires elevated rights to run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Specifies the version of an App-V package in one specific lineage. +If you do not specify this parameter, the cmdlet operates on the latest version found. + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VersionId +Specifies a GUID that differentiates a package version from other versions, whether older, newer, or of a different lineage. +If you do not specify this parameter, the cmdlet operates on the latest version of the package. + +```yaml +Type: Guid +Parameter Sets: ByGuid +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## OUTPUTS + +### Microsoft.AppvAgent.AppvClientPackage + +## NOTES + +## RELATED LINKS + +[Add-AppvClientPackage](./Add-AppvClientPackage.md) + +[Get-AppvClientPackage](./Get-AppvClientPackage.md) + +[Mount-AppvClientPackage](./Mount-AppvClientPackage.md) + +[Publish-AppvClientPackage](./Publish-AppvClientPackage.md) + +[Remove-AppvClientPackage](./Remove-AppvClientPackage.md) + +[Repair-AppvClientPackage](./Repair-AppvClientPackage.md) + +[Set-AppvClientPackage](./Set-AppvClientPackage.md) + +[Stop-AppvClientPackage](./Stop-AppvClientPackage.md) + diff --git a/docset/winserver2025-ps/appvsequencer/AppvSequencer.md b/docset/winserver2025-ps/appvsequencer/AppvSequencer.md new file mode 100644 index 0000000000..af6ef3297b --- /dev/null +++ b/docset/winserver2025-ps/appvsequencer/AppvSequencer.md @@ -0,0 +1,29 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.1.1 +Locale: en-US +Module Guid: 120c1a42-e4b5-4fcf-9dbd-d416bd3b41f5 +Module Name: AppvSequencer +ms.date: 12/20/2016 +title: AppvSequencer +--- + +# AppvSequencer Module +## Description +The following list contains links to the help topics for the Microsoft Application Virtualization (App-V) Sequencer cmdlets. + +## AppvSequencer Cmdlets +### [Expand-AppvSequencerPackage](./Expand-AppvSequencerPackage.md) +Expands an existing App-V package. + +### [New-AppvPackageAccelerator](./New-AppvPackageAccelerator.md) +Generates a package accelerator. + +### [New-AppvSequencerPackage](./New-AppvSequencerPackage.md) +Creates a new App-V package. + +### [Update-AppvSequencerPackage](./Update-AppvSequencerPackage.md) +Upgrades virtual application packages. + + diff --git a/docset/winserver2025-ps/appvsequencer/Expand-AppvSequencerPackage.md b/docset/winserver2025-ps/appvsequencer/Expand-AppvSequencerPackage.md new file mode 100644 index 0000000000..c5d3a2b359 --- /dev/null +++ b/docset/winserver2025-ps/appvsequencer/Expand-AppvSequencerPackage.md @@ -0,0 +1,68 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.Modernizer.Cmdlets.dll-Help.xml +Module Name: AppvSequencer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvsequencer/expand-appvsequencerpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Expand-AppvSequencerPackage +--- + +# Expand-AppvSequencerPackage + +## SYNOPSIS +Expands an existing App-V package. + +## SYNTAX + +``` +Expand-AppvSequencerPackage [-AppvPackagePath] [] +``` + +## DESCRIPTION +The **Expand-AppvSequencerPackage** cmdlet expands a Microsoft Application Virtualization (App-V) package into its native form to the NTFS file system on the computer running the sequencer. +You can more easily add prerequisites or dependent applications to the sequencer before generating the package. + +Run this cmdlet each time to expand a new package onto the computer running the sequencer. + +## EXAMPLES + +### Example 1: Expand a package +``` +PS C:\> Expand-AppvSequencerPackage -AppvPackagePath "C:\MyPackages\PreReq.appv" +``` + +This command expands the package PreReq.appv to the sequencing computer. + +## PARAMETERS + +### -AppvPackagePath +Specifies the file path to an existing App-V package to be expanded to the NTFS file system of the computer running the cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: AppvPackage + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[New-AppvSequencerPackage](./New-AppvSequencerPackage.md) + +[Update-AppvSequencerPackage](./Update-AppvSequencerPackage.md) + diff --git a/docset/winserver2025-ps/appvsequencer/New-AppvPackageAccelerator.md b/docset/winserver2025-ps/appvsequencer/New-AppvPackageAccelerator.md new file mode 100644 index 0000000000..4bba9b99e0 --- /dev/null +++ b/docset/winserver2025-ps/appvsequencer/New-AppvPackageAccelerator.md @@ -0,0 +1,144 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.Modernizer.Cmdlets.dll-Help.xml +Module Name: AppvSequencer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvsequencer/new-appvpackageaccelerator?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AppvPackageAccelerator +--- + +# New-AppvPackageAccelerator + +## SYNOPSIS +Generates a package accelerator. + +## SYNTAX + +### FromInstaller (Default) +``` +New-AppvPackageAccelerator [-InputPackagePath] [-Installer] + [-AcceleratorDescriptionFile ] [-Path] [] +``` + +### FromInstalledMedia +``` +New-AppvPackageAccelerator [-InputPackagePath] [-InstalledFilesPath] + [-AcceleratorDescriptionFile ] [-Path] [] +``` + +## DESCRIPTION +The **New-AppvPackageAccelerator** cmdlet generates a package accelerator object. +It accepts an existing Application Virtualization (App-V) 5.0 package file along with the appropriately installed files or installation media. +The cmdlet then generates a package accelerator file. + +## EXAMPLES + +### Example 1: Create a package accelerator +``` +PS C:\> New-AppvPackageAccelerator -AppvPackageFilePath "C:\MyPackages\Package1\Package1.appv" -Installer "C:\MyPackages\Package1" -OutputPath "C:\Output\packages\Package1.cab" +``` + +This command creates a package accelerator using an installer folder containing, for example, MSI installers. + +### Example 2: Create a package accelerator with instruction sheet +``` +PS C:\> New-AppvPackageAccelerator -AppvPackageFilePath "C:\MyPackages\Package1\Package1.appv" -InstalledFilesPath "C:\Program Files\Package1InstallFolder" -OutputPath "C:\Output\packages\Package1.cab" -AcceleratorDescriptionFilePath "C:\MyPackages\Package1\Package1Description.rtf" +``` + +This command creates a package accelerator and inserts an instruction sheet on how to accelerate package. + +## PARAMETERS + +### -AcceleratorDescriptionFile +Specifies the package accelerator description file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputPackagePath +Specifies the path to the App-V package used as input to generate the accelerator from. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstalledFilesPath +Specifies the path to the folder containing the directory where the package is installed to, to generate an accelerator for. + +```yaml +Type: String +Parameter Sets: FromInstalledMedia +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Installer +Specifies the path to the folder of the application installer to generate an accelerator from. +The installer must be of the format msi, or cab, or zip. +If you do not have an installer of this format, use the *InstalledFilesPath* parameter instead. + +```yaml +Type: String +Parameter Sets: FromInstaller +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the full path to the .cab package accelerator output file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: OutputPath + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Expand-AppvSequencerPackage](./Expand-AppvSequencerPackage.md) + +[Update-AppvSequencerPackage](./Update-AppvSequencerPackage.md) + diff --git a/docset/winserver2025-ps/appvsequencer/New-AppvSequencerPackage.md b/docset/winserver2025-ps/appvsequencer/New-AppvSequencerPackage.md new file mode 100644 index 0000000000..accbae3439 --- /dev/null +++ b/docset/winserver2025-ps/appvsequencer/New-AppvSequencerPackage.md @@ -0,0 +1,242 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.Modernizer.Cmdlets.dll-Help.xml +Module Name: AppvSequencer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvsequencer/new-appvsequencerpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: New-AppvSequencerPackage +--- + +# New-AppvSequencerPackage + +## SYNOPSIS +Creates a new App-V package. + +## SYNTAX + +### ByInstallerFullLoad (Default) +``` +New-AppvSequencerPackage [-FullLoad] [-Installer] [-InstallerOptions ] + [[-PrimaryVirtualApplicationDirectory] ] [-Name] [-Path] + [-TemplateFilePath ] [] +``` + +### ByPackageAcceleratorInstallMedia +``` +New-AppvSequencerPackage [-AcceleratorFilePath] [-InstallMediaPath] [-Name] + [-Path] [] +``` + +### ByPackageAcceleratorInstalledFiles +``` +New-AppvSequencerPackage [-AcceleratorFilePath] [-InstalledFilesPath] [-Name] + [-Path] [] +``` + +## DESCRIPTION +The **New-AppvSequencerPackage** cmdlet creates a new Microsoft Application Virtualization (App-V) package, either using an installer, an App-V accelerator, or an accelerator with an installed application. +The cmdlet accepts a template file, as well as the option to force the package to be fully streamed to the computer before running the package. + +## EXAMPLES + +### Example 1: Create a package +``` +PS C:\> New-AppvSequencerPackage -Name "MyPackage" -OutputPath "C:\MyPackage" -PrimaryVirtualApplicationDirectory "C:\Program Files\MyApp" -Installer "C:\installers\MyApp\setup.exe" +``` + +This command creates a package for the application MyApp. + +### Example 2: Create a package that must be fully downloaded +``` +PS C:\> New-AppvSequencerPackage -Name MyPackage2 -OutputPath C:\MyPackages -PrimaryVirtualApplicationDirectory "C:\Program Files\MyApp -Installer C:\installers\MyApp\setup.exe -FullLoad +``` + +This command creates a package that must be fully downloaded for the application MyApp. + +### Example 3: Create a package using a pre-generated accelerator +``` +PS C:\> New-AppvSequencerPackage -Name "MyPackage" -OutputPath "C:\MyPackages" -AcceleratorFilePath "C:\MyAccelerators\MyAccelerator.cab" -PrimaryVirtualApplicationDirectory "C:\MyApp\" -InstalledMediaPath "C:\Installers\PreReq\" -Installer "C:\Installers\MyApp\setup.exe" +``` + +This command creates a new package MyApp using a pre-generated package accelerator. + +### Example 4: Create a package using a template file +``` +PS C:\> New-AppvSequencerPackage -Name "MyPackage" -TemplateFilePath "C:\template.appvt" -OutputPath "C:\Packages\MyPackage" -PrimaryVirtualApplicationDirectory "C:\Program Files\MyApp" -Installer "C:\Installers\MyApp\setup.exe" +``` + +This command creates a new MyApp package using a template file. + +## PARAMETERS + +### -AcceleratorFilePath +Specifies the path to the accelerator file for this package. +If the accelerator is not signed or is not accepted by the Sequencer, an error is returned. + +```yaml +Type: String +Parameter Sets: ByPackageAcceleratorInstallMedia, ByPackageAcceleratorInstalledFiles +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FullLoad +Indicates that the package is required to be fully downloaded before being launched. + +```yaml +Type: SwitchParameter +Parameter Sets: ByInstallerFullLoad +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstalledFilesPath +Specifies the location of the already installed files used to create a new App-V package with the aid of an App-V Accelerator. + +```yaml +Type: String +Parameter Sets: ByPackageAcceleratorInstalledFiles +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Installer +Specifies a collection of MSIs, setup executables, or other executables needed to be run to create the App-V package. + +```yaml +Type: String[] +Parameter Sets: ByInstallerFullLoad +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallerOptions +Specifies an array of Installer Command-Line Options as parameter values, such as /quiet, /passive, or /norestart. + +```yaml +Type: String[] +Parameter Sets: ByInstallerFullLoad +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallMediaPath +Specifies the location of the installation media that the Sequencer points to and generates an accelerator. + +```yaml +Type: String +Parameter Sets: ByPackageAcceleratorInstallMedia +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the name of the App-V package. +This is also the name of all files outputted by the sequencing process. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the folder where the package is saved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: OutputPath + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PrimaryVirtualApplicationDirectory +Specifies the location where the application is being installed. +This must be a path on the local computer. + +```yaml +Type: String +Parameter Sets: ByInstallerFullLoad +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TemplateFilePath +Specifies the path to the App-V package template file to be used for this package. + +```yaml +Type: String +Parameter Sets: ByInstallerFullLoad +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Expand-AppvSequencerPackage](./Expand-AppvSequencerPackage.md) + +[New-AppvPackageAccelerator](./New-AppvPackageAccelerator.md) + +[Update-AppvSequencerPackage](./Update-AppvSequencerPackage.md) + diff --git a/docset/winserver2025-ps/appvsequencer/Update-AppvSequencerPackage.md b/docset/winserver2025-ps/appvsequencer/Update-AppvSequencerPackage.md new file mode 100644 index 0000000000..3187f2a810 --- /dev/null +++ b/docset/winserver2025-ps/appvsequencer/Update-AppvSequencerPackage.md @@ -0,0 +1,167 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.AppV.Modernizer.Cmdlets.dll-Help.xml +Module Name: AppvSequencer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/appvsequencer/update-appvsequencerpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Update-AppvSequencerPackage +--- + +# Update-AppvSequencerPackage + +## SYNOPSIS +Upgrades virtual application packages. + +## SYNTAX + +``` +Update-AppvSequencerPackage [-FullLoad] [-InputPackagePath] [-Installer] + [-InstallerOptions ] [-Name] [-Path] [-TemplateFilePath ] + [] +``` + +## DESCRIPTION +The **Update-AppvSequencerPackage** cmdlet upgrades virtual application packages. +It takes as an input the original package, the upgrade installer, and an output path. +The cmdlet returns a package that is upgraded. + +## EXAMPLES + +### Example 1: Update an application +``` +PS C:\> Update-AppvSequencerPackage -AppvPackageFilePath "C:\Packages\MyPackage.appv" -Installer "C:\PackageInstall\PackageUpgrade.exe" -OutputPath "C:\UpgradedPackages" +``` + +This command updates an application, changing the output path. + +### Example 2: Update an application and require package to be fully loaded +``` +PS C:\> Update-AppvSequencerPackage -AppvPackageFilePath "C:\Packages\MyPackage.appv" -Installer "C:\PackageInstall\PackageUpgrade.exe" -OutputPath "C:\UpgradedPackages" -FullLoad +``` + +This command updates an application, and sets the package to be fully loaded. + +## PARAMETERS + +### -FullLoad +Indicates that the cmdlet forces the package to be fully downloaded onto the computer before it can be launched. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputPackagePath +Specifies the path of the existing Microsoft Application Virtualization (App-V) package to upgrade. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Installer +Specifies the installer used to upgrade the App-V package. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallerOptions +Specifies an array of Installer Command-Line Options as parameter values, such as /quiet, /passive, or /norestart. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Specifies the friendly name of the package given during Sequencing time. +This value is obtained from the package manifest. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the path of the folder where the updated package is to be saved. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: OutputPath + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TemplateFilePath +Specifies the path to the App-V package template file to be used for this package. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Expand-AppvSequencerPackage](./Expand-AppvSequencerPackage.md) + +[New-AppvSequencerPackage](./New-AppvSequencerPackage.md) + diff --git a/docset/winserver2025-ps/appx/Add-AppSharedPackageContainer.md b/docset/winserver2025-ps/appx/Add-AppSharedPackageContainer.md new file mode 100644 index 0000000000..e5f898553c --- /dev/null +++ b/docset/winserver2025-ps/appx/Add-AppSharedPackageContainer.md @@ -0,0 +1,122 @@ +--- +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/add-appsharedpackagecontainer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppSharedPackageContainer +--- + +# Add-AppSharedPackageContainer + +## SYNOPSIS +Deploys the shared package container definition. + +## SYNTAX + +``` +Add-AppSharedPackageContainer [-Path] [-ForceApplicationShutdown] [-Merge] + [-Force] [] +``` + +## DESCRIPTION + +The `Add-AppSharedPackageContainer` cmdlet deploys the shared package container definition for the +particular user. + +## EXAMPLES + +### Example 1 + +```powershell +Add-AppSharedPackageContainer -Path C:\MyFolder\ContosoTestContainer.xml +``` + +This command deploys the definition described in the ContosoTestContainer file. + +## PARAMETERS + +### -Force + +Replaces an existing container of the same name with the newly created container's definition for +the target users. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceApplicationShutdown + +Closes all packages currently running in the Shared Package Container. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Merge + +Merges a new container's definition into an existing container definition of the same name for +target users. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path + +Path to the XML definition file. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: PSPath + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/appx/Add-AppxPackage.md b/docset/winserver2025-ps/appx/Add-AppxPackage.md new file mode 100644 index 0000000000..eb61ec21f1 --- /dev/null +++ b/docset/winserver2025-ps/appx/Add-AppxPackage.md @@ -0,0 +1,688 @@ +--- +description: Adds a signed app package to a user account. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/add-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppxPackage +--- + +# Add-AppxPackage + +## SYNOPSIS +Adds a signed app package to a user account. + +## SYNTAX + +### AddSet (Default) + +``` +Add-AppxPackage [-Path] [-DependencyPath ] [-RequiredContentGroupOnly] + [-ForceApplicationShutdown] [-ForceTargetApplicationShutdown] [-ForceUpdateFromAnyVersion] + [-RetainFilesOnFailure] [-InstallAllResources] [-Volume ] + [-ExternalPackages ] [-OptionalPackages ] [-RelatedPackages ] + [-ExternalLocation ] [-DeferRegistrationWhenPackagesAreInUse] + [-StubPackageOption ] [-AllowUnsigned] [-WhatIf] [-Confirm] [] +``` + +### AddByAppInstallerSet + +``` +Add-AppxPackage [-Path] [-RequiredContentGroupOnly] [-AppInstallerFile] + [-ForceTargetApplicationShutdown] [-InstallAllResources] [-LimitToExistingPackages] + [-Volume ] [-WhatIf] [-Confirm] [] +``` + +### RegisterSet + +``` +Add-AppxPackage [-Path] [-DependencyPath ] [-Register] [-DisableDevelopmentMode] + [-ForceApplicationShutdown] [-ForceTargetApplicationShutdown] [-ForceUpdateFromAnyVersion] + [-InstallAllResources] [-ExternalLocation ] [-WhatIf] [-Confirm] [] +``` + +### UpdateSet + +``` +Add-AppxPackage [-Path] [-DependencyPath ] [-RequiredContentGroupOnly] + [-ForceApplicationShutdown] [-ForceTargetApplicationShutdown] [-ForceUpdateFromAnyVersion] + [-RetainFilesOnFailure] [-InstallAllResources] [-Update] [-WhatIf] [-Confirm] [] +``` + +### StageSet + +``` +Add-AppxPackage [-Path] [-DependencyPath ] [-RequiredContentGroupOnly] [-Stage] + [-ForceUpdateFromAnyVersion] [-Volume ] [-ExternalPackages ] + [-OptionalPackages ] [-RelatedPackages ] [-ExternalLocation ] + [-StubPackageOption ] [-WhatIf] [-Confirm] [] +``` + +### RegisterByPackageFullNameSet + +``` +Add-AppxPackage [-Register] -MainPackage [-DependencyPackages ] + [-ForceApplicationShutdown] [-ForceTargetApplicationShutdown] [-ForceUpdateFromAnyVersion] + [-InstallAllResources] [-WhatIf] [-Confirm] [] +``` + +### RegisterByPackageFamilyNameSet + +``` +Add-AppxPackage [-RegisterByFamilyName] -MainPackage [-DependencyPackages ] + [-ForceApplicationShutdown] [-ForceTargetApplicationShutdown] [-InstallAllResources] + [-OptionalPackages ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Add-AppxPackage` cmdlet adds a signed app package to a user account. An app package has an +`.msix` or `.appx` filename extension. Use the **DependencyPath** parameter to add all other +packages required for the installation of the app package. + +You can use the **Register** parameter to install from a folder of unpackaged files during +development of Windows Store apps. + +To update an already installed package, the new package must have the same package family name. + +## EXAMPLES + +### Example 1: Add an app package + +```powershell +Add-AppxPackage -Path '.\MyApp.msix' -DependencyPath '.\winjs.msix' +``` + +This command adds an app package that the package contains. + +### Example 2: Update an app, but defer registration until the app has closed + +```powershell +$params = @{ + Path = '.\MyApp.msix' + DependencyPath = '.\winjs.msix' + DeferRegistrationWhenPackagesAreInUse = $true +} +Add-AppxPackage @params +``` + +This command will register an update to an existing app, but won't do so until the next launch of +the app. + +### Example 3: Add a disabled app package in development mode + +```powershell +$InstallLocation = Get-AppxPackage -Name '*WindowsCalculator*' | + Select-Object -ExpandProperty InstallLocation +$ManifestPath = $InstallLocation + '\Appxmanifest.xml' +Add-AppxPackage -Path $ManifestPath -Register -DisableDevelopmentMode +``` + +This command gets the full path of the package manifest file of an installed Windows Store app, and +then registers that package. You can use **DisableDevelopmentMode** to register an application +that's staged by the **StagePackageAsync** API, has been disabled, or has become corrupted during +testing. + +### Example 4: Add an app along with its optional packages + +```powershell +Add-AppxPackage -Path '.\MyApp.msixbundle' -ExternalPackages @( + '.\optionalpackage1.msix' + '.\optionalpackage2.msixbundle' +) + +Add-AppxPackage -Path '.\MyApp.msixbundle' -OptionalPackages '29270sandstorm.OptionalPackage1_gah1vdar1nn7a' +``` + +This command adds an app package along with its optional packages. It's an atomic operation, which +means that if the app or its optional packages fail to install, the deployment operation will be +aborted + +### Example 5: Install only the required section of a streaming app + +```powershell +Add-AppxPackage -Path '.\MyApp.msixbundle' -RequiredContentGroupOnly +``` + +This command adds an app package but only installs the required section of a streaming app. Calling +this command again without the **RequiredContentGroupOnly** parameter proceeds to install the rest +of the application in the order defined by the `AppxContentGroupMap.xml` + +### Example 6: Install an app using the App Installer file + +```powershell +Add-AppxPackage -AppInstallerFile "C:\Users\user1\Desktop\MyApp.appinstaller" +``` + +This command adds an app package as outlined in the App Installer file with all update settings +specified within the App Installer file, if any. + +## PARAMETERS + +### -AllowUnsigned + +Allows adding an unsigned package. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AppInstallerFile + +Runs an appinstaller file and allows the user to install all the defined packages with a single +click. For more information, see +[Create an App Installer file manually](/windows/msix/app-installer/how-to-create-appinstaller-file). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddByAppInstallerSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DeferRegistrationWhenPackagesAreInUse + +Specifies that the app won't register for a user if currently in use. The app will update on the +next launch. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DependencyPackages + +Specifies the dependency package full name or dependency package bundle full name to be registered. + +```yaml +Type: System.String[] +Parameter Sets: RegisterByPackageFullNameSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -DependencyPath + +Specifies an array of file paths of dependency packages that are required for the installation of +the app package. The app package has an `.msix`, `.appx`, `.msixbundle`, or `.appxbundle` filename +extension. You can specify the paths to more than one dependency package. If a package is already +installed for a user, you can skip adding it to the DependencyPath. + +```yaml +Type: System.String[] +Parameter Sets: AddSet, RegisterSet, UpdateSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisableDevelopmentMode + +Indicates that this cmdlet registers an existing app package installation that has been disabled, +didn't register, or has become corrupted. Use the current parameter to specify that the manifest is +from an existing installation, and not from a collection of files in development mode. You can also +use this parameter to register an application that the +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) has staged. Use the +**Register** parameter to specify the location of the app package manifest `.xml` file from the +installation location. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RegisterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExternalLocation + +URI path of an external disk location outside of the MSIX package where the package manifest can +reference application content. + +```yaml +Type: System.String +Parameter Sets: AddSet, RegisterSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExternalPackages + +Specifies an array of optional packages that must be installed along with the app package. It's an +atomic operation, which means that if the app or its optional packages fail to install, the +deployment operation will be aborted. + +```yaml +Type: System.String[] +Parameter Sets: AddSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceApplicationShutdown + +Indicates that this cmdlet forces all active processes associated with the package or its +dependencies to shut down. If you specify this parameter, don't specify the +**ForceTargetApplicationShutdown** parameter. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, RegisterSet, UpdateSet, RegisterByPackageFullNameSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceTargetApplicationShutdown + +Indicates that this cmdlet forces all active processes associated with the package to shut down. If +you specify this parameter, don't specify the **ForceApplicationShutdown** parameter. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, AddByAppInstallerSet, RegisterSet, UpdateSet, RegisterByPackageFullNameSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceUpdateFromAnyVersion + +This parameter is used to force a specific version of a package to be staged or registered, +regardless of whether a higher version is already staged or registered. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, RegisterSet, UpdateSet, StageSet, RegisterByPackageFullNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InstallAllResources + +Indicates that this cmdlet forces the deployment of all resource packages specified from a bundle +argument. This overrides the resource applicability check of the deployment engine and forces +staging of all resource packages, registration of all resource packages, or staging and registration +of all resource packages. This parameter can only be used when specifying a resource bundle or +resource bundle manifest. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, AddByAppInstallerSet, RegisterSet, UpdateSet, RegisterByPackageFullNameSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LimitToExistingPackages + +This parameter is used to prevent missing referenced packages to be downloaded. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddByAppInstallerSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MainPackage + +Specifies the main package full name or bundle full name to register. + +```yaml +Type: System.String +Parameter Sets: RegisterByPackageFullNameSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -OptionalPackages + +Specifies the PackageFamilyName of the optional packages that are in a related set that need to be +installed along with the app. Unlike the external packages flag, you don't need to pass in a path +to the optional packages. It's an atomic operation, which means that if the app or its optional +packages fail to install, the deployment operation will be aborted. + +```yaml +Type: System.String[] +Parameter Sets: AddSet, StageSet, RegisterByPackageFamilyNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path + +Specifies the path to the app package file. An app package has an `.msix`, `.appx`, `.msixbundle`, +or `.appxbundle` filename extension. + +```yaml +Type: System.String +Parameter Sets: AddSet, AddByAppInstallerSet, RegisterSet, UpdateSet, StageSet +Aliases: PSPath + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Register + +Indicates that this cmdlet registers an application in development mode. You can use development +mode to install applications from a folder of unpackaged files. You can use the current parameter +to test your Windows Store apps before you deploy them as app packages. To register an existing app +package installation, you must specify the **DisableDevelopmentMode** parameter and the +**Register** parameter. To specify dependency packages, use the **DependencyPath** parameter and +the **DisableDevelopmentMode** parameter. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RegisterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RegisterByPackageFullNameSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RegisterByFamilyName + +Specifies the parameter -MainPackage that defines the family name or full name to be registered. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RegisterByPackageFamilyNameSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelatedPackages + +This is an optional element that's used to specify the other optional packages that are specified +in the main app package. These packages won't be installed as part of the deployment operation. + +```yaml +Type: System.String[] +Parameter Sets: AddSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RequiredContentGroupOnly + +Specifies that only the required content group that's specified in the `AppxContentGroupMap.xml` +must be installed. At this point the app can be launched. Calling `Add-AppxPackage` and specifying +the path to the app triggers the rest of the app to be installed in the order defined in the +`AppxContentGroupMap.xml`. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, AddByAppInstallerSet, UpdateSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetainFilesOnFailure + +In case of a failed deployment, if this switch is set to `$true`, files that have been created on +the target machine during the installation process aren't removed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AddSet, UpdateSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Stage + +Stages a package to the system without registering it. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: StageSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StubPackageOption + +Defines the stub behavior for an app package that's being added or staged. The acceptable values +for this parameter are: + +- `Default`: Uses the default behavior +- `InstallFull`: Installs as a full app +- `InstallStub`: Installs as a stub app +- `UsePreference`: Uses the current + [PackageStubPreference](/uwp/api/windows.management.deployment.packagestubpreference) for the + package + +```yaml +Type: StubPackageOption +Parameter Sets: AddSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Update + +Specifies that the package being added is a dependency package update. A dependency package is +removed from the user account when the parent app is removed. If you don't use this parameter, the +package being added is a primary package and isn't removed from the user account if the parent app +is removed. To update an already installed package, the new package must have the same package +family name. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: UpdateSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Volume + +Specifies the **AppxVolume** object to stage the package in. The volume also specifies the default +location for user **AppData**. + +```yaml +Type: AppxVolume +Parameter Sets: AddSet, AddByAppInstallerSet, StageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### System.IO.FileInfo + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](https://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Move-AppxPackage](./Move-AppxPackage.md) + +[Remove-AppxPackage](./Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Add-AppxVolume.md b/docset/winserver2025-ps/appx/Add-AppxVolume.md new file mode 100644 index 0000000000..1b0c5c203f --- /dev/null +++ b/docset/winserver2025-ps/appx/Add-AppxVolume.md @@ -0,0 +1,115 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/add-appxvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-AppxVolume +--- + +# Add-AppxVolume + +## SYNOPSIS +Adds an appx volume to the Package Manager. + +## SYNTAX + +``` +Add-AppxVolume [-Path] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Add-AppxVolume` cmdlet adds an **AppxVolume** for the Package Manager to advertise. After you +add a volume, Appx deployment operations can use that volume as a target. This cmdlet returns the +volume that it adds. Note, the **Path** parameter must be specified as a drive letter followed by +`WindowsApps` as the directory. Not using this format could lead to inconsistent behavior in the +application model subsystems or the volume itself. For more information, see the examples section. + +## EXAMPLES + +### Example 1: Add a volume + +```powershell +Add-AppxVolume -Path "E:\WindowsApps" +``` + +This command adds the volume `E:\WindowsApps` to Package Manager. + +## PARAMETERS + +### -Path + +Specifies the path of the mount point of the volume that this cmdlet adds. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: PSPath + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Appx.PackageManager.Commands.AppxVolume + +This cmdlet returns the **AppxVolume** object that it adds. + +## NOTES + +## RELATED LINKS + +[Dismount-AppxVolume](./Dismount-AppxVolume.md) + +[Get-AppxVolume](./Get-AppxVolume.md) + +[Mount-AppxVolume](./Mount-AppxVolume.md) + +[Remove-AppxVolume](./Remove-AppxVolume.md) diff --git a/docset/winserver2025-ps/appx/Appx.md b/docset/winserver2025-ps/appx/Appx.md new file mode 100644 index 0000000000..a9ee193671 --- /dev/null +++ b/docset/winserver2025-ps/appx/Appx.md @@ -0,0 +1,109 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.6.4 +Locale: en-US +Module Guid: aeef2bef-eba9-4a1d-a3d2-d0b52df76deb +Module Name: Appx +ms.date: 05/15/2023 +title: Appx +--- + +# Appx Module + +## Description + +The Windows PowerShell cmdlets for AppX are designed to streamline the administration of MSIX or +AppX package management. + +## Appx Cmdlets + +### [Add-AppSharedPackageContainer](Add-AppSharedPackageContainer.md) + +Deploys the shared package container definition. + +### [Add-AppxPackage](Add-AppxPackage.md) + +Adds a signed app package to a user account. + +### [Add-AppxVolume](Add-AppxVolume.md) + +Adds an appx volume to the Package Manager. + +### [Dismount-AppxVolume](Dismount-AppxVolume.md) + +Dismounts an appx volume. + +### [Get-AppSharedPackageContainer](Get-AppSharedPackageContainer.md) + +Gets information about the shared package container. + +### [Get-AppxDefaultVolume](Get-AppxDefaultVolume.md) + +Gets the default appx volume. + +### [Get-AppxLastError](Get-AppxLastError.md) + +Get the last error reported in the app package installation logs. + +### [Get-AppxLog](Get-AppxLog.md) + +Gets an app package installation log. + +### [Get-AppxPackage](Get-AppxPackage.md) + +Gets a list of the app packages that are installed in a user profile. + +### [Get-AppxPackageAutoUpdateSettings](Get-AppxPackageAutoUpdateSettings.md) + +Provides visibility to the settings configured on a Windows 10 client device for a particular +Windows App. + +### [Get-AppxPackageManifest](Get-AppxPackageManifest.md) + +Gets the manifest of an app package. + +### [Get-AppxVolume](Get-AppxVolume.md) + +Gets appx volumes for the computer. + +### [Invoke-CommandInDesktopPackage](Invoke-CommandInDesktopPackage.md) + +Runs a command in the context of a specified app package. + +### [Mount-AppxVolume](Mount-AppxVolume.md) + +Mounts an appx volume. + +### [Move-AppxPackage](Move-AppxPackage.md) + +Moves a package from its current location to another appx volume. + +### [Remove-AppSharedPackageContainer](Remove-AppSharedPackageContainer.md) + +Removes the shared package container. + +### [Remove-AppxPackage](Remove-AppxPackage.md) + +Removes an app package from one or more user accounts. + +### [Remove-AppxVolume](Remove-AppxVolume.md) + +Removes an appx volume. + +### [Reset-AppSharedPackageContainer](Reset-AppSharedPackageContainer.md) + +Destroys all the application data of the container. + +### [Reset-AppxPackage](Reset-AppxPackage.md) + +Use to reset your installed Windows Apps. Restores the Windows app to its initial configuration. + +### [Set-AppxDefaultVolume](Set-AppxDefaultVolume.md) + +Specifies a default appx volume. + +### [Set-AppxPackageAutoUpdateSettings](Set-AppxPackageAutoUpdateSettings.md) + +Provides access to configure a specific Windows App's Auto Update and Repair settings. Including +pausing update checks. diff --git a/docset/winserver2025-ps/appx/Dismount-AppxVolume.md b/docset/winserver2025-ps/appx/Dismount-AppxVolume.md new file mode 100644 index 0000000000..dc4f5d40ec --- /dev/null +++ b/docset/winserver2025-ps/appx/Dismount-AppxVolume.md @@ -0,0 +1,116 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/dismount-appxvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Dismount-AppxVolume +--- + +# Dismount-AppxVolume + +## SYNOPSIS +Dismounts an appx volume. + +## SYNTAX + +``` +Dismount-AppxVolume [-Volume] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Dismount-AppxVolume` cmdlet dismounts an **AppxVolume**. After you dismount a volume, all +apps that are deployed to that target become inaccessible. + +## EXAMPLES + +### Example 1: Dismount a volume by using a path + +```powershell +Dismount-AppxVolume -Volume E:\ +``` + +This command dismounts a volume at the path `E:\`. + +### Example 2: Dismount a volume by using an ID + +```powershell +Dismount-AppxVolume -Volume {7e62a691-398e-4fbe-819a-64f1e407777a} +``` + +This command dismounts a volume that has the specified media ID. + +## PARAMETERS + +### -Volume + +Specifies the **AppxVolume** object to dismount. + +```yaml +Type: AppxVolume[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppxVolume](./Add-AppxVolume.md) + +[Get-AppxVolume](./Get-AppxVolume.md) + +[Mount-AppxVolume](./Mount-AppxVolume.md) + +[Remove-AppxVolume](./Remove-AppxVolume.md) diff --git a/docset/winserver2025-ps/appx/Get-AppSharedPackageContainer.md b/docset/winserver2025-ps/appx/Get-AppSharedPackageContainer.md new file mode 100644 index 0000000000..854c5be3c2 --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppSharedPackageContainer.md @@ -0,0 +1,114 @@ +--- +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appsharedpackagecontainer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppSharedPackageContainer +--- + +# Get-AppSharedPackageContainer + +## SYNOPSIS +Gets information about the shared package container. + +## SYNTAX + +``` +Get-AppSharedPackageContainer [[-Name] ] [[-Id] ] [-AllUsers] + [] +``` + +## DESCRIPTION + +The cmdlet shows information about any shared package container. In particular, it shows what +packages are inside the shared package container. + +## EXAMPLES + +### Example 1 + +```powershell +Get-AppSharedPackageContainer -Name Contoso* +``` + +```output +Name : ContosoTestContainer +Id : ContosoTestContainer_1 +PackageFamilyNames : {Contoso.SpellCheckPlugin.1.0.0.0_7pneu3d8sswe, Notepad++.2.0.0.1_ohjis898f1} + +Name : ContosoTestContainer +Id : ContosoTestContainer_2 +PackageFamilyNames : {Contoso.SpellCheckPlugin2.1.0.0.0_7pneu3d8sswe, Notepad++.2.0.0.1_ohjis898f1} +``` + +This command shows the packages in any shared package container that has a prefix of Contoso. + +## PARAMETERS + +### -AllUsers + +Unsupported. Will result in `-AllUsers functionality is not yet implemented` error. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Id + +Id of the container. Can be acquired by running `Get-AppSharedPackageContainer`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name + +The name of the container. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/appx/Get-AppxDefaultVolume.md b/docset/winserver2025-ps/appx/Get-AppxDefaultVolume.md new file mode 100644 index 0000000000..d2cb601a9c --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxDefaultVolume.md @@ -0,0 +1,57 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxdefaultvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxDefaultVolume +--- + +# Get-AppxDefaultVolume + +## SYNOPSIS +Gets the default appx volume. + +## SYNTAX + +``` +Get-AppxDefaultVolume [] +``` + +## DESCRIPTION + +The `Get-AppxDefaultVolume` cmdlet gets the default **AppxVolume**. The default **AppxVolume** is +the default target for all deployment operations on the computer. You can't remove the default +**AppxVolume** from the list of volumes. + +## EXAMPLES + +### Example 1: Get the default volume + +```powershell +Get-AppxDefaultVolume +``` + +This command gets the current default deployment target. + +## PARAMETERS + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Appx.PackageManager.Commands.AppxVolume + +## NOTES + +## RELATED LINKS + +[Set-AppxDefaultVolume](./Set-AppxDefaultVolume.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxLastError.md b/docset/winserver2025-ps/appx/Get-AppxLastError.md new file mode 100644 index 0000000000..7cd89322ea --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxLastError.md @@ -0,0 +1,67 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxlasterror?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxLastError +--- + +# Get-AppxLastError + +## SYNOPSIS +Get the last error reported in the app package installation logs. + +## SYNTAX + +``` +Get-AppxLastError [] +``` + +## DESCRIPTION + +The `Get-AppxLastError` cmdlet gets the last error reported in the app package installation logs +for the current Windows PowerShell session. An app package has an `.msix` or `.appx` file +extension. + +## EXAMPLES + +### Example 1: Get the last error + +```powershell +Get-AppxLastError +``` + +This command gets the last error reported in the app installation logs. + +## PARAMETERS + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Diagnostics.Eventing.Reader.EventLogRecord + +## NOTES + +## RELATED LINKS + +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Deploy App Packages](https://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Get-AppxLog](./Get-AppxLog.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxLog.md b/docset/winserver2025-ps/appx/Get-AppxLog.md new file mode 100644 index 0000000000..1aa97c0a3b --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxLog.md @@ -0,0 +1,126 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxlog?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxLog +--- + +# Get-AppxLog + +## SYNOPSIS +Gets an app package installation log. + +## SYNTAX + +### All (Default) + +``` +Get-AppxLog [-All] [] +``` + +### ActivityId + +``` +Get-AppxLog [-ActivityId ] [] +``` + +## DESCRIPTION + +The `Get-AppxLog` cmdlet gets the app package installation log created during the deployment of +an app package. An app package has an `.msix` or `.appx` file extension. The log contains errors, +warnings, and additional information about the processes initiated by cmdlets in the Appx Windows +PowerShell module. + +When `Add-AppxPackage` or `Remove-AppxPackage` report a failure, they return the **ActivityID** to +use with `Get-AppxLog`. + +For more information about common error codes, see +[Troubleshooting packaging, deployment, and query of Windows Store apps](https://go.microsoft.com/fwlink/?LinkId=271201). + +## EXAMPLES + +### Example 1: Get logs for the most recent deployment + +```powershell +Get-AppxLog +``` + +This command gets the logs associated with the most recent deployment operation. + +### Example 2: Get logs for all logs + +```powershell +Get-AppxLog -All +``` + +This command gets all the app package installation logs on the computer. + +## PARAMETERS + +### -ActivityId + +Specifies an activity ID. This cmdlet uses the ID to get the log for a particular app package +installation. + +```yaml +Type: System.String +Parameter Sets: ActivityId +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -All + +Indicates that the cmdlet gets all logs on the computer. You can get additional information when you +run this cmdlets from Windows PowerShell as an administrator. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: All +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.System.String[] + +## OUTPUTS + +### System.Diagnostics.Eventing.Reader.EventLogRecord + +## NOTES + +## RELATED LINKS + +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](https://go.microsoft.com/fwlink/?LinkID=231020) + +[Troubleshooting packaging, deployment, and query of Windows Store apps](https://go.microsoft.com/fwlink/?LinkId=271201) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Get-AppxLastError](./Get-AppxLastError.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxPackage.md b/docset/winserver2025-ps/appx/Get-AppxPackage.md new file mode 100644 index 0000000000..ab767b4456 --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxPackage.md @@ -0,0 +1,220 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxPackage +--- + +# Get-AppxPackage + +## SYNOPSIS +Gets a list of the app packages that are installed in a user profile. + +## SYNTAX + +``` +Get-AppxPackage [-AllUsers] [-PackageTypeFilter ] + [[-Name] ] [[-Publisher] ] [-User ] + [-Volume ] [] +``` + +## DESCRIPTION + +The `Get-AppxPackage` cmdlet gets a list of the app packages that are installed in a user profile. +An app package has an `.msix` or `.appx` file extension. To get the list of packages for a user +profile other than the profile for the current user, you must run this command with administrator +permissions. + +## EXAMPLES + +### Example 1: Get all app packages for every user account + +```powershell +Get-AppxPackage -AllUsers +``` + +This command lists the app packages that are installed for every user account on the computer. + +### Example 2: Get an app package for a specific a user + +```powershell +Get-AppxPackage -Name "Package17" -User "Contoso\EvanNarvaez" +``` + +This command displays information about `Package17` if it's installed in the specified user +profile. + +### Example 3: Get a particular app package information + +```powershell +Get-AppxPackage -Name Microsoft.ScreenSketch +``` + +This command displays information about the ScreenSketch app. + +### Example 4: Get all app packages for a particular Publisher + +```powershell +Get-AppxPackage -Publisher "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" +``` + +This command lists all the Microsoft app packages that are installed on the computer. + +### Example 5: Get all app packages with PackageTypeFilter + +```powershell +Get-AppxPackage -PackageTypeFilter Bundle,Framework,Main,Resource +``` + +This command lists all the app packages with PackageTypeFilter installed on the computer. + +## PARAMETERS + +### -AllUsers + +Indicates that this cmdlet lists app packages for all user accounts on the computer. To use this +parameter, you must run the command with administrator permissions. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Name + +Specifies the name of a particular package. If you specify this parameter, the cmdlet returns +results for this package only. Wildcards are permitted. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PackageTypeFilter + +Specifies one or more comma-separated types of packages that the cmdlet gets from the package +repository. + +By default, this cmdlet returns only packages of types `Main` and `Framework`. + +```yaml +Type: PackageTypes +Parameter Sets: (All) +Aliases: +Accepted values: None, Main, Framework, Resource, Bundle, Xap, Optional + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Publisher + +Specifies the publisher of a particular package. If you specify this parameter, the cmdlet returns +results only for this publisher. Wildcards are permitted. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -User + +Specifies a user. If you specify this parameter, the cmdlet returns a list of app packages that are +installed for only the user that this cmdlet specifies. To get the list of packages for a user +profile other than the profile for the current user, you must run this command with +administrator permissions. The user name can be in one of these formats: + +- `domain\user_name` +- `user_name@fqn.domain.tld` +- `user_name` +- `SID-string` + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Volume + +Specifies an **AppxVolume** object. If you specify this parameter, this cmdlet returns only +packages that are relative to volume that this parameter specifies. + +```yaml +Type: AppxVolume +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage + +This cmdlet returns an **AppxPackage** object that contains information, including the full name of +the app package. + +## NOTES + +## RELATED LINKS + +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](https://go.microsoft.com/fwlink/?LinkID=231020) + +[Add-AppxPackage](./Add-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Move-AppxPackage](./Move-AppxPackage.md) + +[Remove-AppxPackage](./Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxPackageAutoUpdateSettings.md b/docset/winserver2025-ps/appx/Get-AppxPackageAutoUpdateSettings.md new file mode 100644 index 0000000000..56d326a024 --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxPackageAutoUpdateSettings.md @@ -0,0 +1,148 @@ +--- +description: Provides guidance on how to view the auto-update and repair settings of a Windows App. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/Get-AppxPackageAutoUpdateSettings?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +--- + +# Get-AppxPackageAutoUpdateSettings + +## SYNOPSIS + +Provides visibility to the settings configured for a particular Windows App. + +## SYNTAX + +``` +Get-AppxPackageAutoUpdateSettings [[-PackageFullName] ] [-ShowUpdateAvailability] + [-AllUsers] [] +``` + +## DESCRIPTION + +The `Get-AppxPackageAutoUpdateSettings` PowerShell cmdlet returns the settings configured for a +specific or all installed Windows Apps in relation to Auto Update and Repair. + +## EXAMPLES + +### Example 1: Get all App Package Auto Update settings + +```powershell +Get-AppxPackageAutoUpdateSettings +``` + +This will return the Auto Update and Repair settings for all configured and installed Windows Apps +on the device, and registered to the user. + +### Example 2: Get App Package Auto Update settings for all users + +```powershell +Get-AppxPackageAutoUpdateSettings -AllUsers +``` + +This will return the Auto Update and Repair settings for all configured and installed Windows Apps +that have been registered for all users. + +### Example 3: Get a single App Package Auto Update setting + +```powershell +Get-AppxPackageAutoUpdateSettings -PackageFullName publisher.package1_1.0.0.0_neutral__8wekyb3d8bbwe +``` + +This will return the Auto Update and Repair settings for a specific Windows App that has been +installed and registered to the signed-in user. + +### Example 4: Get App Package Auto Update settings for all installed Windows Apps + +```powershell +Get-AppxPackageAutoUpdateSettings -ShowUpdateAvailability +``` + +Displays available update information for all installed Windows Apps. + +## PARAMETERS + +### -PackageFullName + +Specifies the Package Full Name of the app that's being queried. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: True +``` + +### -ShowUpdateAvailability + +Specifies to display available update information for a specific Windows App. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -AllUsers + +Specifies to display Windows App Auto Update and Repair settings for all that are installed for all +users. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Management.Automation.SwitchParameter + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Package Manager API](http://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](http://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Move-AppxPackage](./Move-AppxPackage.md) + +[Remove-AppxPackage](./Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxPackageManifest.md b/docset/winserver2025-ps/appx/Get-AppxPackageManifest.md new file mode 100644 index 0000000000..1e6df4b24b --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxPackageManifest.md @@ -0,0 +1,129 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxpackagemanifest?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxPackageManifest +--- + +# Get-AppxPackageManifest + +## SYNOPSIS +Gets the manifest of an app package. + +## SYNTAX + +``` +Get-AppxPackageManifest [-Package] [[-User] ] [] +``` + +## DESCRIPTION + +The `Get-AppxPackageManifest` cmdlet gets the manifest of an app package. An app package has an +`.msix` or `.appx` file name extension. The manifest is an `.xml` document that contains +information about the package, like the package ID. + +## EXAMPLES + +### Example 1: Get the manifest for an app package + +```powershell +Get-AppxPackageManifest -Package "package1_1.0.0.0_neutral__8wekyb3d8bbwe" +``` + +This command gets the manifest for an app package named package1_1.0.0.0_neutral__8wekyb3d8bbwe. + +### Example 2: Get the application ID for an app package + +```powershell +(Get-AppxPackage -Name "*WinJS*" | Get-AppxPackageManifest).package.applications.application.id +``` + +This command gets the application ID for an app package that has the string WinJS in the name. + +### Example 3 + +```powershell +(Get-AppxPackage -Name "*ZuneMusic*" | Get-AppxPackageManifest).Package.Capabilities +``` + +This command gets the capabilities for an app package that has the string ZuneMusic in the name. + +## PARAMETERS + +### -Package + +Specifies an **AppxPackage** object or the full name of a package. To get the manifest of a package +on the computer that's not installed for the current user, you must run this command with +administrator permissions. Wildcards are permitted. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -User + +Specifies a user. This cmdlet gets the manifest of packages that are installed for the user that +this parameter specifies. To get the list of packages for a user profile other than the profile for +the current user, you must run this command with administrator permissions. The user name can be +in one of these formats: + +- `domain\user_name` +- `user_name@fqn.domain.tld` +- `user_name` +- `SID-string` + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage[] + +This cmdlet accepts an array of **AppxPackage** objects that contain information, including the full +name of the app package. + +## OUTPUTS + +### System.XML.XMLDocument + +This cmdlet returns a read-only `.xml` document that contains information about the app package, +like the package ID. + +## NOTES + +## RELATED LINKS + +[Package Manager API](https://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](https://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Add-AppxPackage](./Add-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Get-AppxVolume.md b/docset/winserver2025-ps/appx/Get-AppxVolume.md new file mode 100644 index 0000000000..7fbcb35d24 --- /dev/null +++ b/docset/winserver2025-ps/appx/Get-AppxVolume.md @@ -0,0 +1,161 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/get-appxvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AppxVolume +--- + +# Get-AppxVolume + +## SYNOPSIS +Gets appx volumes for the computer. + +## SYNTAX + +### DefaultParameterSet + +``` +Get-AppxVolume [[-Path] ] [] +``` + +### OnlineParameterSet + +``` +Get-AppxVolume [[-Path] ] [-Online] [] +``` + +### OfflineParameterSet + +``` +Get-AppxVolume [[-Path] ] [-Offline] [] +``` + +## DESCRIPTION + +The `Get-AppxVolume` cmdlet gets a list of **AppxVolume** objects known to the computer. +Volumes can be added by the user or a device, for instance, by using Storage Sense. + +## EXAMPLES + +### Example 1: Get all the volumes + +```powershell +Get-AppxVolume +``` + +The command gets all the **AppxVolume** objects on the computer. + +### Example 2: Get the volume at a path + +```powershell +Get-AppxVolume -Path F:\ +``` + +This command gets the **AppxVolume** at the path F:\. + +### Example 3: Get mounted volumes + +```powershell +Get-AppxVolume -Online +``` + +This command gets only **AppxVolume** objects that are currently mounted on the computer. + +### Example 4: Get volumes that are note mounted + +```powershell +Get-AppxVolume -Offline +``` + +This command gets the **AppxVolume** objects that not currently mounted on the computer. + +## PARAMETERS + +### -Offline + +Indicates that this cmdlet returns only volumes that are currently dismounted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: OfflineParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Online + +Indicates that this cmdlet returns only volumes that are currently mounted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: OnlineParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path + +Specifies the path of the mount point of a volume. This cmdlet gets a volume at the location that +this parameter specifies. + +```yaml +Type: String +Parameter Sets: DefaultParameterSet +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +```yaml +Type: String +Parameter Sets: OnlineParameterSet, OfflineParameterSet +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Microsoft.Appx.PackageManager.Commands.AppxVolume + +## NOTES + +## RELATED LINKS + +[Add-AppxVolume](./Add-AppxVolume.md) + +[Dismount-AppxVolume](./Dismount-AppxVolume.md) + +[Mount-AppxVolume](./Mount-AppxVolume.md) + +[Remove-AppxVolume](./Remove-AppxVolume.md) diff --git a/docset/winserver2025-ps/appx/Invoke-CommandInDesktopPackage.md b/docset/winserver2025-ps/appx/Invoke-CommandInDesktopPackage.md new file mode 100644 index 0000000000..61c8c0910e --- /dev/null +++ b/docset/winserver2025-ps/appx/Invoke-CommandInDesktopPackage.md @@ -0,0 +1,174 @@ +--- +description: A debugging tool that creates a new process in the context of a packaged app. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/invoke-commandindesktoppackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Invoke-CommandInDesktopPackage +--- + +# Invoke-CommandInDesktopPackage + +## SYNOPSIS +A debugging tool that creates a new process in the context of a packaged app. + +## SYNTAX + +``` +Invoke-CommandInDesktopPackage [-PackageFamilyName] [-AppId] + [-Command] [[-Args] ] [-PreventBreakaway] [] +``` + +## DESCRIPTION + +`Invoke-CommandInDesktopPackage` creates a new process in the context of the supplied +**PackageFamilyName** and **AppId**. + +The created process will have the identity of the provided **AppId** and will have access to its +virtualized file system and registry (if any). The new process will have a token that's similar to, +but not identical to, a real **AppId** process. + +The primary use-case of this command is to invoke debugging or troubleshooting tools in the context +of the packaged app to access its virtualized resources. For example, you can run the Registry +Editor to see virtualized registry keys, or Notepad to read virtualized files. See the important +note that follows on using tools such as the Registry Editor that require elevation. + +No guarantees are made about the behavior of the created process, other than it having the package +identity and access to the package's virtualized resources. In particular, the new process will +_not_ be created in an AppContainer even if an **AppId** process would normally be created in an +AppContainer. Features such as Privacy Controls or other App Settings may or may not apply to the +new process. You shouldn't rely on any specific side-effects of using this command, as they're +undefined and subject to change. + +## EXAMPLES + +### Example 1: Invoke Notepad to read virtualized files + +The following command invokes Notepad in the context of the `ContosoApp` app from the +`Contoso.MyApp` package. This allows you to access resources such as a log file or configuration +file stored in the app's virtualized filesystem. + +```powershell +$params = @{ + AppId = 'ContosoApp' + PackageFamilyName = 'Contoso.MyApp_abcdefgh23456' + Command = 'notepad.exe' +} +Invoke-CommandInDesktopPackage @params +``` + +## PARAMETERS + +### -AppId + +**AppId** is the Application ID from the target package's manifest. + +For example, `MyAppName` is the Application ID in this manifest snippet: + +`` + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Args + +Optional arguments to be passed to the new process. For example, `/foo /bar`. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Command + +An executable to invoke, like `regedit.exe`. + +Note that if the executable requires elevation (like `regedit`), you must call +`Invoke-CommandInDesktopPackage` from an already-elevated context. Calling +`Invoke-CommandInDesktopPackage` from a non-elevated context doesn't work as expected. The new +process is created without the package context, and the PowerShell command fails. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PackageFamilyName + +The Package Family Name of the target package. You can retrieve this by calling +[Get-AppxPackage](./Get-AppxPackage.md). + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PreventBreakaway + +Causes all child processes of the invoked process to also be created in the context of the +**AppId**. By default, child processes are created without any context. This switch is useful for +running `cmd.exe` so that you can launch multiple other tools in the package context. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AppxPackage](./Get-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Mount-AppxVolume.md b/docset/winserver2025-ps/appx/Mount-AppxVolume.md new file mode 100644 index 0000000000..dabda054c4 --- /dev/null +++ b/docset/winserver2025-ps/appx/Mount-AppxVolume.md @@ -0,0 +1,116 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/mount-appxvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Mount-AppxVolume +--- + +# Mount-AppxVolume + +## SYNOPSIS +Mounts an appx volume. + +## SYNTAX + +``` +Mount-AppxVolume [-Volume] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Mount-AppxVolume` cmdlet mounts an **AppxVolume**. After you mount a volume, all apps that +are deployed to that target become accessible. + +## EXAMPLES + +### Example 1: Mount a volume by using a path + +```powershell +Mount-AppxVolume -Volume E:\ +``` + +This command mounts a volume at the path `E:\`. + +### Example 2: Mount a volume by using an ID + +```powershell +Mount-AppxVolume -Volume {7e62a691-398e-4fbe-819a-64f1e407777a} +``` + +This command mounts a volume that has the specified media ID. + +## PARAMETERS + +### -Volume + +Specifies the **AppxVolume** object to mount. + +```yaml +Type: AppxVolume[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppxVolume](./Add-AppxVolume.md) + +[Dismount-AppxVolume](./Dismount-AppxVolume.md) + +[Get-AppxVolume](./Get-AppxVolume.md) + +[Remove-AppxVolume](./Remove-AppxVolume.md) diff --git a/docset/winserver2025-ps/appx/Move-AppxPackage.md b/docset/winserver2025-ps/appx/Move-AppxPackage.md new file mode 100644 index 0000000000..6e61d4c6a1 --- /dev/null +++ b/docset/winserver2025-ps/appx/Move-AppxPackage.md @@ -0,0 +1,140 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/move-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Move-AppxPackage +--- + +# Move-AppxPackage + +## SYNOPSIS +Moves a package from its current location to another appx volume. + +## SYNTAX + +``` +Move-AppxPackage [-Package] [-Volume] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION + +The `Move-AppxPackage` cmdlet moves a package from its current location to another **AppxVolume**. +The new location must be a volume that Package Manager knows about and that's mounted. This cmdlet +also moves your application data to the specified volume. + +## EXAMPLES + +### Example 1: Move a package to a volume specified by a path + +```powershell +Move-AppxPackage -Package "package1_1.0.0.0_neutral__8wekyb3d8bbwe" -Volume F:\ +``` + +This command moves package that has the specified name to volume `F:\`. This cmdlet also moves your +app data. + +### Example 2: Move a package to a volume specified by an ID + +```powershell +$params = @{ + Package = 'package1_1.0.0.0_neutral__8wekyb3d8bbwe' + Volume = '{d2a4d1f4-f45a-46f3-a419-160ab52af091}' +} +Move-AppxPackage @params +``` + +This command moves package that has the specified name to the volume that has the specified media +ID. This cmdlet also moves your app data. + +## PARAMETERS + +### -Package + +Specifies an **AppxPackage** object or the full name of a package. This cmdlet moves the package +that this parameter specifies. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Volume + +Specifies an **AppxVolume** object. The cmdlet moves the package to the volume that this parameter +specifies. + +```yaml +Type: AppxVolume +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppxPackage](./Add-AppxPackage.md) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Remove-AppxPackage](./Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Remove-AppSharedPackageContainer.md b/docset/winserver2025-ps/appx/Remove-AppSharedPackageContainer.md new file mode 100644 index 0000000000..3372cb3aa9 --- /dev/null +++ b/docset/winserver2025-ps/appx/Remove-AppSharedPackageContainer.md @@ -0,0 +1,103 @@ +--- +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/remove-appsharedpackagecontainer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppSharedPackageContainer +--- + +# Remove-AppSharedPackageContainer + +## SYNOPSIS +Removes the shared package container. + +## SYNTAX + +``` +Remove-AppSharedPackageContainer [-Name] [-ForceApplicationShutdown] [-AllUsers] + [] +``` + +## DESCRIPTION + +The cmdlet removes the shared package container definition for the particular user. + +## EXAMPLES + +### Example 1 + +```powershell +Remove-AppSharedPackageContainer -Name ContosoTestContainer +``` + +This command removes the shared package container definition with the name `ContosoTestContainer`. + +## PARAMETERS + +### -AllUsers + +Unsupported. Will result in `-AllUsers functionality is not yet implemented` error. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceApplicationShutdown + +Closes all packages in the Shared Package Container. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name + +The name of the container. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/appx/Remove-AppxPackage.md b/docset/winserver2025-ps/appx/Remove-AppxPackage.md new file mode 100644 index 0000000000..7e5d0b3fc5 --- /dev/null +++ b/docset/winserver2025-ps/appx/Remove-AppxPackage.md @@ -0,0 +1,214 @@ +--- +description: Removes an app package from one or more user accounts. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/remove-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppxPackage +--- + +# Remove-AppxPackage + +## SYNOPSIS +Removes an app package from one or more user accounts. + +## SYNTAX + +### RemoveByPackageSet (Default) + +``` +Remove-AppxPackage [-Package] [-PreserveApplicationData] [-WhatIf] [-Confirm] + [] +``` + +### RemoveByPackageForRoamingSet + +``` +Remove-AppxPackage [-Package] [-PreserveRoamableApplicationData] [-WhatIf] [-Confirm] + [] +``` + +### AllUsersSet + +``` +Remove-AppxPackage [-Package] [-AllUsers] [-WhatIf] [-Confirm] [] +``` + +### UserSet + +``` +Remove-AppxPackage [-Package] -User [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Remove-AppxPackage` cmdlet removes an app package from a user account. An app package has an +`.msix` or `.appx` file extension. + +## EXAMPLES + +### Example 1: Remove an app package + +```powershell +Remove-AppxPackage -Package 'package1_1.0.0.0_neutral__8wekyb3d8bbwe' +``` + +This command removes an app package named `package1_1.0.0.0_neutral__8wekyb3d8bbwe` from the +account of the current user. + +## PARAMETERS + +### -AllUsers + +This parameter removes the app package for all user accounts on the computer. The parameter works +off the parent package type. If it's a bundle, use **PackageTypeFilter** with the `Get-AppxPackage` +command and specify the bundle. To use this parameter, you must run the command with administrator +permissions. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: AllUsersSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package + +Specifies an **AppxPackage** object or the full name of a package. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreserveApplicationData + +Specifies that the cmdlet preserves the application data during the package removal. The +application data is available for later use. Note that this is only applicable for apps that are +under development so this option can only be specified for apps that are registered from file +layout (Loose file registered). + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RemoveByPackageSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreserveRoamableApplicationData + +Preserves the roamable portion of the app's data when the package is removed. This parameter is +incompatible with **PreserveApplicationData**. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: RemoveByPackageForRoamingSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -User + +If you specify this parameter, the cmdlet removes the app package for only the user that this cmdlet +specifies. To remove a package for a user profile other than the profile of the current user, you +must run this command with administrator permissions. + +> [!NOTE] +> +> This parameter only accepts user SIDs. Use the **whoami /user** command to display the current +> SID of a user. See [whoami syntax](/windows-server/administration/windows-commands/whoami) for +> details. + +```yaml +Type: System.String +Parameter Sets: UserSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage + +An **AppxPackage** object that contain information, including the full name of the app package. + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[PackageManager class](https://go.microsoft.com/fwlink/?LinkId=245447) + +[Sideload Apps with DISM](https://go.microsoft.com/fwlink/?LinkID=231020) diff --git a/docset/winserver2025-ps/appx/Remove-AppxPackageAutoUpdateSettings.md b/docset/winserver2025-ps/appx/Remove-AppxPackageAutoUpdateSettings.md new file mode 100644 index 0000000000..921490eff0 --- /dev/null +++ b/docset/winserver2025-ps/appx/Remove-AppxPackageAutoUpdateSettings.md @@ -0,0 +1,123 @@ +--- +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: appx +online version: https://go.microsoft.com/fwlink/?LinkId=246400 +schema: 2.0.0 +title: Remove-AppxPackageAutoUpdateSettings +--- + +# Remove-AppxPackageAutoUpdateSettings + +## SYNOPSIS +Removes settings configured for a particular Windows app. + +## SYNTAX + +``` +Remove-AppxPackageAutoUpdateSettings [-PackageFamilyName] [-UseSystemPolicySource] [-AllUsers] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The 'Remove-AppxPackageAutoUpdateSettings' PowerShell cmdlet removes the settings configured for a specific or all installed Windows apps in relation to the Auto Update and Repair settings. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-AppxPackageAutoUpdateSettings -PackageFullName publisher.package1_1.0.0.0_neutral__8wekyb3d8bbwe +``` + +This example removes the Auto Update and Repair settings for a specific Windows app that has been installed and registered to the signed-in user. + +## PARAMETERS + +### -AllUsers +{{ Fill AllUsers Description }} + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageFamilyName +{{ Fill PackageFamilyName Description }} + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -UseSystemPolicySource +{{ Fill UseSystemPolicySource Description }} + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/appx/Remove-AppxVolume.md b/docset/winserver2025-ps/appx/Remove-AppxVolume.md new file mode 100644 index 0000000000..a1af65bcbb --- /dev/null +++ b/docset/winserver2025-ps/appx/Remove-AppxVolume.md @@ -0,0 +1,117 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/remove-appxvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-AppxVolume +--- + +# Remove-AppxVolume + +## SYNOPSIS +Removes an appx volume. + +## SYNTAX + +``` +Remove-AppxVolume [-Volume] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Remove-AppxVolume` cmdlet removes an **AppxVolume**. You can only remove a volume after there +are no apps staged to it for any user. After you remove a volume, apps can no longer be added to +it. + +## EXAMPLES + +### Example 1: Remove a volume by using an ID + +```powershell +Remove-AppxVolume -Volume {984786d3-0cae-49de-a68f-8bedb0ca260b} +``` + +This command removes a volume that has the specified media ID. + +### Example 2: Remove a volume by using a path + +```powershell +Remove-AppxVolume -Volume E:\ +``` + +This command removes a volume at the path `E:\`. + +## PARAMETERS + +### -Volume + +Specifies the **AppxVolume** object to remove. + +```yaml +Type: AppxVolume[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Add-AppxVolume](./Add-AppxVolume.md) + +[Dismount-AppxVolume](./Dismount-AppxVolume.md) + +[Get-AppxVolume](./Get-AppxVolume.md) + +[Mount-AppxVolume](./Mount-AppxVolume.md) diff --git a/docset/winserver2025-ps/appx/Reset-AppSharedPackageContainer.md b/docset/winserver2025-ps/appx/Reset-AppSharedPackageContainer.md new file mode 100644 index 0000000000..a1fb31ab9e --- /dev/null +++ b/docset/winserver2025-ps/appx/Reset-AppSharedPackageContainer.md @@ -0,0 +1,121 @@ +--- +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/reset-appsharedpackagecontainer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Reset-AppSharedPackageContainer +--- + +# Reset-AppSharedPackageContainer + +## SYNOPSIS +Destroys all the application data of the container. + +## SYNTAX + +``` +Reset-AppSharedPackageContainer [-Name] [-Force] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The cmdlet destroys all the application data of the container, including the virtual files and +registry keys. + +## EXAMPLES + +### Example 1 + +```powershell +Reset-AppSharedPackageContainer -Name ContosoTestContainer +``` + +This command clears all the application data of the shared package container +`ContosoTestContainer`. + +## PARAMETERS + +### -Force + +Skips asking for confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name + +The name of the container. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/appx/Reset-AppxPackage.md b/docset/winserver2025-ps/appx/Reset-AppxPackage.md new file mode 100644 index 0000000000..23ab88662f --- /dev/null +++ b/docset/winserver2025-ps/appx/Reset-AppxPackage.md @@ -0,0 +1,126 @@ +--- +description: Restores the Windows app to its initial configuration. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/reset-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Reset-AppxPackage +--- + +# Reset-AppxPackage + +## SYNOPSIS + +Restores the Windows app to its initial configuration. + +## SYNTAX + +``` +Reset-AppxPackage + [-Package] + [-WhatIf] + [-Confirm] + [] +``` + +## DESCRIPTION + +The `Reset-AppxPackage` cmdlet resets the app to its original settings, and the app will react +as a freshly installed app. + +After resetting the app, any initial prompts by the app will be prompted for user input. + +## EXAMPLES + +### Example 1: Reset app package + +```powershell +Reset-AppxPackage -Package publisher.package1_1.0.0.0_neutral__8wekyb3d8bbwe +``` + +This cmdlet resets the `publisher.package1_1.0.0.0_neutral__8wekyb3d8bbwe` application back to +its original settings. + +## PARAMETERS + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Package + +Specifies the package full name (PFuN) of the app to reset. + +```yaml +Type: System.String +Parameter Sets: None +Aliases: None + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### System.IO.FileInfo + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Package Manager API](http://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](http://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](./Get-AppxPackage.md) + +[Get-AppxPackageManifest](./Get-AppxPackageManifest.md) + +[Move-AppxPackage](./Move-AppxPackage.md) + +[Remove-AppxPackage](./Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/appx/Set-AppxDefaultVolume.md b/docset/winserver2025-ps/appx/Set-AppxDefaultVolume.md new file mode 100644 index 0000000000..e2d519f44b --- /dev/null +++ b/docset/winserver2025-ps/appx/Set-AppxDefaultVolume.md @@ -0,0 +1,112 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-Help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/set-appxdefaultvolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppxDefaultVolume +--- + +# Set-AppxDefaultVolume + +## SYNOPSIS +Specifies a default appx volume. + +## SYNTAX + +``` +Set-AppxDefaultVolume [-Volume] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The `Set-AppxDefaultVolume` cmdlet specifies a default **AppxVolume**. The default **AppxVolume** +is the default target for all deployment operations on the computer. Deployment operations can +specify a different non-default target volume. + +## EXAMPLES + +### Example 1: Set a default volume by using a path + +```powershell +Set-AppxDefaultVolume -Volume F:\ +``` + +This command sets the default volume to be the volume `F:\`. + +### Example 2: Set a default volume by using an ID + +```powershell +Set-AppxDefaultVolume -Volume {ef23c8d6-b13c-4c4c-ae3b-7d5a162de9b9} +``` + +This command sets the default volume to be the one that has the specified media ID. + +## PARAMETERS + +### -Volume + +Specifies the path a volume. This cmdlet sets the volume that this parameter specifies to be the +default deployment target for the computer. + +```yaml +Type: AppxVolume +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet isn't run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[Get-AppxDefaultVolume](./Get-AppxDefaultVolume.md) diff --git a/docset/winserver2025-ps/appx/Set-AppxPackageAutoUpdateSettings.md b/docset/winserver2025-ps/appx/Set-AppxPackageAutoUpdateSettings.md new file mode 100644 index 0000000000..1e469adfd8 --- /dev/null +++ b/docset/winserver2025-ps/appx/Set-AppxPackageAutoUpdateSettings.md @@ -0,0 +1,395 @@ +--- +description: Provides guidance on how to configure the auto-update and repair settings of a Windows App. +external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml +Module Name: Appx +ms.date: 05/15/2023 +online version: https://learn.microsoft.com/powershell/module/appx/reset-appxpackage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AppxPackageAutoUpdateSettings +--- + +# Set-AppxPackageAutoUpdateSettings + +## SYNOPSIS + +Configures a specific Windows App's Auto Update and Repair settings. + +## SYNTAX + +### SetAutoUpdateOptionsSet (Default) + +``` +Set-AppxPackageAutoUpdateSettings [-PackageFamilyName] -AppInstallerUri + [-UpdateUris ] [-RepairUris ] [-OptionalPackages ] + [-DependencyPackages ] [-EnableAutomaticBackgroundTask] [-ForceUpdateFromAnyVersion] + [-DisableAutoRepairs] [-CheckOnLaunch] [-ShowPrompt] [-UpdateBlocksActivation] + [-UseSystemPolicySource] [-HoursBetweenUpdateChecks ] [-Version ] [-WhatIf] + [-Confirm] [] +``` + +### PauseAutoUpdateOptionsSet + +``` +Set-AppxPackageAutoUpdateSettings [-PackageFamilyName] [-PauseUpdates] + [-UseSystemPolicySource] -HoursToPause [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +The `Set-AppxPackageAutoUpdateSettings` cmdlet provides access to configure a specific Windows +App's Auto Update and Repair setings. + +## EXAMPLES + +### Example 1: Update the Auto Update settings for an App + +```powershell +$params = @{ + AppInstallerUri = 'https://website.com/PackageName.appinstaller ' + PackageFamilyName = 'PackageName_8h66172c634n0 ' + CheckOnLaunch = $true + ForceUpdateFromAnyVersion = $true + HoursBetweenUpdateChecks = 2 + ShowPrompt = $true + UpdateUris = 'file://ComputerName/Share/PackageName_x64.appinstaller' +} +Set-AppxPackageAutoUpdateSettings @params +``` + +This cmdlet will update the Auto Update settings of the `PackageName_8h66172c634n0` Windows App to +target an AppInstaller file on a network accessible file share every two hours, displaying a prompt +to the user. Allowing for the Windows App to update to any version (higher or lower) despite the +version of the installed Windows App. + +### Example 2: Disable the Auto Repair setting for an App + +```powershell +$params = @{ + AppInstallerUri = 'https://website.com/PackageName.appinstaller' + PackageFamilyName = 'PackageName_8h66172c634n0' + DisableAutoRepairs = $true +} +Set-AppxPackageAutoUpdateSettings @params +``` + +This cmdlet will disable the automatic repair of the Windows App. + +### Example 3: Pause Updates on a specific Windows App + +```powershell +$params = @{ + HoursToPause = 4320 + PackageFamilyName = 'PackageName_8h66172c634n0' + PauseUpdates = $true +} +Set-AppxPackageAutoUpdateSettings @params +``` + +This cmdlet will pause the Windows App from checking for App updates for `4320` hours (180 Days). + +## PARAMETERS + +### -HoursToPause + +Specifies the duration of time in hours that the Windows App won't check for updates. + +```yaml +Type: System.UInt32 +Parameter Sets: PauseAutoUpdateOptionsSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PauseUpdates + +Specifies if the Windows App updates are to be paused. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: PauseAutoUpdateOptionsSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PackageFamilyName + +Specifies the Package Family Name of the Windows App which is being modified. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AppInstallerUri + +Specifies the location of the AppInstaller file targeted by this Windows App. + +```yaml +Type: System.String +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CheckOnLaunch + +Specifies that the Windows App will check for new updates when the App is launched. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DependencyPackages + +Specifies any Dependency Packages being used by the Windows App. + +```yaml +Type: System.String[] +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisableAutoRepairs + +Turns off the automatic repair of a broken Windows App. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableAutomaticBackgroundTask + +Specifies that the automation of updating and repairing will occur as a background task. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceUpdateFromAnyVersion + +Specifies that the next update of the Windows App can be of a higher or lower version. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HoursBetweenUpdateChecks + +Specifies the time between update checks allowed for a specific Windows App. + +```yaml +Type: System.UInt32 +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OptionalPackages + +Specifies the Optional Packages being used by the Windows App. + +```yaml +Type: System.String[] +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepairUris + +Specifies the location which will be sourced from when repairing the Windows App. + +```yaml +Type: System.String[] +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShowPrompt + +Specifies that if any action is occurring for the Windows App, a prompt will be displayed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UpdateBlocksActivation + +Specifies that if an update is available for a Windows App, the App will prevent launching until the +update has been installed. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UpdateUris + +Specifies the location which will be sourced from when updating the Windows App. + +```yaml +Type: System.String[] +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseSystemPolicySource + +Specifies that an override can be applied to the Developer configured settings. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version + +Specifies the version of the Update Settings being applied. + +```yaml +Type: System.String +Parameter Sets: SetAutoUpdateOptionsSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Package Manager API](http://go.microsoft.com/fwlink/?LinkId=245447) + +[How to Add and Remove Apps](http://go.microsoft.com/fwlink/?LinkID=231020) + +[Get-AppxPackage](Get-AppxPackage.md) + +[Get-AppxPackageManifest](Get-AppxPackageManifest.md) + +[Move-AppxPackage](Move-AppxPackage.md) + +[Remove-AppxPackage](Remove-AppxPackage.md) diff --git a/docset/winserver2025-ps/assignedaccess/AssignedAccess.md b/docset/winserver2025-ps/assignedaccess/AssignedAccess.md new file mode 100644 index 0000000000..7138af8a5c --- /dev/null +++ b/docset/winserver2025-ps/assignedaccess/AssignedAccess.md @@ -0,0 +1,28 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 9e72217e-9e27-45f7-81fc-048763587e0a +Module Name: AssignedAccess +ms.date: 12/20/2016 +title: AssignedAccess +--- + +# AssignedAccess Module +## Description +The Windows PowerShell cmdlets for Assigned Access are designed to enable the administration of restricted app access to specific user accounts. When Assigned Access is configured on a user account, it can use only one Windows Store app. The user cannot exit the app, sign out, or access any system settings. + +Assigned Access cmdlets are supported on Windows 10 and Windows 11 client operating systems only. + +## AssignedAccess Cmdlets +### [Clear-AssignedAccess](./Clear-AssignedAccess.md) +Removes the user account from assigned access. + +### [Get-AssignedAccess](./Get-AssignedAccess.md) +Gets the current configuration for assigned access. + +### [Set-AssignedAccess](./Set-AssignedAccess.md) +Configures a user to launch only one app. + + diff --git a/docset/winserver2025-ps/assignedaccess/Clear-AssignedAccess.md b/docset/winserver2025-ps/assignedaccess/Clear-AssignedAccess.md new file mode 100644 index 0000000000..cf3d7cf03b --- /dev/null +++ b/docset/winserver2025-ps/assignedaccess/Clear-AssignedAccess.md @@ -0,0 +1,91 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: AssignedAccess-help.xml +Module Name: AssignedAccess +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/assignedaccess/clear-assignedaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Clear-AssignedAccess +--- + +# Clear-AssignedAccess + +## SYNOPSIS +Clears assigned access configured account settings. + +## SYNTAX + +``` +Clear-AssignedAccess [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Clear-AssignedAccess** cmdlet clears assigned access configured account settings and returns the user to default settings. + +If a user is signed-in or the computer has a PS/2 keyboard, you must restart the computer to apply the changes. + +Assigned Access cmdlets are supported on Windows 10 and Windows 11 client operating systems only. + +## EXAMPLES + +### Example 1: Clear assigned access configured settings +``` +PS C:\> Clear-AssignedAccess +``` + +This command assigned access configured account settings and returns the user to default settings. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. +You cannot pipe input to this cmdlet. + +## OUTPUTS + +### None. +This cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Get-AssignedAccess](./Get-AssignedAccess.md) + +[Set-AssignedAccess](./Set-AssignedAccess.md) + diff --git a/docset/winserver2025-ps/assignedaccess/Get-AssignedAccess.md b/docset/winserver2025-ps/assignedaccess/Get-AssignedAccess.md new file mode 100644 index 0000000000..bdb8c4bd9c --- /dev/null +++ b/docset/winserver2025-ps/assignedaccess/Get-AssignedAccess.md @@ -0,0 +1,63 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: AssignedAccess-help.xml +Module Name: AssignedAccess +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/assignedaccess/get-assignedaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-AssignedAccess +--- + +# Get-AssignedAccess + +## SYNOPSIS +Gets the current configuration for assigned access. + +## SYNTAX + +``` +Get-AssignedAccess [] +``` + +## DESCRIPTION +The **Get-AssignedAccess** cmdlet gets the current configuration for assigned access, including the user name, user SID, app friendly name, and app ID. + +Assigned Access cmdlets are supported on Windows 10 and Windows 11 client operating systems only. + +## EXAMPLES + +### Example 1: Get the configuration for assigned access +``` +PS C:\> Get-AssignedAccess + +User Name: MYPC\UserName +User SID: S-1-5-21-594534509-2542345234-234523453-1004 +AUMID: Microsoft.Media.PlayReadyClient_2.3.1678.0_x64__8wekyb3d8bbwe +App Name: Microsoft.Media.PlayReadyClient +``` + +This command gets the current configuration for assigned access. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. +You cannot pipe input to this cmdlet. + +## OUTPUTS + +### None. +This cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Clear-AssignedAccess](./Clear-AssignedAccess.md) + +[Set-AssignedAccess](./Set-AssignedAccess.md) + diff --git a/docset/winserver2025-ps/assignedaccess/Set-AssignedAccess.md b/docset/winserver2025-ps/assignedaccess/Set-AssignedAccess.md new file mode 100644 index 0000000000..adc0035afa --- /dev/null +++ b/docset/winserver2025-ps/assignedaccess/Set-AssignedAccess.md @@ -0,0 +1,183 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: AssignedAccess-help.xml +Module Name: AssignedAccess +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/assignedaccess/set-assignedaccess?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-AssignedAccess +--- + +# Set-AssignedAccess + +## SYNOPSIS +Configures a user to launch only one app. + +## SYNTAX + +### UserNameANDAppName (Default) +``` +Set-AssignedAccess -UserName -AppName [-WhatIf] [-Confirm] [] +``` + +### UserNameANDAppId +``` +Set-AssignedAccess -UserName -AppUserModelId [-WhatIf] [-Confirm] [] +``` + +### UserSidANDAppId +``` +Set-AssignedAccess -UserSID -AppUserModelId [-WhatIf] [-Confirm] [] +``` + +### UserSidANDAppName +``` +Set-AssignedAccess -UserSID -AppName [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AssignedAccess** cmdlet configures the specified user account so that it can use only one Windows Store app. +The user cannot exit the app, sign out, or access any system settings. + +If a user is signed-in or the computer has a PS/2 keyboard, you must restart the computer to apply the changes. + +To sign out of assigned access, quickly press the left Windows logo key five times. + +Assigned Access cmdlets are supported on Windows 10 and Windows 11 client operating systems only. + +## EXAMPLES + +### Example 1: Set assigned access by SID and app name +``` +PS C:\> Set-AssignedAccess -UserSID "S-1-5-21-523423449-2432423479-234123443-1004" -AppName "CustomApp" +``` + +This command configures assigned access by using the user SID and the app name. + +### Example 2: Set assigned access by user name and AppUserModelID +``` +PS C:\> Set-AssignedAccess -UserName "UserName" -AppUserModelId "microsoft.windowsphotos_8wekyb3d8bbwe!app" +``` + +This command configures assigned access by using the user name and AppUserModelID. + +## PARAMETERS + +### -AppName +Specifies the name of the installed Windows Store app to use for assigned access. +Wildcard characters are accepted. + +```yaml +Type: String +Parameter Sets: UserNameANDAppName, UserSidANDAppName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AppUserModelId +Specifies the Application User Model ID (AppUserModelID) for the installed Windows Store app to use for assigned access. +The AppUserModelID is found in the app's AUMIDs.txt file. + +```yaml +Type: String +Parameter Sets: UserNameANDAppId, UserSidANDAppId +Aliases: AUMID + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserName +Specifies the local user account name to use for assigned access. +This cannot be a domain account or an administrator account. + +```yaml +Type: String +Parameter Sets: UserNameANDAppName, UserNameANDAppId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserSID +Specifies the security identifier (SID) for the local user account to use for assigned access. +This account cannot be a domain account or an administrator account. + +```yaml +Type: String +Parameter Sets: UserSidANDAppId, UserSidANDAppName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. +You cannot pipe input to this cmdlet. + +## OUTPUTS + +### System.Object + +## NOTES +* To get all the Windows Store apps installed for a user account, use the Get-AppxPackage cmdlet as follows: + +`Get-AppxPackage -User "username"` + +## RELATED LINKS + +[Clear-AssignedAccess](./Clear-AssignedAccess.md) + +[Get-AssignedAccess](./Get-AssignedAccess.md) + diff --git a/docset/winserver2025-ps/bestpractices/BestPractices.md b/docset/winserver2025-ps/bestpractices/BestPractices.md new file mode 100644 index 0000000000..b0822691bd --- /dev/null +++ b/docset/winserver2025-ps/bestpractices/BestPractices.md @@ -0,0 +1,29 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 4.0.2.1 +Locale: en-US +Module Guid: 5551ea86-919d-499b-948f-87305e4f2344 +Module Name: BestPractices +ms.date: 12/27/2016 +title: BestPractices +--- + +# BestPractices Module +## Description +This reference provides cmdlet descriptions and syntax for all -specific cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +## BestPractices Cmdlets +### [Get-BpaModel](./Get-BpaModel.md) +Retrieves and displays the list of BPA models installed on the system. + +### [Get-BpaResult](./Get-BpaResult.md) +Retrieves and displays the results of the most recent Best Practices Analyzer (BPA) scan for a specific model. + +### [Invoke-BpaModel](./Invoke-BpaModel.md) +Starts a BPA scan for a specific model that is installed on a computer. + +### [Set-BpaResult](./Set-BpaResult.md) +Excludes or includes existing results of a BPA scan to display only the specified scan results. + + diff --git a/docset/winserver2025-ps/bestpractices/Get-BpaModel.md b/docset/winserver2025-ps/bestpractices/Get-BpaModel.md new file mode 100644 index 0000000000..40390508b9 --- /dev/null +++ b/docset/winserver2025-ps/bestpractices/Get-BpaModel.md @@ -0,0 +1,139 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BestPractices.Cmdlets.dll-Help.xml +Module Name: BestPractices +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/bestpractices/get-bpamodel?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-BpaModel +--- + +# Get-BpaModel + +## SYNOPSIS +Retrieves and displays the list of BPA models installed on the system. + +## SYNTAX + +### BPANoFilterParameterSet (Default) +``` +Get-BpaModel [-RepositoryPath ] [] +``` + +### BPAFilterParameterSet +``` +Get-BpaModel [-ModelId] [[-SubModelId] ] [-RepositoryPath ] [] +``` + +## DESCRIPTION +The **Get-BpaModel** cmdlet retrieves and displays the list of models that are supported by Best Practices Analyzer (BPA) and installed on the computer. + +If no parameter is specified, then this cmdlet returns all models that are installed on the computer. +If a model is specified by using the *ModelId* parameter, then the specified model is returned. + +## EXAMPLES + +### Example 1: Get BPA models by ID +``` +PS C:\> Get-BPAModel -ModelId "ADRMS" + +Id : Microsoft/Windows/ADRMS +Company : Microsoft Corporation +Name : RightsManagementServices +Version : 1.0 +LastScanTime : Never +LastScanTimeUtcOffset : +SubModels : +Parameters : +ModelType : SingleMachine +SupportedConfiguration : +``` + +This example can be used to return details about the BPA model that is specified in the *ModelId* parameter, represented by ModelID1. +The short form of the *ModelId* parameter can also be used, *Id*. + +### Example 2: Get all BPA models +``` +PS C:\> Get-BPAModel + +Id Last Scan Time +--- -------------- +ModelID1 01/05/2012 10:12 +ModelID2 Never +ModelID3 05/20/2010 12:46 +``` + +This example can be used to return details about BPA scans for all models that are installed on the computer. + +## PARAMETERS + +### -ModelId +Specifies the model ID of the BPA model for displaying details. +The short form of this parameter can also be used, *Id*. +This is the identity of the model whose details need to be obtained. + +```yaml +Type: String[] +Parameter Sets: BPAFilterParameterSet +Aliases: Id, BestPracticesModelId + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -RepositoryPath +Specifies the location of the repository from which to get the results generated by the **Invoke-BpaModel** cmdlet. +**Invoke-BpaModel** provides an option to store the results either in the default reports repository location referred by the ReportsRoot registry key or in the custom location supplied as input to the **Invoke-BpaModel** cmdlet through this parameter. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SubModelId +Identifies the submodel to get for the model specified by the *ModelId* parameter. +For example, the Update Services model (`Microsoft/Windows/UpdateServices`) has two submodels (`UpdateServices-DB`, `UpdateServices-Services`). + +```yaml +Type: String +Parameter Sets: BPAFilterParameterSet +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.BestPractices.CoreInterface.Model + +## NOTES + +## RELATED LINKS + +[Get-BpaResult](./Get-BpaResult.md) + +[Invoke-BpaModel](./Invoke-BpaModel.md) + +[Set-BpaResult](./Set-BpaResult.md) + diff --git a/docset/winserver2025-ps/bestpractices/Get-BpaResult.md b/docset/winserver2025-ps/bestpractices/Get-BpaResult.md new file mode 100644 index 0000000000..cac7726736 --- /dev/null +++ b/docset/winserver2025-ps/bestpractices/Get-BpaResult.md @@ -0,0 +1,214 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BestPractices.Cmdlets.dll-Help.xml +Module Name: BestPractices +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/bestpractices/get-bparesult?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-BpaResult +--- + +# Get-BpaResult + +## SYNOPSIS +Retrieves and displays the results of the most recent Best Practices Analyzer (BPA) scan for a specific model. + +## SYNTAX + +### ModelParameterSet (Default) +``` +Get-BpaResult [-ModelId] [-CollectedConfiguration] [-All] [-Filter ] + [-RepositoryPath ] [] +``` + +### SubModelParameterSet +``` +Get-BpaResult [-ModelId] [-CollectedConfiguration] [-All] [-Filter ] + [-RepositoryPath ] [-SubModelId ] [-ComputerName ] [-Context ] + [] +``` + +## DESCRIPTION +The **Get-BpaResult** cmdlet retrieves and displays the results of the latest Best Practices Analyzer (BPA) scan for a specific model that is installed on a computer. +To use this cmdlet, add the *ModelId* parameter, and specify the model identifier (ID) for which to view the most recent BPA scan results. +The *All* parameter can be used to retrieve all of the scanned results for a particular model. +If the *All* parameter is not specified, then the most recent results of the particular model are returned. + +This cmdlet can be used to view the results of a BPA scan for a specific model. +An administrator specifies a model ID as a parameter and the latest results for that model are displayed. + +Note: This cmdlet does not start a new BPA scan. + +## EXAMPLES + +### Example 1: Get BPA scan results by model ID +``` +PS C:\> Get-BPAResult -ModelId ModelId1 +``` + +This example returns the most recent BPA scan results for the model that is represented by ModelId1. +The short form of the *ModelId* parameter can also be used, *Id*. + +### Example 2: Get all BPA model scan results +``` +PS C:\> Get-BPAModel | Get-BPAResult +``` + +In this example, the **Get-BpaModel** cmdlet is used to return a list of all BPA models that are installed on the computer. +The results of the **Get-BpaModel** cmdlet are piped to this cmdlet to retrieve the most recent BPA scan results for all models that are supported by BPA. + +## PARAMETERS + +### -All +Returns the output type Reports. +This parameter can be used to retrieve all of the scanned results for a particular model. +If this parameter is not specified, then the most recent results of the particular model are returned. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CollectedConfiguration +Returns only discovery information that was collected during a BPA scan, not the results of evaluating rules in the model. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the target computer from which to retrieve BPA results. + +```yaml +Type: String[] +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Context +Scans a submodel in the context of a specific model (one that is different from the parent model of the submodel). +For example, an administrator wants to run a scan on the Backend submodel of the SQL model, but only those in the context of a third model, a technology that relies upon SQL Server. + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Filters the type of result to return. +The acceptable values for this parameter are: + +- All +- Compliant +- Noncompliant + +```yaml +Type: FilterOptions +Parameter Sets: (All) +Aliases: +Accepted values: All, Compliant, Noncompliant + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ModelId +Identifies the model from which results need to be obtained. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Id, BestPracticesModelId + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -RepositoryPath +Specifies the location of the repository from which to get the results generated by the Invoke-BpaModel. +The **Invoke-BpaModel** cmdlet provides an option to store the results either in the default reports repository location contained in the ReportsRoot registry key or in the custom location supplied as the value of this parameter. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SubModelId +Identifies the submodel for the model specified by the *ModelId* parameter.For example, the Update Services model (`Microsoft/Windows/UpdateServices`) has two submodels (UpdateServices-DB, UpdateServices-Services). + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.BestPractices.CoreInterface.Report + +### Microsoft.BestPractices.CoreInterface.Result + +## NOTES + +## RELATED LINKS + +[Get-BpaModel](./Get-BpaModel.md) + +[Invoke-BpaModel](./Invoke-BpaModel.md) + +[Set-BpaResult](./Set-BpaResult.md) + diff --git a/docset/winserver2025-ps/bestpractices/Invoke-BpaModel.md b/docset/winserver2025-ps/bestpractices/Invoke-BpaModel.md new file mode 100644 index 0000000000..a47ae708a7 --- /dev/null +++ b/docset/winserver2025-ps/bestpractices/Invoke-BpaModel.md @@ -0,0 +1,317 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BestPractices.Cmdlets.dll-Help.xml +Module Name: BestPractices +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/bestpractices/invoke-bpamodel?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Invoke-BpaModel +--- + +# Invoke-BpaModel + +## SYNOPSIS +Starts a BPA scan for a specific model that is installed on a computer. + +## SYNTAX + +### ModelParameterSet (Default) +``` +Invoke-BpaModel [-ModelId] [-RepositoryPath ] [-Mode ] [] +``` + +### SubModelParameterSet +``` +Invoke-BpaModel [-ModelId] [-RepositoryPath ] [-Mode ] [-SubModelId ] + [-Context ] [-ComputerName ] [-CertificateThumbprint ] [-ConfigurationName ] + [-Credential ] [-Authentication ] [-Port ] + [-ThrottleLimit ] [-UseSsl] [] +``` + +## DESCRIPTION +The **Invoke-BpaModel** cmdlet starts a Best Practices Analyzer (BPA) scan for a specific model that is installed on a Windows-based computer. +The model is specified either by using the *ModelId* parameter, or by piping the results of the **Get-BpaModel** cmdlet into this cmdlet. +If a model is specified in the cmdlet after the BPA scan has been performed, then the results of the scan are available as an XML file. + +This cmdlet cannot be canceled after it has been started. + +Single-node XML is not supported by the BPA model schema. +For more information about what is supported by the BPA model schema, see the [Microsoft Baseline Configuration Analyzer Model Authoring Guide](https://www.microsoft.com/download/details.aspx?id=16475) on the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=16475). + +## EXAMPLES + +### Example 1: Start a BPA scan for a specified model ID +``` +PS C:\> Invoke-BPAModel -ModelId "ModelId1" +``` + +This example starts a BPA scan on the model that is represented by ModelId1. + +The same task can be completed by running either of the following cmdlets. + + +`Invoke-BPAModel -Id "ModelId1"` + +OR + +`Invoke-BPAModel "ModelId1"` + +### Example 2: Start a BPA scan using the pipeline +``` +PS C:\> Get-BPAModel | Invoke-BPAModel +``` + +This example gets all BPA models that are installed on the computer, and then pipes the results of the **Get-BpaModel** cmdlet to this cmdlet to start a BPA scan on all models. + +### Example 3: Start a BPA scan and save the results to a variable +``` +PS C:\> $BPAObj = Invoke-BPAModel ModelId1 + + +This cmdlet displays the results of any specific object in the previous cmdlet by calling the variable into which the results of the previous cmdlet were saved, and then specifying the object in the results that the administrator wants. The object is identified by its numerical order in the collection of results (the [CODE_Snippit]0[CODE_Snippit], or first, object). The cmdlet then identifies which field of the results in that object (for this example, the Detail field) the administrator wants to view. The cmdlet shown returns the properties of the Detail field from the first object in the results of the preceding line. +PS C:\> $BPAObj[0].Detail +ModelId : ModelId1 +Success : True +ScanTime : 10/21/2008 3:08:47 PM +InformationMessages : 5 +WarningMessages : 4 +ErrorMessages : 0 +Description : +``` + +This example starts a BPA scan on the model specified by ModelId1, and saves the results of the cmdlet as a variable, $BPAObj. + +## PARAMETERS + +### -Authentication +Specifies the authentication mode to use when creating a remote connection for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: AuthenticationMechanism +Parameter Sets: SubModelParameterSet +Aliases: +Accepted values: Default, Basic, Negotiate, NegotiateWithImplicitCredential, Credssp, Digest, Kerberos + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertificateThumbprint +Specifies the certificate thumbprint to use when creating a remote connection via SSL for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the target computer against which to run the BPA scan. + +```yaml +Type: String[] +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConfigurationName +Specifies the session configuration, such as the name of the endpoint, to use when creating a session for a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Context +Scans a submodel in the context of a specific model (one that is different from the parent model of the submodel). +For example, an administrator wants to run a scan on the Backend submodel of the SQL model, but only those in the context of a third model, a technology that relies upon SQL Server. + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the credentials to use when creating a remote connection for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: PSCredential +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Mode +Specifies the mode to use when running the BPA scan. +The acceptable values for this parameter are: All, Analysis, or Discovery. + +```yaml +Type: ScanMode +Parameter Sets: (All) +Aliases: +Accepted values: All, Discovery, Analysis + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ModelId +Identities the model to be used for the BPA scan. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Id, BestPracticesModelId + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Port +Specifies the port to use when creating a remote connection for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: Int32 +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepositoryPath +Specifies that the default location for reports specified by the ReportsRoot registry key should be overridden. +This parameter specifies the path where the results should be stored. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SubModelId +Identifies the submodel to run for the model specified by the *ModelId* parameter. +For example, the Update Services model (`Microsoft/Windows/UpdateServices`) has two submodels (`UpdateServices-DB`, `UpdateServices-Services`). + +```yaml +Type: String +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the throttle limit to use when creating a remote connection for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: Int32 +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseSsl +Specifies whether or not to use SSL when creating a remote connection for running a remote BPA scan. +For more information, type `Get-Help Invoke-Command`. + +```yaml +Type: SwitchParameter +Parameter Sets: SubModelParameterSet +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String +The input string specified by the *ModelId* parameter. + +## OUTPUTS + +### System.Collections.Generic.List +The output object encapsulates the results of the cmdlet that is entered. +The output object contains information such as the BPA model ID, the success or failure of the cmdlet, and other details. + +## NOTES + +## RELATED LINKS + +[Get-BpaModel](./Get-BpaModel.md) + +[Get-BpaResult](./Get-BpaResult.md) + +[Set-BpaResult](./Set-BpaResult.md) + diff --git a/docset/winserver2025-ps/bestpractices/Set-BpaResult.md b/docset/winserver2025-ps/bestpractices/Set-BpaResult.md new file mode 100644 index 0000000000..ced56c62d5 --- /dev/null +++ b/docset/winserver2025-ps/bestpractices/Set-BpaResult.md @@ -0,0 +1,135 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BestPractices.Cmdlets.dll-Help.xml +Module Name: BestPractices +ms.date: 12/27/2016 +online version: https://learn.microsoft.com/powershell/module/bestpractices/set-bparesult?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-BpaResult +--- + +# Set-BpaResult + +## SYNOPSIS +Excludes or includes existing results of a BPA scan to display only the specified scan results. + +## SYNTAX + +``` +Set-BpaResult [[-Exclude] ] + [-Results] + [[-RepositoryPath] ] [] +``` + +## DESCRIPTION +The **Set-BPAResult** cmdlet excludes or includes existing results of a Best Practices Analyzer (BPA) scan to display only the specified scan results. +The action specified in this cmdlet (such as **Exclude**) determines how the existing results of a BPA scan are updated. +This cmdlet is typically applied after using the **Get-BpaResult** cmdlet to return a collection of scan results. +Filters can be applied to results returned by the **Get-BpaResult** cmdlet, and then pipe the filtered collection of results to this cmdlet, specifying either to include or exclude filtered scan results. + +This will update the results in the result file with the specified result collection with the action specified. +The administrator would generally need to call the **Get-BpaResult** cmdlet before this to get the result collection, apply some filters and pipe the collection to this cmdlet specifying the action (exclusion or inclusion). + +If this cmdlet is canceled before the results are written to a file, then the operation is canceled and the results file is not modified. +If cancellation occurs after the results file has been modified, then the actions of the cmdlet are carried out, and the cmdlet cannot be canceled. + +## EXAMPLES + +### Example 1: Exclude filtered results from a BPA scan +``` +PS C:\> Get-BPAResult -ModelId "ModelId1" | Where-Object -FilterScript { $_.Category -Eq "Performance" } | Set-BPAResult -ModelId "ModelId1" -Exclude $True +``` + +This example, to the left of the first pipeline operator (`|`), uses the **Get-BpaResult** cmdlet to retrieve BPA scan results for the model ID represented by ModelId1. +The second section of the cmdlet filters the results of **Get-BpaResult** to get only those scan results for which the category name is equal to Performance. +The final section of the example, following the second pipeline operator, excludes the Performance results filtered by the previous section of the example. + +### Example 2: Use a variable to exclude filtered results from a BPA scan +``` +The $rcPolicy variable is created to store the filtered results of **Get-BpaResult**; this variable can be used in subsequent cmdlets to represent those results. +PS C:\> $rcPolicy = Get-BPAResult -ModelId ModelId1 | Where-Object -FilterScript { $_.Category -Eq "Policy" } + +The second line of the example uses this cmdlet to exclude the set of results stored in the $rcPolicy variable, for the specified model ID. In this cmdlet, the *Results* parameter is added because the administrator wants to exclude a specific subset of scan results for that model, and has created the variable $rcPolicy to represent that subset of results. +PS C:\> Set-BPAResult -ModelId "ModelId1" -Exclude $True -Results $rcPolicy +``` + +This example, to the left of the pipeline operator (`|`), instructs the **Get-BpaResult** cmdlet to retrieve BPA scan results for the model represented by ModelId1. +The second section of the example, after the pipeline, filters the results of **Get-BpaResult** to return only those scan results for which the category name is equal to (note the Eq comparison operator) Policy. + +## PARAMETERS + +### -Exclude +Removes any BPA scan results that are specified by a filter added to this cmdlet. +The Exclude action applies to all results returned by this cmdlet. +To exclude results by using this parameter, add the value `$True` following the parameter, as shown:`-Exclude $True` + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepositoryPath +Specifies the location where the report should be stored. +The **Invoke-BpaModel** cmdlet provides an option to store the results either in the default reports repository location referred by ReportsRoot registry key or in a custom location supplied as input to this parameter. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Results +Specifies the result collection to be updated in the result file returned by this cmdlet. +This parameter is typically used to specify a filtered subset of scan results that has already been stored in a variable; the variable name is provided as the valid value for this parameter. +This is the result collection which needs to be updated in the result file. +For example, if a variable named $allPerformance is created to store all the Performance category results for a BPA scan of all roles on a computer, and to exclude those Performance results from the complete collection of scan results, add the following parameter to this cmdlet: `-Results $allPerformance` + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.BestPractices.CoreInterface.Result] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Collections.Generic.List +The input object specified by the *Results* parameter. + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Get-BpaModel](./Get-BpaModel.md) + +[Get-BpaResult](./Get-BpaResult.md) + +[Invoke-BpaModel](./Invoke-BpaModel.md) + +[Where-Object](https://go.microsoft.com/fwlink/?LinkID=113423) + diff --git a/docset/winserver2025-ps/bitlocker/Add-BitLockerKeyProtector.md b/docset/winserver2025-ps/bitlocker/Add-BitLockerKeyProtector.md new file mode 100644 index 0000000000..e6e67b0703 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Add-BitLockerKeyProtector.md @@ -0,0 +1,474 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/add-bitlockerkeyprotector?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-BitLockerKeyProtector +--- + +# Add-BitLockerKeyProtector + +## SYNOPSIS +Adds a key protector for a BitLocker volume. + +## SYNTAX + +### PasswordProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-PasswordProtector] [[-Password] ] [-WhatIf] + [-Confirm] [] +``` + +### RecoveryPasswordProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-RecoveryPasswordProtector] [[-RecoveryPassword] ] + [-WhatIf] [-Confirm] [] +``` + +### StartupKeyProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-StartupKeyProtector] [-StartupKeyPath] [-WhatIf] + [-Confirm] [] +``` + +### TpmAndStartupKeyProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-StartupKeyPath] [-TpmAndStartupKeyProtector] + [-WhatIf] [-Confirm] [] +``` + +### TpmAndPinAndStartupKeyProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-StartupKeyPath] + [-TpmAndPinAndStartupKeyProtector] [[-Pin] ] [-WhatIf] [-Confirm] [] +``` + +### SidProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-ADAccountOrGroupProtector] [-ADAccountOrGroup] + [-Service] [-WhatIf] [-Confirm] [] +``` + +### TpmAndPinProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [[-Pin] ] [-TpmAndPinProtector] [-WhatIf] + [-Confirm] [] +``` + +### TpmProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-TpmProtector] [-WhatIf] [-Confirm] [] +``` + +### RecoveryKeyProtector +``` +Add-BitLockerKeyProtector [-MountPoint] [-RecoveryKeyProtector] [-RecoveryKeyPath] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-BitLockerKeyProtector** cmdlet adds a protector for the volume key of the volume protected with BitLocker Drive Encryption. + +When a user accesses a drive protected by BitLocker, such as when starting a computer, BitLocker requests the relevant key protector. +For example, the user can enter a PIN or provide a USB drive that contains a key. +BitLocker retrieves the encryption key and uses it to read data from the drive. + +You can use one of the following methods or combinations of methods for a key protector: + +- Trusted Platform Module (TPM). +BitLocker uses the computer's TPM to protect the encryption key. +If you specify this protector, users can access the encrypted drive as long as it is connected to the system board that hosts the TPM and the system boot integrity is intact. +In general, TPM-based protectors can only be associated to an operating system volume. +- TPM and Personal Identification Number (PIN). +BitLocker uses a combination of the TPM and a user-supplied PIN. +A PIN is four to twenty digits or, if you allow enhanced PINs, four to twenty letters, symbols, spaces, or numbers. +- TPM, PIN, and startup key. +BitLocker uses a combination of the TPM, a user-supplied PIN, and input from of a USB memory device that contains an external key. +- TPM and startup key. +BitLocker uses a combination of the TPM and input from of a USB memory device. +- Startup key. +BitLocker uses input from of a USB memory device that contains the external key. +- Password. +BitLocker uses a password. +- Recovery key. +BitLocker uses a recovery key stored as a specified file in a USB memory device. +- Recovery password. +BitLocker uses a recovery password. +- Active Directory Domain Services (AD DS) account. +BitLocker uses domain authentication to unlock data volumes. +Operating system volumes cannot use this type of key protector. + +You can add only one of these methods or combinations at a time, but you can run this cmdlet more than once on a volume. + +Adding a key protector is a single operation; for example, adding a startup key protector to a volume that uses the TPM and PIN combination as a key protector results in two key protectors, not a single key protector that uses TPM, PIN, and startup key. +Instead, add a protector that uses TPM, PIN, and startup key and then remove the TPM and PIN protector by using the **Remove-BitLockerKeyProtector** cmdlet. + +For a password or PIN key protector, specify a secure string. +You can use the **ConvertTo-SecureString** cmdlet to create a secure string. +You can use secure strings in a script and still maintain confidentiality of passwords. + +This cmdlet returns a BitLocker volume object. +If you choose recovery password as your key protector but do not specify a 48-digit recovery password, this cmdlet creates a random 48-digit recovery password. +The cmdlet stores the password as the **RecoveryPassword** field of the **KeyProtector** attribute of the BitLocker volume object. + +If you use startup key or recovery key as part of your key protector, provide a path to store the key. +This cmdlet stores the name of the file that contains the key in the **KeyFileName** field of the **KeyProtector** field in the BitLocker volume object. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Add key protector +``` +PS C:\>$SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force +PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -Pin $SecureString -TPMandPinProtector +``` + +This example adds a combination of the TPM and a PIN as key protector for the BitLocker volume identified with the drive letter C:. + +The first command uses the **ConvertTo-SecureString** cmdlet to create a secure string that contains a PIN and saves that string in the $SecureString variable. +For more information about the **ConvertTo-SecureString** cmdlet, type `Get-Help ConvertTo-SecureString`. + +The second command adds a protector to the BitLocker volume that has the drive letter C:. +The command specifies that this volume uses a combination of the TPM and the PIN as key protector and provides the PIN saved in the $SecureString variable. + +### Example 2: Add a recovery key for all BitLocker volumes +``` +PS C:\>Get-BitLockerVolume | Add-BitLockerKeyProtector -RecoveryKeyPath "E:\Recovery\" -RecoveryKeyProtector +``` + +This command gets all the BitLocker volumes for the current computer and passes them to the **Add-BitLockerKeyProtector** cmdlet by using the pipe operator. +This cmdlet specifies a path to a folder where the randomly generated recovery key will be stored and indicates that these volumes use a recovery key as a key protector. + +### Example 3: Add credentials as a key protector +``` +PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector +``` + +This command adds an AD DS account key protector to the BitLocker volume specified by the *MountPoint* parameter. +The command specifies an account and specifies that BitLocker uses user credentials as a key protector. +When a user accesses this volume, BitLocker prompts for credentials for the user account Western\SarahJones. + +## PARAMETERS + +### -ADAccountOrGroup +Specifies an account using the format Domain\User. +This cmdlet adds the account you specify as a key protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: SidProtector +Aliases: sid + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ADAccountOrGroupProtector +Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: SidProtector +Aliases: sidp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +This cmdlet adds a key protector to the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Password +Specifies a secure string object that contains a password. +The cmdlet adds the password specified as a protector for the volume encryption key. + +```yaml +Type: SecureString +Parameter Sets: PasswordProtector +Aliases: pw + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordProtector +Indicates that BitLocker uses a password as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: PasswordProtector +Aliases: pwp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Pin +Specifies a secure string object that contains a PIN. +The cmdlet adds the PIN specified, with other data, as a protector for the volume encryption key. + +```yaml +Type: SecureString +Parameter Sets: TpmAndPinAndStartupKeyProtector, TpmAndPinProtector +Aliases: p + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryKeyPath +Specifies a path to a folder. +This cmdlet adds a randomly generated recovery key as a protector for the volume encryption key and stores it in the specified path. + +```yaml +Type: String +Parameter Sets: RecoveryKeyProtector +Aliases: rk + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryKeyProtector +Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: RecoveryKeyProtector +Aliases: rkp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryPassword +Specifies a recovery password. +If you do not specify this parameter, the cmdlet creates a random password. +You can enter a 48 digit password. +The cmdlet adds the password specified or created as a protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: RecoveryPasswordProtector +Aliases: rp + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryPasswordProtector +Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: RecoveryPasswordProtector +Aliases: rpp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Service +Indicates that the system account for this computer unlocks the encrypted volume. + +```yaml +Type: SwitchParameter +Parameter Sets: SidProtector +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartupKeyPath +Specifies a path to a startup key. +The cmdlet adds the key stored in the specified path as a protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: StartupKeyProtector, TpmAndStartupKeyProtector, TpmAndPinAndStartupKeyProtector +Aliases: sk + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartupKeyProtector +Indicates that BitLocker uses a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: StartupKeyProtector +Aliases: skp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndPinAndStartupKeyProtector +Indicates that BitLocker uses a combination of TPM, a PIN, and a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndPinAndStartupKeyProtector +Aliases: tpskp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndPinProtector +Indicates that BitLocker uses a combination of TPM and a PIN as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndPinProtector +Aliases: tpp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndStartupKeyProtector +Indicates that BitLocker uses a combination of TPM and a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndStartupKeyProtector +Aliases: tskp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmProtector +Indicates that BitLocker uses TPM as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmProtector +Aliases: tpmp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], string[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Backup-BitLockerKeyProtector](./Backup-BitLockerKeyProtector.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Remove-BitLockerKeyProtector](./Remove-BitLockerKeyProtector.md) + diff --git a/docset/winserver2025-ps/bitlocker/Backup-BitLockerKeyProtector.md b/docset/winserver2025-ps/bitlocker/Backup-BitLockerKeyProtector.md new file mode 100644 index 0000000000..e7da5b3d5f --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Backup-BitLockerKeyProtector.md @@ -0,0 +1,144 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/backup-bitlockerkeyprotector?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Backup-BitLockerKeyProtector +--- + +# Backup-BitLockerKeyProtector + +## SYNOPSIS +Saves a key protector for a BitLocker volume in AD DS. + +## SYNTAX + +``` +Backup-BitLockerKeyProtector [-MountPoint] [-KeyProtectorId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Backup-BitLockerKeyProtector** cmdlet saves a recovery password key protector for a volume protected by BitLocker Drive Encryption to Active Directory Domain Services (AD DS). +Specify a key to be saved by ID. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Save a key protector for a volume +``` +PS C:\> $BLV = Get-BitLockerVolume -MountPoint "C:" +PS C:\> Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId +``` + +This example saves a key protector for a specified BitLocker volume. + +The first command uses **Get-BitLockerVolume** to obtain a BitLocker volume and store it in the $BLV variable. + +The second command backs up the key protector for the BitLocker volume specified by the *MountPoint* parameter. +The command specifies the key protector by using its ID, contained in the BitLocker object stored in $BLV. +The **KeyProtector** attribute contains an array of key protectors associated to the volume. +This command uses standard array syntax to index the **KeyProtector** object. +The key protector that corresponds to the recovery password key protector can be identified by using the **KeyProtectorType** attribute in the **KeyProtector** object. + +### Example 2: Save a key protector using an ID +``` +PS C:\> Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId "{E2611001E-6AD0-4A08-BAAA-C9c031DB2AA6}" +``` + +This command saves a key protector for a specified BitLocker volume to AD DS. +The command specifies the key protector by using its ID. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyProtectorId +Specifies the ID for a key protector or a **KeyProtector** object. +A BitLocker volume object includes a **KeyProtector** object. +You can specify the key protector object itself, or you can specify the ID. +See the Examples section. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet saves key protectors for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume, String + +## OUTPUTS + +### BitLockerVolume + +## NOTES + +## RELATED LINKS + +[Add-BitLockerKeyProtector](./Add-BitLockerKeyProtector.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Remove-BitLockerKeyProtector](./Remove-BitLockerKeyProtector.md) + diff --git a/docset/winserver2025-ps/bitlocker/BackupToAAD-BitLockerKeyProtector.md b/docset/winserver2025-ps/bitlocker/BackupToAAD-BitLockerKeyProtector.md new file mode 100644 index 0000000000..c0685321c2 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/BackupToAAD-BitLockerKeyProtector.md @@ -0,0 +1,121 @@ +--- +external help file: BitLocker-help.xml +Module Name: bitlocker +schema: 2.0.0 +--- + +# BackupToAAD-BitLockerKeyProtector + +## SYNOPSIS +Saves a key protector for a BitLocker volume in Microsoft Entra ID. + +## SYNTAX + +``` +BackupToAAD-BitLockerKeyProtector [-MountPoint] [-KeyProtectorId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **BackupToAAD-BitLockerKeyProtector** cmdlet saves a recovery password key protector for a volume protected by BitLocker Drive Encryption to Microsoft Entra ID. Specify a key to be saved by ID. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> $BLV = Get-BitLockerVolume -MountPoint "C:" +PS C:\> BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId + +``` + +This example saves a key protector for a specified BitLocker volume. + +The first command uses **Get-BitLockerVolume** to obtain a BitLocker volume and store it in the $BLV variable. + +The second command backs up the key protector for the BitLocker volume specified by the MountPoint parameter. The command specifies the key protector by using its ID, contained in the BitLocker object stored in $BLV. + +### Example 2 +```powershell +PS C:\> BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId "{E2611001E-6AD0-4A08-BAAA-C9c031DB2AA6}" +``` +This command saves a key protector for a specified BitLocker volume to Microsoft Entra ID. The command specifies the key protector by using its ID. + +## PARAMETERS + +### -KeyProtectorId +The **KeyProtector** attribute contains an array of key protectors associated to the volume. This command uses standard array syntax to index the KeyProtector object. The key protector that corresponds to the recovery password key protector can be identified by using the KeyProtectorType attribute in the KeyProtector object. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -MountPoint +The volume to be used by **KeyProtector**. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +### System.String + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/docset/winserver2025-ps/bitlocker/BitLocker.md b/docset/winserver2025-ps/bitlocker/BitLocker.md new file mode 100644 index 0000000000..4c22b27630 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/BitLocker.md @@ -0,0 +1,59 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 0ff02bb8-300a-4262-ac08-e06dd810f1b6 +Module Name: BitLocker +ms.date: 12/20/2016 +title: BitLocker +--- + +# BitLocker Module +## Description +This reference provides cmdlet descriptions and syntax for all BitLocker cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +## BitLocker Cmdlets +### [Add-BitLockerKeyProtector](./Add-BitLockerKeyProtector.md) +Adds a key protector for a BitLocker volume. + +### [BackupToAAD-BitLockerKeyProtector](./BackupToAAD-BitLockerKeyProtector.md) +Saves a key protector for a BitLocker volume in Microsoft Entra ID. + +### [Backup-BitLockerKeyProtector](./Backup-BitLockerKeyProtector.md) +Saves a key protector for a BitLocker volume in AD DS. + +### [Clear-BitLockerAutoUnlock](./Clear-BitLockerAutoUnlock.md) +Removes BitLocker automatic unlocking keys. + +### [Disable-BitLocker](./Disable-BitLocker.md) +Disables BitLocker Drive Encryption for a volume. + +### [Disable-BitLockerAutoUnlock](./Disable-BitLockerAutoUnlock.md) +Disables automatic unlocking for a BitLocker volume. + +### [Enable-BitLocker](./Enable-BitLocker.md) +Enables BitLocker Drive Encryption for a volume. + +### [Enable-BitLockerAutoUnlock](./Enable-BitLockerAutoUnlock.md) +Enables automatic unlocking for a BitLocker volume. + +### [Get-BitLockerVolume](./Get-BitLockerVolume.md) +Gets information about volumes that BitLocker can protect. + +### [Lock-BitLocker](./Lock-BitLocker.md) +Prevents access to encrypted data on a BitLocker volume. + +### [Remove-BitLockerKeyProtector](./Remove-BitLockerKeyProtector.md) +Removes a key protector for a BitLocker volume. + +### [Resume-BitLocker](./Resume-BitLocker.md) +Restores Bitlocker encryption for the specified volume. + +### [Suspend-BitLocker](./Suspend-BitLocker.md) +Suspends Bitlocker encryption for the specified volume. + +### [Unlock-BitLocker](./Unlock-BitLocker.md) +Restores access to data on a BitLocker volume. + + diff --git a/docset/winserver2025-ps/bitlocker/Clear-BitLockerAutoUnlock.md b/docset/winserver2025-ps/bitlocker/Clear-BitLockerAutoUnlock.md new file mode 100644 index 0000000000..cc0dc0cff9 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Clear-BitLockerAutoUnlock.md @@ -0,0 +1,66 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/clear-bitlockerautounlock?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Clear-BitLockerAutoUnlock +--- + +# Clear-BitLockerAutoUnlock + +## SYNOPSIS +Removes BitLocker automatic unlocking keys. + +## SYNTAX + +``` +Clear-BitLockerAutoUnlock [] +``` + +## DESCRIPTION +The **Clear-BitLockerAutoUnlock** cmdlet removes all automatic unlocking keys used by BitLocker Drive Encryption. +BitLocker stores these keys for the fixed data drives of a system on a volume that hosts a BitLocker-enabled operating system volume so that it can automatically unlock the fixed and removable data volumes in a system. +This makes it easier for users to access data volumes. + +You can configure BitLocker to automatically unlock volumes that do not host an operating system. +After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to unlock any data volumes that use automatic unlocking. + +You must remove automatic unlocking keys before you can disable BitLocker by using the **Disable-BitLocker** cmdlet. +You can use the **Disable-BitLockerAutoUnlock** cmdlet to remove keys for specific volumes that use automatic unlocking instead of all volumes. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Clear automatic unlocking keys +``` +PS C:\>Clear-BitLockerAutoUnlock +``` + +This command clears all automatic unlocking keys stored on the current computer. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### String + +## OUTPUTS + +### BitLockerVolume + +## NOTES + +## RELATED LINKS + +[Disable-BitLockerAutoUnlock](./Disable-BitLockerAutoUnlock.md) + +[Enable-BitLockerAutoUnlock](./Enable-BitLockerAutoUnlock.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + diff --git a/docset/winserver2025-ps/bitlocker/Disable-BitLocker.md b/docset/winserver2025-ps/bitlocker/Disable-BitLocker.md new file mode 100644 index 0000000000..4ab6bde4e6 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Disable-BitLocker.md @@ -0,0 +1,131 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/disable-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-BitLocker +--- + +# Disable-BitLocker + +## SYNOPSIS +Disables BitLocker Drive Encryption for a volume. + +## SYNTAX + +``` +Disable-BitLocker [-MountPoint] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-BitLocker** cmdlet disables BitLocker Drive Encryption for a BitLocker volume. +When you run this cmdlet, it removes all key protectors and begins decrypting the content of the volume. + +If the volume that hosts the operating system contains any automatic unlocking keys, the cmdlet does not proceed. +You can use the **Clear-BitLockerAutoUnlock** cmdlet to remove all automatic unlocking keys. +Then you can disable BitLocker for the volume. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Disable BitLocker for a volume +``` +PS C:\> Disable-BitLocker -MountPoint "C:" +``` + +This command disables BitLocker for the specified BitLocker volume. +BitLocker begins decrypting data on C: immediately. + +### Example 2: Disable BitLocker for all volumes +``` +PS C:\>$BLV = Get-BitLockerVolume +PS C:\>Disable-BitLocker -MountPoint $BLV +``` + +This example disables BitLocker encryption for all volumes. + +The first command uses **Get-BitLockerVolume** to get all the BitLocker volumes for the current computer and stores them in the $BLV variable. + +The second command disables BitLocker encryption for all the BitLocker volumes stored in the $BLV variable. +BitLocker begins decrypting data on the volumes. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet disables protection for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Lock-BitLocker](./Lock-BitLocker.md) + +[Resume-BitLocker](./Resume-BitLocker.md) + +[Suspend-BitLocker](./Suspend-BitLocker.md) + +[Unlock-BitLocker](./Unlock-BitLocker.md) + diff --git a/docset/winserver2025-ps/bitlocker/Disable-BitLockerAutoUnlock.md b/docset/winserver2025-ps/bitlocker/Disable-BitLockerAutoUnlock.md new file mode 100644 index 0000000000..08e4cb3db3 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Disable-BitLockerAutoUnlock.md @@ -0,0 +1,114 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/disable-bitlockerautounlock?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-BitLockerAutoUnlock +--- + +# Disable-BitLockerAutoUnlock + +## SYNOPSIS +Disables automatic unlocking for a BitLocker volume. + +## SYNTAX + +``` +Disable-BitLockerAutoUnlock [-MountPoint] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-BitLockerAutoUnlock** cmdlet disables automatic unlocking for a volume protected by BitLocker Disk Encryption. +The cmdlet removes automatic unlocking keys for specified volumes stored on a volume that hosts an operating system. + +You can configure BitLocker to automatically unlock volumes that do not host an operating system. +After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to access data volumes that use automatic unlocking. + +You can specify a volume by drive letter, or you can specify a BitLocker volume object. +You must remove automatic unlocking keys before you can disable BitLocker by using the **Disable-BitLocker** cmdlet. +You can use the **Clear-BitLockerAutoUnlock** cmdlet to remove keys for all the volumes configured to use automatic unlocking instead of just specified volumes. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Disable automatic unlocking for a volume +``` +PS C:\> Disable-BitLockerAutoUnlock -MountPoint "E:" +``` + +This command disables automatic unlocking for the specified BitLocker volume. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet disables automatic unlocking for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Clear-BitLockerAutoUnlock](./Clear-BitLockerAutoUnlock.md) + +[Enable-BitLockerAutoUnlock](./Enable-BitLockerAutoUnlock.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + diff --git a/docset/winserver2025-ps/bitlocker/Enable-BitLocker.md b/docset/winserver2025-ps/bitlocker/Enable-BitLocker.md new file mode 100644 index 0000000000..93253b7353 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Enable-BitLocker.md @@ -0,0 +1,620 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/14/2021 +online version: https://learn.microsoft.com/powershell/module/bitlocker/enable-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-BitLocker +--- + +# Enable-BitLocker + +## SYNOPSIS + +Enables BitLocker Drive Encryption for a volume. + +## SYNTAX + +### PasswordProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -PasswordProtector [-Password] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly][-WhatIf] [-Confirm] [] +``` + +### RecoveryPasswordProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -RecoveryPasswordProtector [[-RecoveryPassword] ] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### StartupKeyProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -StartupKeyProtector [-StartupKeyPath] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### TpmAndStartupKeyProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -TpmAndStartupKeyProtector [-StartupKeyPath] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### TpmAndPinAndStartupKeyProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -TpmAndPinAndStartupKeyProtector -StartupKeyPath +[-Pin] [-EncryptionMethod ] +[-HardwareEncryption] [-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] +[] +``` + +### AdAccountOrGroupProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -AdAccountOrGroupProtector [-AdAccountOrGroup] +[-Service] [-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### TpmAndPinProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -TpmAndPinProtector [-Pin] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### TpmProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -TpmProtector +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +### RecoveryKeyProtector + +```PowerShell +Enable-BitLocker [-MountPoint] -RecoveryKeyProtector [-RecoveryKeyPath] +[-EncryptionMethod ] [-HardwareEncryption] +[-SkipHardwareTest] [-UsedSpaceOnly] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION + +The **Enable-BitLocker** cmdlet enables BitLocker Drive Encryption for a volume. + +When you enable encryption, you must specify a volume, either by its drive letter or by its +BitLocker volume object. + +You must also establish a key protector. BitLocker uses a key protector to encrypt the volume +encryption key. When a user accesses a BitLocker encrypted drive, such as when starting a computer, +BitLocker requests the relevant key protector. For example, the user can enter a PIN or provide a +USB drive that contains a key. BitLocker decrypts the encryption key and uses it to read data from +the drive. You can use one of the following methods or combinations of methods for a key protector: + +- **Trusted Platform Module (TPM):** BitLocker uses the computer's TPM to protect the encryption + key. If you select this key protector, users can access the encrypted drive as long as it is + connected to the system board that hosts the TPM and system boot integrity is intact. In general, + TPM-based protectors can only be associated to an operating system volume. + +- **TPM and Personal Identification Number (PIN):** BitLocker uses a combination of the TPM and a + user-supplied PIN. A PIN is four to twenty digits or, if you allow enhanced PINs, is four to + twenty letters, symbols, spaces, or numbers. + +- **TPM, PIN, and startup key:** BitLocker uses a combination of the TPM, a user-supplied PIN, and + input from of a USB memory device that contains an external key. + +- **TPM and startup key:** BitLocker uses a combination of the TPM and a USB flash drive that + contains the external key. + +- **Startup key:** BitLocker uses a USB flash drive that contains the external key. + +- **Password:** BitLocker uses a password. + +- **Recovery key:** BitLocker uses a recovery key stored as a specified file. + +- **Recovery password:** BitLocker uses a recovery password. + +- **Active Directory Domain Services (AD DS) account:** BitLocker uses domain authentication. + +You can specify only one of these methods or combinations when you enable encryption, but you can +use the **Add-BitLockerKeyProtector** cmdlet to add other protectors. + +For a password or PIN key protector, specify a secure string. You can use the +**ConvertTo-SecureString** cmdlet to create a secure string. You can use secure strings in a script +and still maintain confidentiality of passwords. + +We strongly recommend specifying the encryption method. By default, BitLocker uses XTS-AES-128. You +can opt XTS-AES-256 for stronger security. However, if you are encrypting a removable media and +intend to use it on Windows 8.1 or Windows Server 2012 R2, you must opt either AES-128 or AES-256 +for backward compatibility. You may request hardware encryption but we strongly advise +against it. For further guidance, see the +[ADV180028 Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/ADV180028). + +This cmdlet returns a BitLocker volume object. If you choose recovery password as your key protector +but do not specify a 48-digit recovery password, this cmdlet generates a random one for you, and +stores it in the **RecoveryPassword** field of the **KeyProtector** attribute of the BitLocker +volume object. + +If you use startup key or recovery key as part of your key protector, provide a path to store the +key. This cmdlet stores the name of the file that contains the key in the **KeyFileName** field of +the **KeyProtector** field in the BitLocker volume object. + +If you use the **Enable-BitLocker** cmdlet on an encrypted volume or on a volume with +encryption in process, it takes no action. If you use the cmdlet on a drive that has encryption +paused, it resumes encryption on the volume. + +By default, this cmdlet encrypts the entire drive. If you use the *UsedSpaceOnly* parameter, it only +encrypts the used space on the disk. This option can significantly reduce encryption time. + +It is common practice to add a recovery password for an operating system volume using the +**Add-BitLockerKeyProtector** cmdlet, save the recovery password using the +**Backup-BitLockerKeyProtector** cmdlet, and then enable BitLocker on that volume. This procedure +ensures that you have a recovery option. + +For an overview of BitLocker, see the +[BitLocker Drive Encryption Overview](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732774(v=ws.11)). + +## EXAMPLES + +### Example 1: Enable BitLocker + +```PowerShell +$SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force +Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector +``` + +This example enables BitLocker for a specified drive using the TPM and a PIN for key protector. + +The first command uses the **ConvertTo-SecureString** cmdlet to create a secure string that contains a PIN and saves that string in the $SecureString variable. +For more information about the **ConvertTo-SecureString** cmdlet, type `Get-Help ConvertTo-SecureString`. + +The second command enables BitLocker encryption for the BitLocker volume that has the drive letter C:. +The cmdlet specifies an encryption algorithm and the PIN saved in the $SecureString variable. +The command also specifies that this volume uses a combination of the TPM and the PIN as key protector. +The command also specifies to encrypt the used space data on the disk, instead of the entire volume. +When the system writes data to the volume in the future, that data is encrypted. + +### Example 2: Enable BitLocker with a recovery key + +```PowerShell +Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes128 -RecoveryKeyPath "E:\Recovery\" -RecoveryKeyProtector +``` + +This command gets all the BitLocker volumes for the current computer and passes pipes them to the **Enable-BitLocker** cmdlet by using the pipe operator. +This cmdlet specifies an encryption algorithm for the volume or volumes. +This cmdlet specifies a path to a folder where the randomly generated recovery key will be stored and indicates that these volumes use a recovery key as a key protector. + +### Example 3: Enable BitLocker with a specified user account + +```PowerShell +Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes128 -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector +``` + +This command encrypts the BitLocker volume specified by the *MountPoint* parameter, and uses the AES 128 encryption method. +The command also specifies an account and specifies that BitLocker uses user credentials as a key protector. +When a user accesses this volume, BitLocker prompts for credentials for the user account Western\SarahJones. + +## PARAMETERS + +### -AdAccountOrGroup + +Specifies an account using the format Domain\User. +This cmdlet adds the account you specify as a key protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: AdAccountOrGroupProtector +Aliases: sid + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AdAccountOrGroupProtector + +Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: AdAccountOrGroupProtector +Aliases: sidp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EncryptionMethod + +Specifies an encryption method for the encrypted drive. For further guidance, see the +[ADV180028 Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/ADV180028). + +```yaml +Type: BitLockerVolumeEncryptionMethodOnEnable +Parameter Sets: (All) +Aliases: +Accepted values: Aes128, Aes256, XtsAes128, XtsAes256 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HardwareEncryption + +Indicates that the volume uses hardware encryption. We strongly advise against hardware encryption. +For further guidance, see the +[ADV180028 Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/ADV180028). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint + +Specifies an array of drive letters or BitLocker volume objects. +This cmdlet enables protection for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Password + +Specifies a secure string object that contains a password. +The password specified acts as a protector for the volume encryption key. + +```yaml +Type: SecureString +Parameter Sets: PasswordProtector +Aliases: pw + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PasswordProtector + +Indicates that BitLocker uses a password as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: PasswordProtector +Aliases: pwp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Pin + +Specifies a secure string object that contains a PIN. +BitLocker uses the PIN specified, with other data, as a protector for the volume encryption key. + +```yaml +Type: SecureString +Parameter Sets: TpmAndPinAndStartupKeyProtector, TpmAndPinProtector +Aliases: p + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryKeyPath + +Specifies a path to a folder. +This cmdlet adds a randomly generated recovery key as a protector for the volume encryption key and stores it in the specified path. + +```yaml +Type: String +Parameter Sets: RecoveryKeyProtector +Aliases: rk + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryKeyProtector + +Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: RecoveryKeyProtector +Aliases: rkp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryPassword + +Specifies a recovery password. +If you do not specify this parameter, but you do include the *RecoveryPasswordProtector* parameter, the cmdlet creates a random password. +You can enter a 48-digit password. +The password specified or created acts as a protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: RecoveryPasswordProtector +Aliases: rp + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryPasswordProtector + +Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: RecoveryPasswordProtector +Aliases: rpp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Service + +Indicates that the system account for this computer unlocks the encrypted volume. + +```yaml +Type: SwitchParameter +Parameter Sets: AdAccountOrGroupProtector +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipHardwareTest + +Indicates that BitLocker does not perform a hardware test before it begins encryption. +BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: s + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartupKeyPath + +Specifies a path to a startup key. +The key stored in the specified path acts as a protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: StartupKeyProtector, TpmAndStartupKeyProtector, TpmAndPinAndStartupKeyProtector +Aliases: sk + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartupKeyProtector + +Indicates that BitLocker uses a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: StartupKeyProtector +Aliases: skp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndPinAndStartupKeyProtector + +Indicates that BitLocker uses a combination of the TPM, a PIN, and a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndPinAndStartupKeyProtector +Aliases: tpskp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndPinProtector + +Indicates that BitLocker uses a combination of the TPM and a PIN as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndPinProtector +Aliases: tpp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmAndStartupKeyProtector + +Indicates that BitLocker uses a combination of the TPM and a startup key as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmAndStartupKeyProtector +Aliases: tskp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TpmProtector + +Indicates that BitLocker uses the TPM as a protector for the volume encryption key. + +```yaml +Type: SwitchParameter +Parameter Sets: TpmProtector +Aliases: tpmp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UsedSpaceOnly + +Indicates that BitLocker does not encrypt unallocated disk space. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: qe + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Disable-BitLocker](./Disable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Lock-BitLocker](./Lock-BitLocker.md) + +[Resume-BitLocker](./Resume-BitLocker.md) + +[Suspend-BitLocker](./Suspend-BitLocker.md) + +[Unlock-BitLocker](./Unlock-BitLocker.md) diff --git a/docset/winserver2025-ps/bitlocker/Enable-BitLockerAutoUnlock.md b/docset/winserver2025-ps/bitlocker/Enable-BitLockerAutoUnlock.md new file mode 100644 index 0000000000..decb90821d --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Enable-BitLockerAutoUnlock.md @@ -0,0 +1,109 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/enable-bitlockerautounlock?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-BitLockerAutoUnlock +--- + +# Enable-BitLockerAutoUnlock + +## SYNOPSIS +Enables automatic unlocking for a BitLocker volume. + +## SYNTAX + +``` +Enable-BitLockerAutoUnlock [-MountPoint] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-BitLockerAutoUnlock** cmdlet enables automatic unlocking for a volume protected by BitLocker Disk Encryption. + +You can configure BitLocker to automatically unlock volumes that do not host an operating system. +After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to unlock any data volumes that use automatic unlocking. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Enable automatic unlocking +``` +PS C:\>Enable-BitLockerAutoUnlock -MountPoint "E:" +``` + +This command enables automatic unlocking for the specified BitLocker volume. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet enables automatic unlocking for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Clear-BitLockerAutoUnlock](./Clear-BitLockerAutoUnlock.md) + +[Disable-BitLockerAutoUnlock](./Disable-BitLockerAutoUnlock.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + diff --git a/docset/winserver2025-ps/bitlocker/Get-BitLockerVolume.md b/docset/winserver2025-ps/bitlocker/Get-BitLockerVolume.md new file mode 100644 index 0000000000..8421f16844 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Get-BitLockerVolume.md @@ -0,0 +1,136 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/get-bitlockervolume?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-BitLockerVolume +--- + +# Get-BitLockerVolume + +## SYNOPSIS +Gets information about volumes that BitLocker can protect. + +## SYNTAX + +``` +Get-BitLockerVolume [[-MountPoint] ] [] +``` + +## DESCRIPTION +The **Get-BitLockerVolume** cmdlet gets information about volumes that BitLocker Drive Encryption can protect. +You can specify a BitLocker volume by drive letter, followed by a colon (C:, E:). +If you do not specify a drive letter, this cmdlet gets all volumes for the current computer. + +You can use this cmdlet to get BitLocker volumes to use with other cmdlets, such as the **Enable-BitLocker** cmdlet or the **Add-BitLockerKeyProtector** cmdlet. +You can also use this cmdlet to view the following information about a BitLocker volume: + +- VolumeType - Data or Operating System. +- Mount Point - Drive letter. +- CapacityGB - Size of drive. +- MetadataVersion - Returns the FVE metadata version of the volume. + - 0 - **Unknown** - The operating system is unknown. + - 1 - **Vista** - Windows Vista format, meaning that the volume was protected with BitLocker on a computer running Windows Vista. + - 2 - **Win7** - Windows 7 format, meaning that the volume was protected with BitLocker on a computer running Windows 7 or the metadata format was upgraded by using the UpgradeVolume method. +- VolumeStatus - Whether BitLocker currently protects some, all, or none of the data on the volume. +- Encryption Percentage - Percent of the volume protected by BitLocker. +- KeyProtector - Type of key protector or protectors. +- AutoUnlock Enabled - Whether BitLocker uses automatic unlocking for the volume. +- Protection Status - Whether BitLocker currently uses a key protector to encrypt the volume encryption key. +- EncryptionMethod - Indicates the encryption algorithm and key size used on the volume. + +See [BitLocker Overview](/windows/security/information-protection/bitlocker/bitlocker-overview) for more information. + +For an overview of encryption methods, see [GetEncryptionMethod method](/windows/win32/secprov/getencryptionmethod-win32-encryptablevolume). + +## EXAMPLES + +### Example 1: Get all BitLocker volumes +``` +PS C:\> Get-BitLockerVolume + +VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection + Point Percentage Enabled Status +---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- +Data D: 931.51 EncryptionInProgress 1 {RecoveryPassword, Pas... Off +Data E: 928.83 FullyDecrypted 0 {} Off +OperatingSystem C: 232.54 FullyDecrypted 0 {Tpm} Off +Data F: 0.98 FullyDecrypted 0 {} Off +Data G: 1.70 FullyDecrypted 0 {} Off +``` + +This command gets all the BitLocker volumes for the current computer. + +### Example 2: Get a specific BitLocker volume +``` +PS C:\> Get-BitLockerVolume -MountPoint "E:" + +VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection + Point Percentage Enabled Status +---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- +Data E: 928.83 FullyDecrypted 0 {} Off +``` + +This command gets the specified BitLocker volume. + +### Example 3: Get all attributes for a specific BitLocker volume +``` +PS C:\> Get-BitLockerVolume -MountPoint C | Format-List +ComputerName : DESKTOP-XXXXXXX +MountPoint : C: +EncryptionMethod : XtsAes128 +AutoUnlockEnabled : +AutoUnlockKeyStored : False +MetadataVersion : 2 +VolumeStatus : FullyEncrypted +ProtectionStatus : On +LockStatus : Unlocked +EncryptionPercentage : 100 +WipePercentage : 0 +VolumeType : OperatingSystem +CapacityGB : 218,2344 +KeyProtector : {RecoveryPassword, Tpm} +``` + +This command lists all BitLocker related attributes for C drive. + +## PARAMETERS + +### -MountPoint +Specifies an array of drive letters. +This cmdlet gets these BitLocker volumes. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Add-BitLockerKeyProtector](./Add-BitLockerKeyProtector.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Enable-BitLockerAutoUnlock](./Enable-BitLockerAutoUnlock.md) diff --git a/docset/winserver2025-ps/bitlocker/Lock-BitLocker.md b/docset/winserver2025-ps/bitlocker/Lock-BitLocker.md new file mode 100644 index 0000000000..dbed0b0d30 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Lock-BitLocker.md @@ -0,0 +1,133 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/lock-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Lock-BitLocker +--- + +# Lock-BitLocker + +## SYNOPSIS +Prevents access to encrypted data on a BitLocker volume. + +## SYNTAX + +``` +Lock-BitLocker [-MountPoint] [-ForceDismount] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Lock-BitLocker** cmdlet prevents access to all encrypted data on a volume that uses BitLocker Drive Encryption. +You can use the **Unlock-BitLocker** cmdlet to restore access. + +You can specify a volume to lock by drive letter, or you can specify a BitLocker volume object. +This cmdlet cannot lock a volume that hosts the operating system. +If you attempt to lock an already locked volume, this cmdlet does nothing. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Lock a volume +``` +PS C:\> Lock-BitLocker -MountPoint "E:" -ForceDismount +``` + +This command locks the BitLocker volume specified with the *MountPoint* parameter. +The command uses the *ForceDismount* parameter, so the cmdlet attempts to lock the volume even if it is in use. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceDismount +Indicates that the cmdlet attempts to lock a drive even if the drive is in use. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: fd + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet attempts to lock the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Disable-BitLocker](./Disable-BitLocker.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Resume-BitLocker](./Resume-BitLocker.md) + +[Suspend-BitLocker](./Suspend-BitLocker.md) + +[Unlock-BitLocker](./Unlock-BitLocker.md) + diff --git a/docset/winserver2025-ps/bitlocker/Remove-BitLockerKeyProtector.md b/docset/winserver2025-ps/bitlocker/Remove-BitLockerKeyProtector.md new file mode 100644 index 0000000000..fe3e9f76a1 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Remove-BitLockerKeyProtector.md @@ -0,0 +1,155 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/remove-bitlockerkeyprotector?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-BitLockerKeyProtector +--- + +# Remove-BitLockerKeyProtector + +## SYNOPSIS +Removes a key protector for a BitLocker volume. + +## SYNTAX + +``` +Remove-BitLockerKeyProtector [-MountPoint] [-KeyProtectorId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Remove-BitLockerKeyProtector** cmdlet removes a key protector for a volume protected by BitLocker Drive Encryption. + +You can specify a key protector to remove by using an ID. +To add a protector, use the **Add-BitLockerKeyProtector** cmdlet. + +If you remove all the key protectors for a BitLocker volume, BitLocker stores the data encryption key for the volume without using encryption. +This means that any user that can access the volume can read the encrypted data on the volume unless you add a key protector. +Any encrypted data on the drive remains encrypted. + +We recommend you have at least one recovery password as key protector to a volume in case you need to recover a system. + +For an overview of BitLocker, see [Overview of BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10). + +## EXAMPLES + +### Example 1: Remove the second key protector for a volume +```powershell +PS C:\> $BLV = Get-BitLockerVolume -MountPoint "C:" +PS C:\> Remove-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId +``` + +This example removes a key protector for a specified BitLocker volume. + +The first command uses **Get-BitLockerVolume** to obtain a BitLocker volume and store it in the `$BLV` variable. + +The second command removes the key protector for the BitLocker volume specified by the **MountPoint** parameter. +The command specifies the key protector by using its ID, contained in the BitLocker object stored in `$BLV`. + +### Example 2: Remove TpmPin key protector for a volume +```powershell +PS C:\> $BLV = Get-BitlockerVolume -MountPoint "C:" +PS C:\> $TpmPinKeyProtector = $BLV.KeyProtector | Where-Object {$PSItem.KeyProtectorType -eq "TpmPin"} +PS C:\> Remove-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $TpmPinKeyProtector.KeyProtectorId +``` + +This example removes a key protector of type TpmPin for a specified BitLocker Volume. + +The first command uses **Get-BitLockerVolume** to obtain a BitLocker volume and store it in the `$BLV` variable. + +The second command filters the key protectors to get only the one with TpmPin type and stores it in the `$TpmPinKeyProtector` variable. + +The third command removes the key protector by its ID. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyProtectorId +Specifies the ID for a key protector. +A BitLocker volume object includes a **KeyProtector** object. +You have to specify the key protector ID. +See the Examples section. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet removes key protectors for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Add-BitLockerKeyProtector](./Add-BitLockerKeyProtector.md) + +[Backup-BitLockerKeyProtector](./Backup-BitLockerKeyProtector.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) diff --git a/docset/winserver2025-ps/bitlocker/Resume-BitLocker.md b/docset/winserver2025-ps/bitlocker/Resume-BitLocker.md new file mode 100644 index 0000000000..40ea411bda --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Resume-BitLocker.md @@ -0,0 +1,125 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Resume-BitLocker +--- + +# Resume-BitLocker + +## SYNOPSIS +Restores Bitlocker encryption for the specified volume. + +## SYNTAX + +``` +Resume-BitLocker [-MountPoint] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Resume-BitLocker** cmdlet restores encryption on a volume that uses BitLocker Drive Encryption. +You can use the **Suspend-BitLocker** cmdlet to allow users to access encrypted data temporarily. +Data written to the volume continues to be encrypted, but the key to unlock the operating system volume is in the open. + +You can specify a volume by drive letter, or you can specify a BitLocker volume object. +If you specify a BitLocker volume that is not suspended, this cmdlet has no effect on that volume. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Resume protection for a volume +``` +PS C:\> Resume-BitLocker -MountPoint "C:" +``` + +This command resumes BitLocker protection for the C: drive. + +### Example 2: Resume protection for all volumes on a computer +``` +PS C:\>Get-BitLockerVolume | Resume-BitLocker +``` + +This command gets all the BitLocker volumes for the current computer by using the **Get-BitLockerVolume** cmdlet and passes them to **Resume-BitLocker** by using the pipeline operator. +The command restores protection for all BitLocker volumes. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +This cmdlet resumes protection for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Disable-BitLocker](./Disable-BitLocker.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Lock-BitLocker](./Lock-BitLocker.md) + +[Suspend-BitLocker](./Suspend-BitLocker.md) + +[Unlock-BitLocker](./Unlock-BitLocker.md) + diff --git a/docset/winserver2025-ps/bitlocker/Suspend-BitLocker.md b/docset/winserver2025-ps/bitlocker/Suspend-BitLocker.md new file mode 100644 index 0000000000..8296bbf5ad --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Suspend-BitLocker.md @@ -0,0 +1,144 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Suspend-BitLocker +--- + +# Suspend-BitLocker + +## SYNOPSIS +Suspends Bitlocker encryption for the specified volume. + +## SYNTAX + +``` +Suspend-BitLocker [-MountPoint] [[-RebootCount] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Suspend-BitLocker** cmdlet suspends Bitlocker encryption, allowing users to access encrypted data on a volume that uses BitLocker Drive Encryption. +This cmdlet makes the encryption key available in the clear. + +Suspension of BitLocker does not mean that BitLocker decrypts data on the volume. +Instead, suspension makes key used to decrypt the data available to everyone in the clear. +New data written to the disk is still encrypted. + +While suspended, BitLocker does not validate system integrity at start up. +You might suspend BitLocker protection for firmware upgrades or system updates. + +You can specify the number of times that a computer restarts before the BitLocker suspension ends by using the *RebootCount* parameter, or you can use the **Resume-BitLocker** cmdlet to manually resume protection. +If you do not specify the *RebootCount* parameter, the cmdlet uses a value of one (1), so BitLocker protection resumes after the next restart. + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Suspend BitLocker protection +``` +PS C:\> Suspend-BitLocker -MountPoint "C:" -RebootCount 0 +``` + +This command suspends Bitlocker encryption on the BitLocker volume specified by the *MountPoint* parameter. +Because the *RebootCount* parameter value is 0, BitLocker encryption remains suspended until you run the **Resume-BitLocker** cmdlet. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +This cmdlet suspends protection for the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -RebootCount +Specifies the number of computer restarts before BitLocker restores protection. +The acceptable values for this parameter are: integers from 0 to 15. + +Specify zero to suspend protection indefinitely until you resume it by using the **Resume-BitLocker** cmdlet. + +If you do not include this parameter, the cmdlet uses a value of one. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Disable-BitLocker](./Disable-BitLocker.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Lock-BitLocker](./Lock-BitLocker.md) + +[Resume-BitLocker](./Resume-BitLocker.md) + +[Unlock-BitLocker](./Unlock-BitLocker.md) + diff --git a/docset/winserver2025-ps/bitlocker/Unlock-BitLocker.md b/docset/winserver2025-ps/bitlocker/Unlock-BitLocker.md new file mode 100644 index 0000000000..0deecce3d9 --- /dev/null +++ b/docset/winserver2025-ps/bitlocker/Unlock-BitLocker.md @@ -0,0 +1,206 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BitLocker-help.xml +Module Name: BitLocker +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitlocker/unlock-bitlocker?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Unlock-BitLocker +--- + +# Unlock-BitLocker + +## SYNOPSIS +Restores access to data on a BitLocker volume. + +## SYNTAX + +### OnlyPasswordParameterSet +``` +Unlock-BitLocker [-MountPoint] -Password [-WhatIf] [-Confirm] [] +``` + +### OnlyRecoveryPasswordParameterSet +``` +Unlock-BitLocker [-MountPoint] -RecoveryPassword [-WhatIf] [-Confirm] [] +``` + +### OnlyRecoveryKeyParameterSet +``` +Unlock-BitLocker [-MountPoint] -RecoveryKeyPath [-WhatIf] [-Confirm] [] +``` + +### OnlyAdAccountOrGroupParameterSet +``` +Unlock-BitLocker [-MountPoint] [-AdAccountOrGroup] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Unlock-BitLocker** cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. +You can use the **Lock-BitLocker** cmdlet to prevent access. + +In order to restore access, provide one of the following key protectors for the volume: + +- Active Directory Domain Services (AD DS) account +- Password +- Recovery key +- Recovery password + +For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet. + +## EXAMPLES + +### Example 1: Unlock a volume +``` +PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force +PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString +``` + +This example unlocks a specified BitLocker volume by using a password. + +The first command uses the **ConvertTo-SecureString** cmdlet to create a secure string that contains a password and saves it in the $SecureString variable. +For more information about the **ConvertTo-SecureString** cmdlet, type `Get-Help ConvertTo-SecureString`. + +The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable. + +## PARAMETERS + +### -AdAccountOrGroup +Indicates that BitLocker requires account credentials to unlock the volume. +In order to use this parameter, the account for the current user must be a key protector for the volume. + +```yaml +Type: SwitchParameter +Parameter Sets: OnlyAdAccountOrGroupParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MountPoint +Specifies an array of drive letters or BitLocker volume objects. +The cmdlet unlocks the volumes specified. +To obtain a BitLocker volume object, use the **Get-BitLockerVolume** cmdlet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Password +Specifies a secure string that contains a password. +The password specified acts as a protector for the volume encryption key. + +```yaml +Type: SecureString +Parameter Sets: OnlyPasswordParameterSet +Aliases: pw + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryKeyPath +Specifies the path to a folder where recovery keys are stored. +The key stored in the specified path, if found, acts as a protector for the volume encryption. + +```yaml +Type: String +Parameter Sets: OnlyRecoveryKeyParameterSet +Aliases: rk + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecoveryPassword +Specifies a recovery password. +The password specified acts as a protector for the volume encryption key. + +```yaml +Type: String +Parameter Sets: OnlyRecoveryPasswordParameterSet +Aliases: rp + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### BitLockerVolume[], String[] + +## OUTPUTS + +### BitLockerVolume[] + +## NOTES + +## RELATED LINKS + +[Disable-BitLocker](./Disable-BitLocker.md) + +[Enable-BitLocker](./Enable-BitLocker.md) + +[Get-BitLockerVolume](./Get-BitLockerVolume.md) + +[Lock-BitLocker](./Lock-BitLocker.md) + +[Resume-BitLocker](./Resume-BitLocker.md) + +[Suspend-BitLocker](./Suspend-BitLocker.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Add-BitsFile.md b/docset/winserver2025-ps/bitstransfer/Add-BitsFile.md new file mode 100644 index 0000000000..48527df12c --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Add-BitsFile.md @@ -0,0 +1,205 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/add-bitsfile?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Add-BitsFile +--- + +# Add-BitsFile + +## SYNOPSIS +Adds one or more files to an existing BITS transfer job. + +## SYNTAX + +``` +Add-BitsFile [-BitsJob] [[-Destination] ] [-Source] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Add-BitsFile** cmdlet adds files to a Background Intelligent Transfer Service (BITS) transfer job. +You can specify the files to add to the BITS transfer job by name at the command prompt or in a comma-separated value (CSV) file. + +Important: An upload job can contain only one file. +To upload more than one file, use the **Import-Csv** cmdlet, and pipe the output to the **Add-BitsFile** cmdlet. +For more information, see example 3 in this Help topic. +Or, use a cabinet file (.cab) or a compressed file (.zip). + +## EXAMPLES + +### Example 1: Append a file to the transfer queue of an existing BITS transfer job +``` +PS C:\> Get-BitsTransfer -JobId 10778CFA-C1D7-4A82-8A9D-80B19224879C | Add-BitsFile -Source http://server01/servertestdir/testfile1.txt -Destination "c:\clienttestdir\testfile1.txt" +``` + +This command appends a file to the transfer queue of an existing BITS transfer job. + +In this example, the output of the **Get-BitsTransfer** cmdlet is a **BitsJob** object that is identified by its unique job ID. +The command pipes the job ID to the **Add-BitsFile** cmdlet. +The local and remote names of the file are in the parameters. + +### Example 2: Append a set of files to the transfer queue of an existing BITS transfer job +``` +PS C:\> $Bits = Get-BitsTransfer -JobId 10778CFA-C1D7-4A82-8A9D-80B19224879C +PS C:\> Add-BitsFile -BitsJob $Bits -Source "http://server01/servertestdir/testfile1.txt", "http://server01/servertestdir/testfile2.txt" -Destination "c:\clienttestdir\testfile1.txt", "c:\clienttestdir\testfile2.txt" +``` + +This command appends a set of files to the transfer queue of an existing BITS transfer job. + +The first command retrieves the BITS transfer job that is identified by the job ID and then stores it in the $b variable. +The second command uses the *BitsJob* parameter to pass the **BitsJob** object that is stored in the $b variable to **Add-BitsFile**. + +The server file names are paired with the corresponding client file names. + +### Example 3: Add a set of files to the transfer queue of a new BITS transfer job +``` +PS C:\> $Bits = Start-BitsTransfer -Suspended +PS C:\> Import-CSV filelist.txt | Add-BitsFile -BitsJob $Bits +PS C:\> Resume-BitsTransfer -BitsJob $Bits +``` + +This example adds a set of files to the transfer queue of a new BITS transfer job. + +The first command creates a new BitsJob object and then stores it in the $Bits variable. + +The second command uses the **Import-CSV** cmdlet to import a text file that contains a list of files to be transferred. +The text file is converted to an array of objects (one per line) and passed through the pipeline to the **Add-BitsFile** cmdlet. +The *BitsJob* parameter is used to pass the **BitsJob** object (the transfer job) that is stored in the $Bits variable to the **Add-BitsFile** cmdlet. These array of objects, adds BITS transfer job for each of the file to be downloaded and then transfers them concurrently to the client. This command also updates the transfer job with the list of files to be transferred. + +The third command passes the **BitsJob** object that is stored in the $Bits variable to the **Resume-BitsTransfer** cmdlet. +The BITS transfer job is restarted, and the files that are specified in the Filelist.txt file are transferred from the source to the destination. + +The `Import-CSV filelist.txt` element of the second command imports a text file that contains the list of files to be transferred. +Each line of this file specifies a file to be transferred, in the `,` format. +The text file is converted to an array of objects, one per line, and passed through the pipeline. +In this example, the array of objects is passed to the `Add-BitsFile` cmdlet. + +The contents of the Filelist.txt file resemble the following information: + +- **Source, Destination** +- `http://server01/servertestdir/testfile1.txt, c:\clienttestdir\testfile1.txt` +- `http://server01/servertestdir/testfile2.txt, c:\clienttestdir\testfile2.txt` +- `http://server01/servertestdir/testfile3.txt, c:\clienttestdir\testfile3.txt` +- `http://server01/servertestdir/testfile4.txt, c:\clienttestdir\testfile4.txt` + +## PARAMETERS + +### -BitsJob +Specifies the BITS transfer jobs to which you want to add files. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as **Get-BitsTransfer**. + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Destination +Specifies the destination location and the names of the files that you want to transfer. +The destination names are paired with the corresponding source file names. +For instance, the first file name specified in the *Source* parameter corresponds to the first file name in the *Destination* parameter, and the second file name in the *Source* parameter corresponds to the second file name in the *Destination* parameter. +The *Source* and *Destination* parameters must have the same number of elements; otherwise, the command produces an error. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Source +Specifies the source location and the names of the files that you want to transfer. +The source file names are paired with the corresponding destination file names. +For instance, the first file name specified in the *Source* parameter corresponds to the first file name in the *Destination* parameter, and the second file name in the *Source* parameter corresponds to the second file name in the *Destination* parameter. +The *Source* and *Destination* parameters must have the same number of elements; otherwise, the command produces an error. +You can use standard wildcard characters such as the asterisk (*) and the question mark (?), or you can use a range operator such as "\[a-r\]". + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet generates the **BitsJob** objects that are associated with the BITS transfer jobs to which the files were added. + +## NOTES + +## RELATED LINKS + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/BitsTransfer.md new file mode 100644 index 0000000000..b200a224bd --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/BitsTransfer.md @@ -0,0 +1,41 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.1 +Locale: en-US +Module Guid: 8fa5064b-8479-4c5c-86ea-0d311fe48875 +Module Name: BitsTransfer +ms.date: 12/20/2016 +title: BitsTransfer +--- + +# BitsTransfer Module +## Description +This reference provides cmdlet descriptions and syntax for all Background Intelligent Transfer Management (BITS)-specific cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet. + +## BitsTransfer Cmdlets +### [Add-BitsFile](./Add-BitsFile.md) +Adds one or more files to an existing BITS transfer job. + +### [Complete-BitsTransfer](./Complete-BitsTransfer.md) +Completes a BITS transfer job. + +### [Get-BitsTransfer](./Get-BitsTransfer.md) +Gets the associated BitsJob object for an existing BITS transfer job. + +### [Remove-BitsTransfer](./Remove-BitsTransfer.md) +Cancels a BITS transfer job. + +### [Resume-BitsTransfer](./Resume-BitsTransfer.md) +Resumes a BITS transfer job. + +### [Set-BitsTransfer](./Set-BitsTransfer.md) +Modifies the properties of an existing BITS transfer job. + +### [Start-BitsTransfer](./Start-BitsTransfer.md) +Creates a BITS transfer job. + +### [Suspend-BitsTransfer](./Suspend-BitsTransfer.md) +Suspends a BITS transfer job. + + diff --git a/docset/winserver2025-ps/bitstransfer/Complete-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Complete-BitsTransfer.md new file mode 100644 index 0000000000..e4ffceb28b --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Complete-BitsTransfer.md @@ -0,0 +1,139 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/complete-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Complete-BitsTransfer +--- + +# Complete-BitsTransfer + +## SYNOPSIS +Completes a BITS transfer job. + +## SYNTAX + +``` +Complete-BitsTransfer [-BitsJob] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Complete-BitsTransfer** cmdlet ends one or more Background Intelligent Transfer Service (BITS) transfer jobs and then saves the files on the client computer. +If an error occurs, the associated **BitsJob** object is written to the error pipeline. + +## EXAMPLES + +### Example 1: Complete all BITS transfer jobs owned by the current user +``` +C:\PS>Get-BitsTransfer | Complete-BitsTransfer +``` + +This command completes all the BITS transfer jobs that are owned by the current user. + +In this command, the output of the **Get-BitsTransfer** cmdlet is piped to the **Complete-BitsTransfer** cmdlet. +The output is a set of **BitsJob** objects. + +### Example 2: Complete all BITS transfer jobs on the computer +``` +PS C:\> $Bits = Get-BitsTransfer -AllUsers +PS C:\> Complete-BitsTransfer -BitsJob $Bits +``` + +These commands complete all the BITS transfer jobs on the computer. + +The first command retrieves all the **BitsJob** objects on the computer and then stores them in the $Bits variable. + +The second command uses the *BitsJob* parameter to pass the **BitsJob** objects that are stored in the $Bits variable to the **Complete-BitsTransfer** cmdlet. + +### Example 3: Complete a BITS transfer job by display name +``` +PS C:\> Get-BitsTransfer -Name testjob1 | Complete-BitsTransfer +``` + +This command completes the BITS transfer job that is identified by the specified display name. + +The output of the **Get-BitsTransfer** cmdlet is a **BitsJob** object. +This output is piped to the **Complete-BitsTransfer** cmdlet. + +## PARAMETERS + +### -BitsJob +Specifies the BITS transfer jobs to complete. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as **Get-BitsTransfer**. + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: b + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### None +This cmdlet does not generate any output. + +## NOTES + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Get-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Get-BitsTransfer.md new file mode 100644 index 0000000000..3bcdad090f --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Get-BitsTransfer.md @@ -0,0 +1,180 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/get-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-BitsTransfer +--- + +# Get-BitsTransfer + +## SYNOPSIS +Gets the associated BitsJob object for an existing BITS transfer job. + +## SYNTAX + +### ListJobsByName (Default) +``` +Get-BitsTransfer [[-Name] ] [-AllUsers] [] +``` + +### ListJobsById +``` +Get-BitsTransfer [-JobId] [] +``` + +## DESCRIPTION +The **Get-BitsTransfer** cmdlet retrieves a set of Background Intelligent Transfer Service (BITS) transfer jobs. +By default, the cmdlet returns the jobs that are owned by the current user. +However, if you have administrative credentials, you can specify the *AllUsers* parameter so that the command returns jobs that are owned by all users. +The returned jobs can be filtered by name or ID. +The jobs are represented by **BitsJob** objects. + +## EXAMPLES + +### Example 1: Get all BitsJob objects owned by the current user +``` +PS C:\> Get-BitsTransfer + +JobId DisplayName TransferType JobState OwnerAccount +----- ----------- ------------ -------- ------------ +07acbe90-7d25-4d05-a... TestJob2 Download Suspended DOMAIN01\user01 +c0dd3d8c-c3a2-4562-8... TestJob1 Download Transferred DOMAIN01\user01 +1ef8c549-7a92-4173-b... BitsJobTransfer Download Transferred DOMAIN01\user01 +2c8302d5-3f44-4981-8... BitsJobTransfer Download Transferred DOMAIN01\user01 +``` + +This command gets all the **BitsJob** objects that are owned by the current user. + +### Example 2: Get the BitsJob object identified by job ID +``` +PS C:\> Get-BitsTransfer -JobId C0DD3D8C-C3A2-4562-8324-80B19224879C + +JobId DisplayName TransferType JobState OwnerAccount +----- ----------- ------------ -------- ------------ +c0dd3d8c-c3a2-4562-8... TestJob1 Download Transferred DOMAIN01\user01 +``` + +This command gets the **BitsJob** object that is identified by the specified job ID. + +### Example 3: Get all BitsJob objects with a specific display name +``` +PS C:\> Get-BitsTransfer -AllUsers -Name "*Microsoft*", "*Windows*" + +JobId DisplayName TransferType JobState OwnerAccount +----- ----------- ------------ -------- ------------ +07acbe90-7d25-4d05-a... MicrosoftTest Download Suspended DOMAIN01\user01 +c0dd3d8c-c3a2-4562-8... WindowsTest Download Transferred DOMAIN01\user02 +``` + +This command gets all the **BitsJob** objects, owned by all users, where the **DisplayName** property of the **BitsJob** object contains either Microsoft or Windows. +If the user does not have administrative credentials, this command returns an error because it uses the *AllUsers* parameter. + +### Example 4: Get a BitsJob object identified by a specific display name +``` +C:\PS>Get-BitsTransfer -Name "TestJob1" + +JobId DisplayName TransferType JobState OwnerAccount +----- ----------- ------------ -------- ------------ +c0dd3d8c-c3a2-4562-8... TestJob1 Download Transferred DOMAIN01\user01 +``` + +This command gets the **BitsJob** object that is identified by the specified display name. + +## PARAMETERS + +### -AllUsers +Indicates that this cmdlet gets BITS transfer jobs that are owned by all users. +If this parameter is not specified, only jobs that are owned by the current user are returned. +This parameter requires administrative credentials. + +```yaml +Type: SwitchParameter +Parameter Sets: ListJobsByName +Aliases: all + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JobId +Specifies an array of BITS jobs by job ID. +Only the BITS jobs that include a job ID in this array are returned. +If **BitsJob** objects are piped to this cmdlet, their job IDs are used as the values of this parameter. + +```yaml +Type: Guid[] +Parameter Sets: ListJobsById +Aliases: id + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Specifies an array of BITS jobs based on job name. +Only BITS jobs with job names that match a name in this array are returned. +You can use standard wildcard characters such as the asterisk (*) and the question mark (?). +Or, you can use a range operator such as"\[a-r\]". + +For example, you can use any of the following commands: + +`Get-BitsTransfer -Name "BITS*"` + +`Get-BitsTransfer -Name "BITS Transfer"` + +`Get-BitsTransfer -Name "BITS Transfe[a-r]"` + +A combination of the wildcard character and range operators is also possible. + +```yaml +Type: String[] +Parameter Sets: ListJobsByName +Aliases: n + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the JobId parameter (based on the property name). + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet generates the **BitsJob** objects that are associated with the retrieved BITS transfer jobs. + +## NOTES + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Remove-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Remove-BitsTransfer.md new file mode 100644 index 0000000000..452133e2b6 --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Remove-BitsTransfer.md @@ -0,0 +1,138 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/remove-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Remove-BitsTransfer +--- + +# Remove-BitsTransfer + +## SYNOPSIS +Cancels a BITS transfer job. + +## SYNTAX + +``` +Remove-BitsTransfer [-BitsJob] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-BitsTransfer** cmdlet cancels a Background Intelligent Transfer Service (BITS) transfer job. +It deletes the underlying transfer job, removes any temporary files from the client, and deletes the associated **BitsJob** object. + +When the **Remove-BitsTransfer** cmdlet cancels a transfer job, it deletes all the transfers. +Consider a scenario is which you are transferring three files. +One file is completely transferred, one file is pending, and one file is currently being transferred. +In this scenario, **Remove-BitsTransfer** cancels the whole transfer and deletes the underlying files. +Any files that were already transferred are not available after you use the **Remove-BitsTransfer** cmdlet to cancel the transfer job. +Optionally, you can use the **Complete-BitsTransfer** cmdlet to commit any files that are completely downloaded and to cancel the pending and current transfers. +The transferred file is not be deleted and is available. + +## EXAMPLES + +### Example 1: Cancel all BITS transfer jobs owned by the current user +``` +PS C:\> Get-BitsTransfer | Remove-BitsTransfer +``` + +This command cancels all the BITS transfer jobs that are owned by the current user. + +The output of the **Get-BitsTransfer** cmdlet is piped to the **Remove-BitsTransfer** cmdlet. +The output is a set of **BitsJob** objects. + +### Example 2: Cancel all BITS transfer jobs on the computer +``` +C:\PS>$Bits = Get-BitsTransfer -AllUsers +PS C:\> Remove-BitsTransfer -BitsJob $Bits +``` + +This command cancels all the BITS transfer jobs on the computer. + +The first command gets all the **BitsJob** objects on the computer and then stores them in the $Bits variable. + +The second command uses the *BitsJob* parameter to pass the **BitsJob** objects that are stored in the $Bits variable to the **Remove-BitsTransfer** cmdlet. + +## PARAMETERS + +### -BitsJob +Specifies an array of BITS transfer jobs to cancel. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as the **Get-BitsTransfer** cmdlet. + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: b + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### None +This cmdlet does not generate any output. + +## NOTES +* After a job is removed or completed, any job objects that were previously cached in variables or in scripts are no longer valid. + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Resume-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Resume-BitsTransfer.md new file mode 100644 index 0000000000..ed31ee2bed --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Resume-BitsTransfer.md @@ -0,0 +1,177 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/resume-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Resume-BitsTransfer +--- + +# Resume-BitsTransfer + +## SYNOPSIS +Resumes a BITS transfer job. + +## SYNTAX + +``` +Resume-BitsTransfer [-BitsJob] [-Asynchronous] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Resume-BitsTransfer** cmdlet resumes one or more suspended Background Intelligent Transfer Service (BITS) transfer jobs. +If the BITS transfer is already in process, the cmdlet does nothing. +You can view the current state of a transfer job through the **Get-BitsTransfer** cmdlet. + +By default, the **Resume-BitsTransfer** cmdlet restarts the transfer job synchronously even if the original job was specified as an asynchronous transfer job. +You could use this behavior to convert an asynchronous transfer job into a synchronous transfer job. +You could do this if either of the following conditions is true: + +- The asynchronous transfer job was created outside cmdlets. + +- The asynchronous transfer job was created through the **Start-BitsTransfer** cmdlet. + +If you want to restart the transfer job as an asynchronous transfer, use the *Asynchronous* parameter. + +## EXAMPLES + +### Example 1: Resume all BITS transfer jobs owned by the current user +``` +PS C:\> Get-BitsTransfer | Resume-BitsTransfer +``` + +This command resumes all the BITS transfer jobs that are owned by the current user. + +The command prompt returns after the jobs are complete or after the jobs enter an error state. +The output of the **Get-BitsTransfer** cmdlet is a set of BitsJob objects. +This output is piped to the **Resume-BitsTransfer** cmdlet. +If any of the BITS transfer jobs are already active, they will continue to run. + +### Example 2: Resume a new BITS transfer job that was initially suspended +``` +PS C:\> $Bits = Start-BitsTransfer -DisplayName "MyJob" -Suspended +PS C:\> Add-BitsTransfer -BitsJob $Bits -ClientFileName C:\myFile -ServerFileName http://www.mysite.com/file1 +PS C:\> Resume-BitsTransfer -BitsJob $Bits -Asynchronous +``` + +This command resumes a new BITS transfer job that was initially suspended, and it returns the command prompt immediately. + +The first command creates a new **BitsJob** object in a suspended state and then stores it in the $Bits variable. + +The second command adds a file to the transfer queue of the new **BitsJob** object that is stored in the $Bits variable. + +The third command uses the **BitsJob** parameter to pass the **BitsJob** object that is stored in the $Bits variable to the **Resume-BitsTransfer** cmdlet. +This command starts the BITS transfer job. + +### Example 3: Resume the BITS transfer by the specified display name +``` +PS C:\> Get-BitsTransfer -Name "TestJob01" | Resume-BitsTransfer +``` + +This command resumes the BITS transfer that is identified by the display name named TestJob01. + +The command prompt returns after the job is complete or after the job enters an error state. +The output of the **Get-BitsTransfer** cmdlet is a **BitsJob** object. +This output is piped to the **Resume-BitsTransfer** cmdlet. +If the BITS transfer job is already active, it continues to run. + +## PARAMETERS + +### -Asynchronous +Indicates that the cmdlet processes the BITS transfer job in the background. +The command prompt reappears immediately after the BITS transfer job is resumed. +The returned **BitsJob** object can be used to monitor status and progress. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: as + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BitsJob +Specifies an array of BITS transfer jobs to resume. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as the **Get-BitsTransfer** cmdlet. + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: b + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +When called with the *Asynchronous* parameter, this cmdlet sends the **BitsJob** object that is associated with the resumed BITS transfer job as output. +Otherwise, no output is generated. + +## NOTES +* You can cancel a transfer job that is running in synchronous mode (foreground priority) by pressing CTRL+C. + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Set-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Set-BitsTransfer.md new file mode 100644 index 0000000000..5257468cfc --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Set-BitsTransfer.md @@ -0,0 +1,753 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/set-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Set-BitsTransfer +--- + +# Set-BitsTransfer + +## SYNOPSIS +Modifies the properties of an existing BITS transfer job. + +## SYNTAX + +``` +Set-BitsTransfer [-BitsJob] [-DisplayName ] [-Priority ] [-Description ] + [-Dynamic] [-CustomHeadersWriteOnly] [-HttpMethod ] [-ProxyAuthentication ] + [-RetryInterval ] [-RetryTimeout ] [-MaxDownloadTime ] [-TransferPolicy ] + [-ACLFlags ] [-SecurityFlags ] + [-UseStoredCredential ] [-Credential ] + [-ProxyCredential ] [-Authentication ] [-SetOwnerToCurrentUser] [-ProxyUsage ] + [-ProxyList ] [-ProxyBypass ] [-CustomHeaders ] [-NotifyFlags ] + [-NotifyCmdLine ] [-CertStoreLocation ] [-CertStoreName ] + [-CertHash ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-BitsTransfer** cmdlet modifies the properties of an existing Background Intelligent Transfer Service (BITS) transfer job. +You can specify the job that you want to modify in the *BitsJob* parameter. +Or, you can specify the job by passing it through the pipeline. + +## EXAMPLES + +### Example 1: Modify the priority of a BITS transfer job +``` +PS C:\> $Bits = Get-BitsTransfer -JobId 10778CFA-C1D7-4A82-8A9D-80B19224879C +PS C:\> Set-BitsTransfer -BitsJob $Bits -Priority High +``` + +This command modifies the priority of an existing BITS transfer job. + +The first command retrieves the BITS transfer job specified by the *JobId* parameter and then stores it in the $Bits variable. + +The second command uses the *BitsJob*parameter to pass the **BitsJob** object stored in the $Bits variable to the **Set-BitsTransfer** cmdlet. +The *Priority* parameter is used to set the priority of the BITS transfer job to High. + +### Example 2: Set the owner of a set of BITS transfer jobs +``` +PS C:\> Get-BitsTransfer -AllUsers -Name *Microsoft* | Set-BitsTransfer -SetOwnerToCurrentUser +``` + +This command makes the current user the owner of a set of existing BITS transfer jobs. + +The output of the **Get-BitsTransfer** cmdlet is a set of **BitsJob** objects whose display name contains Microsoft. +This output is passed to the **Set-BitsTransfer** cmdlet through the pipeline. +The *SetOwnerToCurrentUser* parameter specifies that the owner of each BITS transfer job is the current user. + +### Example 3: Modify the proxy settings of a BITS transfer job +``` +PS C:\> $Bits = Get-BitsTransfer -JobId 10778CFA-C1D7-4A82-8A9D-80B19224879C +PS C:\> $Cred = Get-Credential +PS C:\> Set-BitsTransfer -BitsJob $Bits -ProxyUsage AutoDetect -ProxyAuthentication $Cred +``` + +This command modifies the proxy settings of an existing BITS transfer job. + +The first command retrieves the BITS transfer job identified by the *JobId* parameter and then stores it in the variable named $Bits. + +The second command retrieves credentials from the user and then stores them in the $Cred variable. + +The third command uses the *BitsJob* parameter to pass the **BitsJob** object stored in the $Bits variable to the **Set-BitsTransfer** cmdlet. +It uses the *ProxyAuthentication* parameter to pass the **PSCredential** object stored in the $Cred variable. +The *ProxyUsage* parameter allows the BITS transfer job to automatically discover the Web proxy server by using the Web Proxy Autodiscovery Protocol (WPAD) protocol. +The supplied set of credentials is used to authenticate the user at the proxy server. + +### Example 4: Modify the proxy settings of a BITS transfer job using a proxy list and proxy bypass +``` +PS C:\> Get-BitsTransfer | Set-BitsTransfer -ProxyUsage Override -ProxyList "http://proxy1", "http://proxy2:81" -ProxyBypass "http://directconnect" +``` + +This command modifies the proxy settings of an existing BITS transfer job. + +The output of the **Get-BitsTransfer** cmdlet is the set of **BitsJob** objects that are owned by the current user. +This output is piped to the **Set-BitsTransfer** cmdlet. +The Override value that is specified in the *ProxyUsage* parameter indicates that an explicit list of proxy server and bypassed host names are provided. + +The *ProxyList* parameter specifies two proxy servers. +The first server in the list (`http://proxy1`) is used. +If that connection fails, the command tries the connection by using the second server in the list (`http://proxy2:81`). +If both connections fail, the job fails. + +When a list of host names is specified in the *ProxyBypass* parameter, the connection that is made is a direct connection that does not use a proxy server. +In this example, no proxy server is used to add a file to the BITS transfer queue on the directconnect server. + +## PARAMETERS + +### -ACLFlags +Specifies the owner and access control list (ACL) information to maintain for the transfer job. +Specify one or more of the following values: + +- o: Copy owner information with file. +- g: Copy group information with file. +- d: Copy discretionary access control list (DACL) information with file. +- s: Copy system access control list (SACL) information with file. + +```yaml +Type: ACLFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Authentication +Specifies the authentication mechanism to be used at the server. +The acceptable values for this parameter are: + +- **Basic**: Basic is a scheme in which the user name and password are sent in clear text to the server or proxy. + +- **Digest**: Digest is a challenge-response scheme that uses a server-specified data string for the challenge. + +- **NTLM**: NT LAN Manager (NTLM) is a challenge-response scheme that uses the credentials of the user for authentication in a Windows-based network environment. + +- **Negotiate** (the default): Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine which scheme to use for authentication. For example, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used. + +- **Passport**: Passport is a centralized authentication service provided by Microsoft that offers a single logon for member sites. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: au +Accepted values: Basic, Digest, Ntlm, Negotiate, Passport + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BitsJob +Specifies an array of BITS transfer jobs on which this cmdlet sets properties. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as Get-BitsTransfer + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: b + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -CertHash +Specifies a SHA1 hash that identifies the certificate. + +```yaml +Type: Byte[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertStoreLocation +Specifies the certificate store location to use for to look up the certificate. Valid values are: + +- CURRENT_USER +- LOCAL_MACHINE +- CURRENT_SERVICE +- SERVICES +- USERS +- CURRENT_USER_GROUP_POLICY +- LOCAL_MACHINE_GROUP_POLICY +- LOCAL_MACHINE_ENTERPRISE + +```yaml +Type: CertStoreLocationValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertStoreName +Specifies the name of the certificate store. Valid values are: + +- CA: Certification Authority certificates +- MY: Personal certificates +- ROOT: Root certificates +- SPC: Software Publisher Certificate + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the credentials to use to authenticate the user at the server. +The default is the current user. +Type a user name, such as "User01", "Domain01\User01", or "User@Contoso.com". +Or, use the **Get-Credential** cmdlet to create the value for this parameter. +When you type a user name, you are prompted for a password. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: cred + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomHeaders +Specifies one or more custom HTTP headers to include in the request to the server. Specify an array of strings. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomHeadersWriteOnly +Indicates that the HTTP custom headers for this job are write-only. + +Use this parameter when your custom headers include security information. +Other programs on the same computer can’t read the header. +The BITS process can read the headers and send them over the HTTP connection. + +You cannot change this value for a job after you set headers to write-only. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Specifies a description for the BITS transfer job. +The description is limited to 1,024 characters. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: d + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DisplayName +Specifies a display name for the BITS transfer job. +The display name provides a user-friendly way to differentiate BITS transfer jobs. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: dn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Dynamic +Indicates that the transfer uses the dynamic setting. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HttpMethod +Specifies a method for the transfer other than the default method GET. +If you specify GET, the parameter has no effect. + +If you specify a method, the job takes foreground priority, which can't be changed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: hm + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaxDownloadTime +Specifies the maximum time, in seconds, for transferring the files in a job. +The default is 7,776,000 seconds or 90 days. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotifyCmdLine +Specifies a program to run after the job finishes or encounters an error. +The program runs in the context of the user who runs this cmdlet. + +Specify the program name and any parameters as an array of strings. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotifyFlags +Specifies the type of event notification you want to receive, such as job transferred events. +Valid values are: + +- 1: Generates an event when all files in the job have been transferred. +- 2: Generates an event when an error occurs. +- 4: Disables notifications. + +The default value is 1|2. + +```yaml +Type: NotifyFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Priority +Specifies the priority of the BITS transfer job, which affects bandwidth usage. +The acceptable values for this parameter are: + +- **Foreground** (default): Transfers the job in the foreground. Foreground transfers compete for network bandwidth with other applications, which can impede the user's overall network experience. However, if the **Start-BitsTransfer** cmdlet is being used interactively, this is likely the best option. This is the highest priority level. + +- **High**: Transfers the job in the background with a high priority. Background transfers use the idle network bandwidth of the client computer to transfer files. + +- **Normal**: Transfers the job in the background with a normal priority. Background transfers use the idle network bandwidth of the client computer to transfer files. + +- **Low**: Transfers the job in the background with a low priority. Background transfers use the idle network bandwidth of the client to transfer files. This is the lowest background priority level. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: p +Accepted values: Foreground, High, Normal, Low + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyAuthentication +Specifies the authentication mechanism to use at the Web proxy. +The acceptable values for this parameter are: + +- **Basic**: Basic is a scheme in which the user name and password are sent in clear text to the server or proxy. + +- **Digest**: Digest is a challenge-response scheme that uses a server-specified data string for the challenge. + +- **NTLM**: NTLM is a challenge-response scheme that uses the credentials of the user for authentication in a Windows-based network environment. + +- **Negotiate** (the default): Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine which scheme to use for authentication. For instance, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used. + +- **Passport**: Passport is a centralized authentication service provided by Microsoft that offers a single logon for member sites. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: pa +Accepted values: Basic, Digest, Ntlm, Negotiate, Passport + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyBypass +Specifies a list of host names to use for a direct connection. +The hosts in the list are tried in order until a successful connection is achieved. +If you specify this parameter the cmdlet bypasses the proxy. +If this parameter is used, the *ProxyUsage* parameter must be set to **Override**; otherwise, an error occurs. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: pb + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyCredential +Specifies the credentials to use to authenticate the user at the proxy. +You can use the **Get-Credential** cmdlet to create a value for this parameter. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: pc + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyList +Specifies an array of proxies to use. +The proxies in the list are tried in order until a successful connection is achieved. +If this parameter is specified and *ProxyUsage* is set to a value other than **Override**, an error occurs. + +```yaml +Type: Uri[] +Parameter Sets: (All) +Aliases: pl + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyUsage +Specifies the proxy usage settings. +The acceptable values for this parameter are: + +- **SystemDefault** (the default): Use the system default proxy settings. + +- **NoProxy**: Do not use a proxy to transfer the files. Use this option when you transfer files within a local area network (LAN). + +- **AutoDetect**: Automatically detect proxy settings. BITS detects proxy settings for each file in the job. + +- **Override**: Specify the proxies or servers to use. If the *ProxyList* parameter is also specified, the proxies in that list are used. If the *ProxyBypass* parameter is also specified, the servers in that list are used. In both cases, the first member of the list is used. If the first member is unreachable, the subsequent members are tried until a member is contacted successfully. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: pu +Accepted values: SystemDefault, NoProxy, AutoDetect, Override + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetryInterval +Specifies the minimum length of time, in seconds, that BITS waits before it attempts to transfer the file after BITS encounters a transient error. +The minimum allowed value is 60 seconds. +If this value exceeds the RetryTimeout value from the **BitsJob** object, BITS will not retry the transfer. +Instead, BITS sets the state of the BITS transfer job to the Error state. + +The default is 600 seconds (10 minutes). + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetryTimeout +Specifies the length of time, in seconds, that BITS attempts to transfer the file after the first transient error occurs. +Setting the retry period to 0 prevents retries. +If the retry period value exceeds the JobInactivityTimeout Group Policy setting (90-day default), BITS cancels the job. + +The default value is 1,209,600 seconds (14 days). + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SecurityFlags +Specifies security flags for the HTTP request. + +The flags you can set, from the least significant bit, are the following bits: + +- 1: Enable CRL Check. +- 2: Ignore incorrect common names in the server certificate. +- 3: Ignore incorrect dates in the server certificate. +- 4: Ignore incorrect certification authorities in the server certificate. +- 5: Ignore incorrect usage of the server certificate. +- 12: Allow redirection from HTTPS to HTTP. + +Use bits 9 through 11 to implement your redirection policy: + +- 0,0,0: Redirects are automatically allowed. +- 0,0,1: Remote name is updated if a redirect occurs. +-0,1,0: BITS fails the job if a redirect occurs. + +```yaml +Type: SecurityFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SetOwnerToCurrentUser +Indicates that the cmdlet sets the owner of the BITS transfer job to the current user. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: so + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TransferPolicy +Specifies the network cost states in which the transfer is allowed to be scheduled. +The current cost state of the network is a bitmask that indicates the kinds of charges that would be incurred if a transfer was scheduled at this time. +This cost state represents a bitmask; if the bit corresponding to the current network cost state is set, the transfer can be scheduled. +If the bit corresponding to the current network cost state is not set, the transfer is ignored for scheduling purposes. +You can submit any of the named values listed here, or add them together to provide a custom value. + +The acceptable values for this parameter are: + +- **Unrestricted** (or unknown) : 0x00000001 : the cost state for this network is not known. + +- **Capped** : 0x00000002 : the cost state for this network is a capped plan, or a plan that has a data usage limit. + +- **BelowCap** : 0x00000004 : the cost state for this network is below the data plan cap. + +- **NearCap** : 0x00000008 : the cost state for this network is near the data plan cap. + +- **OverCapCharged** : 0x00000010 : the cost state for this network is above the data plan cap, and such usage is charged. + +- **OverCapThrottled** : 0x00000020 : the cost state for this network is above the data plan cap, and such usage is throttled. + +- **UsageBased** : 0x00000040 : the cost state for this network is charged based on usage. + +- **Roaming** : 0x00000080 : the cost state for this network incurs roaming charges. + +The cost state also includes one option (IgnoreCongestion) and a set of standard policies (Uncosted, Standard, NoSurcharge, NotRoaming, and Always) which are combinations of the discrete bit values. + +- **IgnoreCongestion** : 0x80000000 : the job can be scheduled even if the network provider reports that the network is congested. + +- **PolicyUnrestricted** : 0x80000021 : the set of cost states that do not consume the quota of a capped plan, or incur extra charges. + +- **Standard** : 0x80000067 : a set of cost states suitable for moderate-priority transfers. + +- **NoSurcharge** : 0x8000006f : the set of cost states that incur no surcharge for use. + +- **NotRoaming** : 0x8000007f : the set of cost states that exclude the roaming state. + +- **Always** : 0x800000ff : the set of all cost states. + +The default value is determined by a combination of job priority and group policy. +If this value is not explicitly set, it can vary when job priority or current group policy are modified. + +```yaml +Type: CostStates +Parameter Sets: (All) +Aliases: +Accepted values: None, Unrestricted, Capped, BelowCap, NearCap, OverCapCharged, OverCapThrottled, UsageBased, Roaming, IgnoreCongestion, PolicyUnrestricted, Standard, NoSurcharge, NotRoaming, Always + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseStoredCredential +Specifies that credentials stored in the Windows Credential Manager should be used for authentication when required for the specified target server type. +If this parameter is not specified and a server requires authentication, then explicit credentials must be included by using the *Credential* or *ProxyCredential* parameters. +This parameter is a flag parameter whose values can be added together to create the desired behavior. + +The acceptable values for this parameter are: + +- **None**: Use only credentials provided by the *Credential* or *ProxyCredential* parameters. This is the default behavior if the parameter is not specified. + +- **Proxy**: Credentials stored in the Windows Credential Manager are used for authentication for any proxy server that requires authentication. If no credentials in the Windows Credential Manager match the proxy server needing authentication, then you must specify credentials by using the *ProxyCredential* parameter. + +- **Server**: This value is not supported and generates an error if specified. + +```yaml +Type: AuthenticationTargetValue +Parameter Sets: (All) +Aliases: +Accepted values: None, Server, Proxy + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet generates the **BitsJob** objects that are associated with the BITS transfer jobs that were modified. + +## NOTES + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Start-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Start-BitsTransfer.md new file mode 100644 index 0000000000..a24a1c2f89 --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Start-BitsTransfer.md @@ -0,0 +1,923 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/start-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Start-BitsTransfer +--- + +# Start-BitsTransfer + +## SYNOPSIS +Creates a BITS transfer job. + +## SYNTAX + +``` +Start-BitsTransfer [-Asynchronous] [-Dynamic] [-CustomHeadersWriteOnly] [-Authentication ] + [-Credential ] [-Description ] [-HttpMethod ] [[-Destination] ] + [-DisplayName ] [-Priority ] [-TransferPolicy ] [-ACLFlags ] + [-SecurityFlags ] [-UseStoredCredential ] + [-ProxyAuthentication ] [-ProxyBypass ] [-ProxyCredential ] + [-ProxyList ] [-ProxyUsage ] [-RetryInterval ] [-RetryTimeout ] + [-MaxDownloadTime ] [-Source] [-Suspended] [-TransferType ] + [-CustomHeaders ] [-NotifyFlags ] [-NotifyCmdLine ] + [-CertStoreLocation ] [-CertStoreName ] [-CertHash ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +The **Start-BitsTransfer** cmdlet creates a Background Intelligent Transfer Service (BITS) transfer job to transfer one or more files between a client computer and a server. +The *TransferType* parameter specifies the direction of the transfer. +By default, after the cmdlet begins the transfer, the command prompt is not available until the transfer is complete or until the transfer enters an error state. +If the state of the returned **BitsJob** object is Error, the error code and description are contained in the object and can be used for analysis. + +The **Start-BitsTransfer** cmdlet supports the download of multiple files from a server to a client computer, but it does not generally support the upload of multiple files from a client computer to a server. +If you need to upload more than one file, you can use the **Import-Csv** cmdlet to pipe the output to the **Add-BitsFile** cmdlet to upload multiple files. +Or, if you need to upload more than one file, consider a cabinet file (.cab) or a compressed file (.zip). + +## EXAMPLES + +### Example 1: Create a BITS transfer job that downloads a file +``` +PS C:\> Start-BitsTransfer -Source "http://server01/servertestdir/testfile1.txt" -Destination "c:\clienttestdir\testfile1.txt" +``` + +This command creates a BITS transfer job that downloads a file from a server. +The local and remote names of the file are specified in the *Source* and *Destination* parameters. +Because the default transfer type is Download, the `http://Server01/servertestdir/testfile1.txt` file is transferred to `C:\clienttestdir\testfile1.txt` on the client. +The command prompt returns when the file transfer is complete or when it enters an error state. + +When you upload files to an HTTP location, the *TransferType* parameter must be set to **Upload**. + +Because the **Start-BitsTransfer** cmdlet assumes that the first parameter is the source and that the second parameter is the destination when no value is specified, this command could be simplified as follows: + +`Start-BitsTransfer "http://server01/servertestdir/testfile1.txt" "c:\clienttestdir\testfile1.txt"` + +### Example 2: Create BITS transfer jobs that download multiple files +``` +PS C:\> Import-CSV filelist.txt | Start-BitsTransfer +``` + +This command creates BITS transfer jobs that download multiple files from a server. + +The command imports the source and destination file locations and then pipes the locations to the **Start-BitsTransfer** command. +The **Start-BitsTransfer** command creates a new BITS transfer job for each of the files in `filelist.txt` and then transfers them concurrently to the client. + +The contents of the filelist.txt file resemble the following information: + +Source, Destination +http://server01/servertestdir/testfile1.txt, c:\clienttestdir\testfile1.txt +http://server01/servertestdir/testfile2.txt, c:\clienttestdir\testfile2.txt +http://server01/servertestdir/testfile3.txt, c:\clienttestdir\testfile3.txt +http://server01/servertestdir/testfile4.txt, c:\clienttestdir\testfile4.txt + +**Note:** First line of the file must include Source, Destination header as in the example. + +### Example 3: Create a BITS transfer job that uploads a file +``` +PS C:\> Start-BitsTransfer -Source "c:\clienttestdir\testfile1.txt" -Destination "http://server01/servertestdir/testfile1.txt" -TransferType Upload +``` + +This command creates a BITS transfer job that uploads a file to a server. +The local and remote names of the file are specified in the **Source** and **Destination** parameters. +Because the default transfer type is Download, the *TransferType* parameter must be set to **Upload**. +The `C:\clienttestdir\testfile1.txt` file on the client is transferred to `http://Server01/servertestdir/testfile1.txt`. +The command prompt returns when the file transfer is complete or enters an error state. + +The **Start-BitsTransfer** cmdlet downloads multiple files from a server to a client computer, but it does not typically upload multiple files from a client computer to a server. +It is possible to work around this limitation by using the **Import-Csv** cmdlet to pipe the output to the **Start-BitsTransfer** cmdlet. +If you need to upload more than one file, you can also use a .cab or .zip file. + +Because the **Start-BitsTransfer** cmdlet assumes that the first parameter is the source and that the second parameter is the destination when no value is specified, this command could be simplified as follows: + +`Start-BitsTransfer "c:\clienttestdir\testfile1.txt" "http://server01/servertestdir/testfile1.txt" -TransferType Upload` + +### Example 4: Create a BITS transfer job that downloads multiple files +``` +PS C:\> Start-BitsTransfer -Source "http://server01/servertestdir/testfile1.txt", "http://server01/servertestdir/testfile2.txt" -Destination "c:\clienttestdir\testfile1.txt", "c:\clienttestdir\testfile2.txt" +``` + +This command creates a BITS transfer job that downloads multiple files from a server. + +The local and remote names of the files are specified in the *Source* and *Destination* parameters. +Because the default of the *TransferType* parameter is Download, the `http://Server01/servertestdir/testfile1.txt` and `http://Server01/servertestdir/testfile2.txt` files are transferred to `C:\clienttestdir\testfile1.txt` and `C:\clienttestdir\testfile2.txt` on the client computer. +The command prompt returns when the file transfer is complete or enters an error state. + +### Example 5: Create a BITS transfer job that downloads a file using a specific set of credentials +``` +PS C:\> $Cred = Get-Credential +PS C:\> Start-BitsTransfer -DisplayName MyJob -Credential $Cred -Source "http://server01/servertestdir/testfile1.txt" -Destination "c:\clienttestdir\testfile1.txt" +``` + +This example creates a BITS transfer job that downloads a file from a server by using a specific set of credentials. + +The first command retrieves a set of credentials from the user by calling the **Get-Credential** cmdlet. +The returned **PSCredential** object is stored in the $Cred variable. + +The second command uses the *Credential* parameter to pass the **PSCredential** object that is stored in the $Cred variable to the **Start-BitsTransfer** cmdlet. +A new BITS transfer job is created that downloads the `http://server01/servertestdir/testfile1.txt` file to the client. +The specified credentials are used to authenticate the user at the server. +Additionally, the optional *DisplayName* parameter is used to give the BITS transfer job a unique name. + +### Example 6: Create BITS transfer jobs that download multiple files +``` +PS C:\> Import-CSV filelist.txt | Start-BitsTransfer -Asynchronous -Priority Normal +``` + +This command creates BITS transfer jobs that download multiple files from a server. +The files are downloaded sequentially, but they are available immediately when the transfer job is complete. + +The command imports the source and destination file locations and then pipes them to the **Start-BitsTransfer** command. +The **Start-BitsTransfer** command creates a new BITS transfer job for each of the files in filelist.txt and then transfers them sequentially to the client. + +The contents of the filelist.txt file resemble the following information: + +Source, Destination +http://server01/servertestdir/testfile1.txt, c:\clienttestdir\testfile1.txt +http://server01/servertestdir/testfile2.txt, c:\clienttestdir\testfile2.txt +http://server01/servertestdir/testfile3.txt, c:\clienttestdir\testfile3.txt +http://server01/servertestdir/testfile4.txt, c:\clienttestdir\testfile4.txt + +**Note:** First line of the file must include Source, Destination header as in the example. + +### Example 7: Create a BITS transfer job that downloads multiple files +``` +PS C:\> Start-BitsTransfer -Source C:\clientsourcedir\*.txt -Destination c:\clientdir\ -TransferType Download +``` + +In the preceding example, the **Start-BitsTransfer** command creates a new BITS transfer job. All of the files are added to this job and transferred sequentially to the client. + +> [!NOTE] +> The destination path cannot use wildcard characters. The destination path supports relative directories, root paths, or implicit directories (that is, the current directory). Destination files cannot be renamed by using a wildcard character. Additionally, HTTP and HTTPS URLs do not work with wildcards. Wildcards are only valid for UNC paths and local directories. + +### Example 8: Create BITS transfer jobs that upload multiple files +``` +PS C:\> Import-CSV filelist.txt | Start-BitsTransfer -TransferType Upload +``` + +This command creates BITS transfer jobs that upload multiple files to a server. + +The command imports the source and destination file locations and then pipes them to the **Start-BitsTransfer** command. +The **Start-BitsTransfer** command creates a new BITS transfer job for each of the files in filelist.txt and then transfers them concurrently to the server. + +The contents of the filelist.txt file resemble the following information: + +Source, Destination +c:\clienttestdir\testfile1.txt, http://server01/servertestdir/testfile1.txt +c:\clienttestdir\testfile2.txt, http://server01/servertestdir/testfile2.txt +c:\clienttestdir\testfile3.txt, http://server01/servertestdir/testfile3.txt +c:\clienttestdir\testfile4.txt, http://server01/servertestdir/testfile4.txt + +**Note:** First line of the file must include Source, Destination header as in the example. + + +### Example 9: Download a file from a server on a network to a client on a different network that are connected by a proxy server +``` +PS C:\> Start-BitsTransfer -Source .\Patch0416.msu -Destination $env:temp\Patch0416.msu -ProxyUsage Override -ProxyList BitsProxy:8080 -ProxyCredential Server01\Admin01 +``` + +This command uses the **Start-BitsTransfer** cmdlet to copy a patch file from a server on one network to a client on a different network when the networks are connected only by a proxy server. + +This scenario arises when an Internet-connected server downloads files and then distributes them to computers on disconnected or isolated networks that have no Internet access. + +BITS can detect proxy server settings automatically. +However, if the proxy servers are not configured for automatic detection, you can override the automatic detection mechanism and identify the proxy server explicitly, as shown in this example. + +The command uses the *Source* parameter to specify the location of the patch on the server computer and the *Destination* parameter to specify the intended location of patch on the client computer. +It uses the *ProxyUsage* parameter with a value of **Override** to override the automatic proxy server detection mechanism. +To identify the proxy server, it uses the *ProxyList* parameter. +The value of the *ProxyList* parameter is a URI with a `` format. +Finally, it uses the *ProxyCredential* parameter to specify the credentials of an administrator who has permission to connect to the proxy server. + +## PARAMETERS + +### -ACLFlags +Specifies the owner and access control list (ACL) information to maintain for the transfer job. +Specify one or more of the following values: + +- o: Copy owner information with file. +- g: Copy group information with file. +- d: Copy discretionary access control list (DACL) information with file. +- s: Copy system access control list (SACL) information with file. + +```yaml +Type: ACLFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Asynchronous +Indicates that the cmdlet creates and processes BITS transfer job in the background. +The command prompt reappears immediately after the BITS transfer job is created. +The returned **BitsJob** object can be used to monitor status and progress. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Authentication +Specifies the authentication mechanism to be used at the server. +The acceptable values for this parameter are: + +- **Basic**: Basic is a scheme in which the user name and password are sent in clear text to the server or proxy. + +- **Digest**: Digest is a challenge-response scheme that uses a server-specified data string for the challenge. + +- **Ntlm**: NT LAN Manager (NTLM) is a challenge-response scheme that uses the credentials of the user for authentication in a Windows-based network environment. + +- **Negotiate** (the default): Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine which scheme to use for authentication. For example, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used. + +- **Passport**: Passport is a centralized authentication service provided by Microsoft that offers a single logon for member sites. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Basic, Digest, Ntlm, Negotiate, Passport + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertHash +Specifies a SHA1 hash that identifies the certificate. + +```yaml +Type: Byte[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertStoreLocation +Specifies the certificate store location to use for to look up the certificate. Valid values are: + +- CURRENT_USER +- LOCAL_MACHINE +- CURRENT_SERVICE +- SERVICES +- USERS +- CURRENT_USER_GROUP_POLICY +- LOCAL_MACHINE_GROUP_POLICY +- LOCAL_MACHINE_ENTERPRISE + +```yaml +Type: CertStoreLocationValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CertStoreName +Specifies the name of the certificate store. Valid values are: + +- CA: Certification Authority certificates +- MY: Personal certificates +- ROOT: Root certificates +- SPC: Software Publisher Certificate + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies the credentials to use to authenticate the user to the server that is specified in the value of the *Source* parameter. +The default is the current user. + +Type a user name, such as "User01", "Domain01\User01", or "User@Contoso.com". +Or, use the **Get-Credential** cmdlet to create the value for this parameter. +When you type a user name, you are prompted for a password. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomHeaders +Specifies one or more custom HTTP headers to include in the request to the server. Specify an array of strings. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomHeadersWriteOnly +Indicates that the HTTP custom headers for this job are write-only. + +Use this parameter when your custom headers include security information. +Other programs on the same computer can’t read the header. +The BITS process can read the headers and send them over the HTTP connection. + +You cannot change this value for a job after you set headers to write-only. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Description +Describes the BITS transfer job. +The description is limited to 1,024 characters. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Destination +Specifies an array that contains the destination location and the names of the files that you want to transfer. +The destination names are paired with the corresponding source file names. +For example, the first file name specified in the *Source* parameter corresponds to the first file name in the *Destination* parameter, and the second file name in the *Source* parameter corresponds to the second file name in the *Destination* parameter. +The *Source* and *Destination* parameters must have the same number of elements; otherwise, the command produces an error. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DisplayName +Specifies a display name for the BITS transfer job. +The display name provides a user-friendly way to differentiate BITS transfer jobs. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Dynamic +Indicates that the transfer uses the dynamic setting. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HttpMethod +Specifies a method for the transfer other than the default method GET. +If you specify GET, the parameter has no effect. + +If you specify a method, the job takes foreground priority, which can't be changed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MaxDownloadTime +Specifies the maximum time, in seconds, for transferring the files in a job. +The default is 7,776,000 seconds or 90 days. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotifyCmdLine +Specifies a program to run after the job finishes or encounters an error. +The program runs in the context of the user who runs this cmdlet. + +Specify the program name and any parameters as an array of strings. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotifyFlags +Specifies the type of event notification you want to receive, such as job transferred events. +Valid values are: + +- 1: Generates an event when all files in the job have been transferred. +- 2: Generates an event when an error occurs. +- 4: Disables notifications. + +The default value is 1|2. + +```yaml +Type: NotifyFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Priority +Sets the priority of the BITS transfer job, which affects bandwidth usage. +The acceptable values for this parameter are: + +- **Foreground** (default): Transfers the job in the foreground. Foreground transfers compete for network bandwidth with other applications, which can impede the user's overall network experience. However, if the **Start-BitsTransfer** cmdlet is being used interactively, this is likely the best option. This is the highest priority level. + +- **High**: Transfers the job in the background with a high priority. Background transfers use the idle network bandwidth of the client computer to transfer files. + +- **Normal**: Transfers the job in the background with a normal priority. Background transfers use the idle network bandwidth of the client computer to transfer files. + +- **Low**: Transfers the job in the background with a low priority. Background transfers use the idle network bandwidth of the client to transfer files. This is the lowest background priority level. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Foreground, High, Normal, Low + +Required: False +Position: Named +Default value: Foreground +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyAuthentication +Specifies the authentication mechanism to use at the Web proxy. +The acceptable values for this parameter are: + +- **Basic**: Basic is a scheme in which the user name and password are sent in clear-text to the server or proxy. + +- **Digest**: Digest is a challenge-response scheme that uses a server-specified data string for the challenge. + +- **Ntlm**: NTLM is a challenge-response scheme that uses the credentials of the user for authentication in a Windows-based network environment. + +- **Negotiate** (the default): Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine which scheme to use for authentication. For instance, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used. + +- **Passport**: Passport is a centralized authentication service provided by Microsoft that offers a single logon for member sites. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Basic, Digest, Ntlm, Negotiate, Passport + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyBypass +Specifies a list of host names to use for a direct connection. +The hosts in the list are tried in order until a successful connection is achieved. +If you specify this parameter the cmdlet bypasses the proxy. +If this parameter is used, the *ProxyUsage* parameter must be set to **Override**; otherwise, an error occurs. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyCredential +Specifies the credentials to use to authenticate the user at the proxy. +You can use the **Get-Credential** cmdlet to create a value for this parameter. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyList +Specifies a list of proxies to use. +The proxies in the list are tried in order until a successful connection is achieved. +If this parameter is specified and *ProxyUsage* is set to a value other than **Override**, the cmdlet generates an error. + +```yaml +Type: Uri[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProxyUsage +Specifies the proxy usage settings. +The acceptable values for this parameter are: + +- **SystemDefault** (the default): Use the system default proxy settings. + +- **NoProxy**: Do not use a proxy to transfer files. Use this option when you transfer files within a local area network (LAN). + +- **AutoDetect**: Automatically detect proxy settings. BITS detects proxy settings for each file in the job. + +- **Override**: Specify the proxies or servers to use. If the *ProxyList* parameter is also specified, the proxies in that list are used. If the *ProxyBypass* parameter is also specified, the servers in that list are used. In both cases, the first member of the list is used. If the first member is unreachable, the subsequent members are tried until a member is contacted successfully. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: SystemDefault, NoProxy, AutoDetect, Override + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetryInterval +Specifies the minimum length of time, in seconds, that BITS waits before an attempt to transfer the file after BITS encounters a transient error. +The minimum allowed value is 60 seconds. +If this value exceeds the RetryTimeout value from the **BitsJob** object, BITS does not retry the transfer. +Instead, BITS sets the state of the BITS transfer job to the Error state. + +The default is 600 seconds (10 minutes). + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RetryTimeout +Specifies the length of time, in seconds, that BITS attempts to transfer the file after the first transient error occurs. +Setting the retry period to 0 prevents retries and forces the job into the `BG_JOB_STATE_ERROR` state when an error occurs. +If the retry period value exceeds the JobInactivityTimeout Group Policy setting (90-day default), BITS cancels the job after the JobInactivityTimeout Group Policy setting is exceeded. + +The default is 1,209,600 seconds (14 days). + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SecurityFlags +Specifies security flags for the HTTP request. + +The flags you can set, from the least significant bit, are the following bits: + +- 1: Enable CRL Check. +- 2: Ignore incorrect common names in the server certificate. +- 3: Ignore incorrect dates in the server certificate. +- 4: Ignore incorrect certification authorities in the server certificate. +- 5: Ignore incorrect usage of the server certificate. +- 12: Allow redirection from HTTPS to HTTP. + +Use bits 9 through 11 to implement your redirection policy: + +- 0,0,0: Redirects are automatically allowed. +- 0,0,1: Remote name is updated if a redirect occurs. +-0,1,0: BITS fails the job if a redirect occurs. + +```yaml +Type: SecurityFlagValue +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Source +Specifies the source location and the names of the files that you want to transfer. +The source file names are paired with the corresponding destination file names. +For example, the first file name specified in the *Source* parameter corresponds to the first file name in the *Destination* parameter, and the second file name in the *Source* parameter corresponds to the second file name in the *Destination* parameter. +The *Source* and *Destination* parameters must have the same number of elements; otherwise, the command produces an error. +You can use standard wildcard characters such as the asterisk (*) and the question mark (?). +Or, you can use a range operator such as "\[a-r\]". + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Suspended +Indicates that the cmdlet suspends the BITS transfer job. +If the *Suspended* parameter is not specified, the job automatically begins the transfer job. +If the *Suspended* parameter is specified, the command prompt returns immediately after the BITS transfer job is created. +You can use the **Resume-BitsTransfer** cmdlet to start the transfer job. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TransferPolicy +Specifies the network cost states in which the transfer is allowed to be scheduled. +The current cost state of the network is a bitmask that indicates the kinds of charges that would be incurred if a transfer was scheduled at this time. +This cost state represents a bitmask; if the bit corresponding to the current network cost state is set, the transfer can be scheduled. +If the bit corresponding to the current network cost state is not set, the transfer is ignored for scheduling purposes. +You can submit any of the named values listed here, or add them together to provide a custom value. + +The acceptable values for this parameter are: + +- **Unrestricted** (or unknown) : 0x00000001 : the cost state for this network is not known. + +- **Capped** : 0x00000002 : the cost state for this network is a capped plan, or a plan that has a data usage limit. + +- **BelowCap** : 0x00000004 : the cost state for this network is below the data plan cap. + +- **NearCap** : 0x00000008 : the cost state for this network is near the data plan cap. + +- **OverCapCharged** : 0x00000010 : the cost state for this network is above the data plan cap, and such usage is charged. + +- **OverCapThrottled** : 0x00000020 : the cost state for this network is above the data plan cap, and such usage is throttled. + +- **UsageBased** : 0x00000040 : the cost state for this network is charged based on usage. + +- **Roaming** : 0x00000080 : the cost state for this network incurs roaming charges. +The cost state also includes one option (IgnoreCongestion) and a set of standard policies (Uncosted, Standard, NoSurcharge, NotRoaming, and Always) which are combinations of the discrete bit values. + +- **IgnoreCongestion** : 0x80000000 : the job can be scheduled even if the network provider reports that the network is congested. + +- **PolicyUnrestricted** : 0x80000021 : the set of cost states that do not consume the quota of a capped plan, or incur extra charges. + +- **Standard** : 0x80000067 : a set of cost states suitable for moderate-priority transfers. + +- **NoSurcharge** : 0x8000006f : the set of cost states that incur no surcharge for use. + +- **NotRoaming** : 0x8000007f : the set of cost states that exclude the roaming state. + +- **Always** : 0x800000ff : the set of all cost states. + +The cost state also includes one option (IgnoreCongestion) and a set of standard policies (Always, NotRoaming, NoSurcharge, Standard, and Uncosted) which are combinations of the discrete bit values. + +```yaml +Type: CostStates +Parameter Sets: (All) +Aliases: +Accepted values: None, Unrestricted, Capped, BelowCap, NearCap, OverCapCharged, OverCapThrottled, UsageBased, Roaming, IgnoreCongestion, PolicyUnrestricted, Standard, NoSurcharge, NotRoaming, Always + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TransferType +Specifies the BITS transfer job type. +The acceptable values for this parameter are: + +- **Download** (the default): Specifies that the transfer job downloads files to the client computer. + +- **Upload**: Specifies that the transfer job uploads a file to the server. + +- **UploadReply**: Specifies that the transfer job uploads a file to the server and receives a reply file from the server. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Download, Upload, UploadReply + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UseStoredCredential +Specifies that credentials stored in the Windows Credential Manager should be used for authentication when required for the specified target server type. +If this parameter is not specified and a server requires authentication, then explicit credentials must be included by using the *Credential* or *ProxyCredential* parameters. +This parameter is a flag parameter whose values can be added together to create the desired behavior. + +The acceptable values for this parameter are: + +- **None**: Use only credentials provided by the *Credential* or *ProxyCredential* parameters. +This is the default behavior if the parameter is not specified. + +- **Proxy**: Credentials stored in the Windows Credential Manager are used for authentication for any proxy server that requires authentication. +If no credentials in the Windows Credential Manager match the proxy server needing authentication, then you must specify credentials by using the *ProxyCredential* parameter. + +- **Server**: This value is not supported and generates an error if specified. + +```yaml +Type: AuthenticationTargetValue +Parameter Sets: (All) +Aliases: +Accepted values: None, Server, Proxy + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +This cmdlet does not accept an input. + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob +When called with the *Asynchronous* parameter, this cmdlet passes the **BitsJob** object that is associated with the new BITS transfer job as output. +Otherwise, no output is generated. + +## NOTES +* You can cancel a transfer job that is running in synchronous mode by pressing CTRL+C. + + If the BITS service is stopped during a synchronous file transfer job, then file transfer job will fail with an error and the file transfer job will not get removed from the BitsTransfer queue. +You can view the file transfer job that remains in the BitsTransfer queue through the **Get-BitsTransfer** cmdlet. +The file transfer job that remains in the BitsTransfer queue can be removed using the **Remove-BitsTransfer** cmdlet. +Once the BITS service is restarted, the file transfer job will recover and resume the file transfer job, unless the file transfer job has been removed in the interim. + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Suspend-BitsTransfer](./Suspend-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/bitstransfer/Suspend-BitsTransfer.md b/docset/winserver2025-ps/bitstransfer/Suspend-BitsTransfer.md new file mode 100644 index 0000000000..71bd1e983e --- /dev/null +++ b/docset/winserver2025-ps/bitstransfer/Suspend-BitsTransfer.md @@ -0,0 +1,130 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml +Module Name: BitsTransfer +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/bitstransfer/suspend-bitstransfer?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Suspend-BitsTransfer +--- + +# Suspend-BitsTransfer + +## SYNOPSIS +Suspends a BITS transfer job. + +## SYNTAX + +``` +Suspend-BitsTransfer [-BitsJob] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Suspend-BitsTransfer** cmdlet suspends, or pauses, one or more Background Intelligent Transfer Service (BITS) transfer jobs. +If the transfer is already suspended, the cmdlet does nothing. +You can restart the BITS transfer job by using the **Resume-BitsTransfer** cmdlet. + +## EXAMPLES + +### Example 1: Suspend all BITS transfer jobs owned by the current user +``` +PS C:\> Get-BitsTransfer | Suspend-BitsTransfer +``` + +This command suspends all the BITS transfer jobs that are owned by the current user. + +The output of **Get-BitsTransfer** is a set of **BitsJob** objects. +This output is piped to the **Suspend-BitsTransfer** cmdlet. + +### Example 2: Suspend all BITS transfer jobs on the computer +``` +PS C:\> $Bits = Get-BitsTransfer -AllUsers +PS C:\> Suspend-BitsTransfer -BitsJob $Bits +``` + +This command suspends all the BITS transfer jobs on the computer. + +The first command gets all the **BitsJob** objects on the computer and then stores them in the $Bits variable. + +The second command uses the *BitsJob* parameter to pass the **BitsJob** objects that are stored in the $Bits variable to the **Suspend-BitsTransfer** cmdlet. + +## PARAMETERS + +### -BitsJob +Specifies the BITS transfer jobs to suspend. +You can pipe a value to this parameter from other cmdlets that return **BitsJob** objects, such as **Get-BitsTransfer**. + +```yaml +Type: BitsJob[] +Parameter Sets: (All) +Aliases: b + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet accepts one or more **BitsJob** objects as input that populates the *BitsJob* parameter. + +## OUTPUTS + +### Microsoft.BackgroundIntelligentTransfer.Management.BitsJob[] +This cmdlet generates the **BitsJob** objects that are associated with the BITS transfer jobs that were suspended. + +## NOTES + +## RELATED LINKS + +[Add-BitsFile](./Add-BitsFile.md) + +[Complete-BitsTransfer](./Complete-BitsTransfer.md) + +[Get-BitsTransfer](./Get-BitsTransfer.md) + +[Remove-BitsTransfer](./Remove-BitsTransfer.md) + +[Resume-BitsTransfer](./Resume-BitsTransfer.md) + +[Set-BitsTransfer](./Set-BitsTransfer.md) + +[Start-BitsTransfer](./Start-BitsTransfer.md) + diff --git a/docset/winserver2025-ps/booteventcollector/BootEventCollector.md b/docset/winserver2025-ps/booteventcollector/BootEventCollector.md new file mode 100644 index 0000000000..881fb09981 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/BootEventCollector.md @@ -0,0 +1,114 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Download Help Link: https://aka.ms/winsvr-2022-pshelp +Help Version: 5.0.0.2 +Locale: en-US +Module Guid: 7e4c6113-1789-4c2d-abaa-bea1ef5c62e8 +Module Name: BootEventCollector +ms.date: 12/20/2016 +title: BootEventCollector +--- + +# BootEventCollector Module +## Description +The Boot Event Collector module contains cmdlets to help you administer Boot Event Collector tasks in Windows Server 2016 Technical Preview. + +## BootEventCollector Cmdlets +### [Checkpoint-SbecActiveConfig](./Checkpoint-SbecActiveConfig.md) +Creates a configuration checkpoint. + +### [Clear-SbecProviderCache](./Clear-SbecProviderCache.md) +Clears the provider cache. + +### [Disable-SbecAutologger](./Disable-SbecAutologger.md) +Disables the forwarding of events to the Setup and Boot Event Collector in the AutoLogger settings. + +### [Disable-SbecBcd](./Disable-SbecBcd.md) +Disables the event forwarding mode in BCD settings. + +### [Enable-SbecAutologger](./Enable-SbecAutologger.md) +Enables the forwarding of the events to the Setup and Boot Event Collector in the AutoLogger settings. + +### [Enable-SbecBcd](./Enable-SbecBcd.md) +Enables and configures the event forwarding mode in the BCD settings. + +### [Enable-SbecBootImage](./Enable-SbecBootImage.md) +Enables AutoLogger settings in offline WinPE Setup images. + +### [Enable-SbecWdsBcd](./Enable-SbecWdsBcd.md) +Enables the BCD settings in the offline boot images imported into the WDS server. + +### [Get-SbecActiveConfig](./Get-SbecActiveConfig.md) +Gets the current active configuration from the running Setup and Boot Event Collector. + +### [Get-SbecBackupConfig](./Get-SbecBackupConfig.md) +Get the backup configuration files that are available to restore. + +### [Get-SbecDestination](./Get-SbecDestination.md) +Get destination data files. + +### [Get-SbecForwarding](./Get-SbecForwarding.md) +Gets the current connections and how data is forwarded. + +### [Get-SbecHistory](./Get-SbecHistory.md) +Gets the recent history of changes in connection status. + +### [Get-SbecLocalizedMessage](./Get-SbecLocalizedMessage.md) +Gets a localized message string. + +### [Get-SbecLogSession](./Get-SbecLogSession.md) +Gets the running log sessions. + +### [Get-SbecTraceProviders](./Get-SbecTraceProviders.md) +Gets the ETW trace providers. + +### [New-SbecUnattendFragment](./New-SbecUnattendFragment.md) +Creates a fragment for Unattend.xml with post-install commands. + +### [Redo-SbecActiveConfig](./Redo-SbecActiveConfig.md) +Redoes a change to the current active configuration. + +### [Restore-SbecBackupConfig](./Restore-SbecBackupConfig.md) +Restores a configuration from a backup file. + +### [Save-SbecInstance](./Save-SbecInstance.md) +Writes in-memory buffers to disk. + +### [Save-SbecLogSession](./Save-SbecLogSession.md) +Flushes the buffers in a log session to disk. + +### [Set-SbecActiveConfig](./Set-SbecActiveConfig.md) +Sets the new active configuration for the running Setup and Boot Event Collector. + +### [Set-SbecLogSession](./Set-SbecLogSession.md) +Updates the settings for a log session. + +### [Start-SbecInstance](./Start-SbecInstance.md) +Starts the Setup and Boot Event Collector service. + +### [Start-SbecLogSession](./Start-SbecLogSession.md) +Starts an ETW log session. + +### [Start-SbecNtKernelLogSession](./Start-SbecNtKernelLogSession.md) +Starts an NT Kernel Logger log session with forwarding of events to the Collector. + +### [Start-SbecSimpleLogSession](./Start-SbecSimpleLogSession.md) +Starts a log session with the forwarding of events to the Collector. + +### [Stop-SbecInstance](./Stop-SbecInstance.md) +Stops the Setup and Boot Event Collector. + +### [Stop-SbecLogSession](./Stop-SbecLogSession.md) +Stops a log session. + +### [Test-SbecActiveConfig](./Test-SbecActiveConfig.md) +Tests the active Boot Event Collector configuration. + +### [Test-SbecConfig](./Test-SbecConfig.md) +Validates a configuration. + +### [Undo-SbecActiveConfig](./Undo-SbecActiveConfig.md) +Reverts a change to the active configuration. + + + diff --git a/docset/winserver2025-ps/booteventcollector/Checkpoint-SbecActiveConfig.md b/docset/winserver2025-ps/booteventcollector/Checkpoint-SbecActiveConfig.md new file mode 100644 index 0000000000..6f88c7c513 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Checkpoint-SbecActiveConfig.md @@ -0,0 +1,190 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/checkpoint-sbecactiveconfig?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Checkpoint-SbecActiveConfig +--- + +# Checkpoint-SbecActiveConfig + +## SYNOPSIS +Creates a configuration checkpoint. + +## SYNTAX + +``` +Checkpoint-SbecActiveConfig [[-OldTimestamp] ] [-Continue] [[-ComputerName] ] + [[-CimSession] ] [] +``` + +## DESCRIPTION +The **Checkpoint-SbecActiveConfig** cmdlet creates a checkpoint for the active Boot Event Collector configuration. + +The checkpoint enables you to return to this configuration later using the **Undo-SbecActiveConfig**, **Redo-SbecActiveConfig**, and **Restore-SbecBackupConfig** cmdlets. +The checkpoints mark the known good configurations that you can revert to if a new configuration is incorrect. +For example, if you changed a configuration yesterday, find an issue with it today, and want to revert to yesterday's configuration before you made a change, you can use the checkpointed configuration from yesterday. + +Most checkpoints are created automatically, but on rare occasions you might need to explicitly create them. +Automatic checkpoints are created when the current configuration has not yet been checkpointed and one of the following events occurs: + +- The Collector service is restarted. +- The configuration that was running for more than an hour is replaced with another configuration. +In this case, the old configuration is checkpointed before being replaced. +- A new configuration is set with **Set-SbecActiveConfig**. +This new configuration is immediately checkpointed. + +A checkpoint ensures that the current configuration is remembered, but it doesn't immediately create a backup configuration file. +Instead, the checkpointed current configuration is saved to a backup file when the configuration changes. + +The repeated checkpointing succeeds but has no effect, because it only flags the configuration to create a backup in the future. + +The **Undo-SbecActiveConfig**, **Redo-SbecActiveConfig**, and **Restore-SbecBackupConfig** cmdlets change the current configuration by browsing through the backup configurations, but they don't do an immediate checkpointing. +This lets you browse through the past configurations, try them out, and change your mind if a configuration doesn't work well without causing a flurry of spurious checkpoints and backup files with identical content. +When you are satisfied with a configuration, checkpoint it with **Checkpoint-SbecActiveConfig**. +If you forget to create a checkpoint for a configuration, it is automatically checkpointed after an hour. + +Use **Get-SbecBackupConfig** to get the list of backup configuration files. + +You can use the *OldTimestamp* parameter to modify the configuration atomically. + +You must have the Builtin Administrator rights to run the cmdlet. + +## EXAMPLES + +### Example 1: Undo a configuration and create a checkpoint +``` +PS C:\> Undo-SbecActiveConfig | Format-List; Checkpoint-SbecActiveConfig | Format-List +``` + +This command undoes a configuration and creates a checkpoint, in a simple way. +**Format-List** formats the information that this cmdlet returns. + +### Example 2: Undo a configuration and create a checkpoint atomically +``` +PS C:\> $res = Undo-SbecActiveConfig | Format-List +PS C:\> $res = Checkpoint-SbecActiveConfig -OldTimestamp $res.OriginalTimestamp | Format-LIst +``` + +This command undoes a configuration and creates a checkpoint, making sure that no other changes are done in between, and throwing on errors. + +## PARAMETERS + +### -CimSession +Runs the cmdlet on the remote computers through a remote session. +Enter a session object, such as the output of a **New-CimSession** or **Get-CimSession** cmdlet, or an array of these objects. +The default is to run the cmdlet on the local computer. +For more information, see About_CimSession. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on MSDN. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Continue +Indicates that this operation will not throw an exception if a failure occurs. +Instead, the caller should examine the output of the cmdlet for the error information. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OldTimestamp +Specifies the timestamp of the previous active configuration. +This provides a way to perform the atomic changes of the configuration. + +Each configuration has a timestamp (the time when it was last set or restored) and an original timestamp (if the configuration was restored, the time when it was originally set, otherwise the same as the normal timestamp). +This operation checks that the *OldTimestamp* value matches either the normal or original timestamp of the current active configuration, thus ensuring that the active configuration has not changed since the last time you examined it. +If the values do not match, an error is returned. + +```yaml +Type: UInt64 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### hashtable +This cmdlet returns a hashtable that includes the following elements: + +- `` +- `` +- `` +- `` +- `` + +The Success element is $True on success, $False otherwise. +You can use the *Continue* parameter to not throw an error on failure. + +The `` element contains 0 on success. +If a failure occurs, `` has a code that describes the error: + +- 1 - Bad argument format. +- 2 - Bad argument value. +- 3 - Resource (socket) open error. +- 4 - Persistence (backup configuration file) error. +- 5 - Atomicity error (that is, the old timestamp does not match). + +``, ``, and `` contain detailed error messages. +`` contains information only if an error occurs. + +## NOTES + +## RELATED LINKS + +[Get-SbecBackupConfig](./Get-SbecBackupConfig.md) + +[Redo-SbecActiveConfig](./Redo-SbecActiveConfig.md) + +[Restore-SbecBackupConfig](./Restore-SbecBackupConfig.md) + +[Set-SbecActiveConfig](./Set-SbecActiveConfig.md) + +[Undo-SbecActiveConfig](./Undo-SbecActiveConfig.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Clear-SbecProviderCache.md b/docset/winserver2025-ps/booteventcollector/Clear-SbecProviderCache.md new file mode 100644 index 0000000000..980833c8f8 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Clear-SbecProviderCache.md @@ -0,0 +1,48 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/clear-sbecprovidercache?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Clear-SbecProviderCache +--- + +# Clear-SbecProviderCache + +## SYNOPSIS +Clears the provider cache. + +## SYNTAX + +``` +Clear-SbecProviderCache [] +``` + +## DESCRIPTION +The **Clear-SbecProviderCache** cmdlet clears the provider cache. + +The next time you run the **Get-SbecTraceProviders** cmdlet, the cmdlet re-reads the providers from the operating system and re-populates the cache. + +## EXAMPLES + + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### None. + +## NOTES + +## RELATED LINKS + +[Get-SbecTraceProviders](./Get-SbecTraceProviders.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Disable-SbecAutologger.md b/docset/winserver2025-ps/booteventcollector/Disable-SbecAutologger.md new file mode 100644 index 0000000000..642157e003 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Disable-SbecAutologger.md @@ -0,0 +1,258 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/disable-sbecautologger?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-SbecAutologger +--- + +# Disable-SbecAutologger + +## SYNOPSIS +Disables the forwarding of events to the Setup and Boot Event Collector in the AutoLogger settings. + +## SYNTAX + +### Offline +``` +Disable-SbecAutologger -Path [-Logger ] [-NoDefaultLoggers] [-DismLogPath ] + [] +``` + +### Online +``` +Disable-SbecAutologger -ComputerName [-Credential ] [-Logger ] + [-NoDefaultLoggers] [] +``` + +### OnlineSession +``` +Disable-SbecAutologger -Session [-Logger ] [-NoDefaultLoggers] [] +``` + +### Local +``` +Disable-SbecAutologger [-Local] [-SystemHive ] [-ControlSet ] [-Logger ] + [-NoDefaultLoggers] [] +``` + +## DESCRIPTION +The **Disable-SbecAutologger** cmdlet disables the forwarding of events to the Setup and Boot Event Collector in the AutoLogger settings in the registry. +This has no immediate effect on the currently running log sessions, but takes effect after the operating system reboots and the AutoLogger service restarts the log sessions. + +The changes can be applied to the local computer, to a remote computer, or to an offline disk image. + +To operate on a local computer, specify the *Local* parameter. +Enabling forwarding on the computer that runs the Collector service makes sense only if it sends the data to a Collector on a different computer. +Otherwise, the in-kernel module is not able to connect to the Collector. +However, you can copy the PowerShell BootEventCollector module to the other computers, where you can use it for local configuration. + +To operate on a remote computer, specify either the *ComputerName* or *Session* parameter. +Windows PowerShell remoting is used to perform the remote operations. + +To operate on an offline (WIM or VHD) image, use the *Path* parameter. + +If you used the **Enable-SbecAutologger** cmdlet to convert some log sessions from file-based to real-time mode, this command undoes that conversion. + +If **Enable-SbecAutologger** created the NT Kernel Logger session, that session is **not** deleted by **Disable-SbecAutologger**. +Only the forwarding of events from it to the Collector is disabled. + +If the Debug Print filter was modified by **Enable-SbecAutologger**, the change is **not** undone by **Disable-SbecAutologger**. + +## EXAMPLES + +### Example 1: Disable the AutoLogger +``` +PS C:\> Disable-SbecAutologger -ComputerName Server01 +``` + +This command disables the AutoLogger settings on the computer named Server01. + +## PARAMETERS + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information, see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on TechNet. + +```yaml +Type: String[] +Parameter Sets: Online +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ControlSet +Specifies the control set key for the registry path. +This parameter is valid only when used with the *Local* parameter. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +```yaml +Type: PSCredential +Parameter Sets: Online +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DismLogPath +Specifies the path of the file for the Deployment Image Servicing and Management (DISM) log when mounting images. + +```yaml +Type: String +Parameter Sets: Offline +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Local +Indicates to perform this operation on the local computer. + +This mode enables control over the registry path of where settings are applied. + +```yaml +Type: SwitchParameter +Parameter Sets: Local +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logger +Specifies an array of AutoLogger sessions to disable. +Specify an asterisk (*) to disable the EVENTNET forwarding in all of the sessions defined in the registry. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDefaultLoggers +Indicates this operation does not automatically add the default set of logger sessions (EventLog-System, NT Kernel Logger, and SetupPlatform) to those specified by the *Logger* parameter. + +If the value of Logger is *, this parameter has no effect. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the list of full paths to the offline Windows image files (WIM or VHD) to which to apply the settings. +If a WIM file contains multiple images, all of them are modified. + +```yaml +Type: String[] +Parameter Sets: Offline +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Session +Specifies the **PSSession** objects connected to the remote target computers. +Enter a session object, such as the output of the **Get-PSSession** or **New-PSSession** cmdlet, or an array of these objects. + +```yaml +Type: PSSession[] +Parameter Sets: OnlineSession +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SystemHive +Specifies the full path to the system hive for the registry path. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### None. + +## NOTES + +## RELATED LINKS + +[Disable-SbecBcd](./Disable-SbecBcd.md) + +[Enable-SbecAutologger](./Enable-SbecAutologger.md) + +[Enable-SbecBcd](./Enable-SbecBcd.md) + +[Enable-SbecBootImage](./Enable-SbecBootImage.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Disable-SbecBcd.md b/docset/winserver2025-ps/booteventcollector/Disable-SbecBcd.md new file mode 100644 index 0000000000..f1f5b96fc7 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Disable-SbecBcd.md @@ -0,0 +1,220 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/disable-sbecbcd?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Disable-SbecBcd +--- + +# Disable-SbecBcd + +## SYNOPSIS +Disables the event forwarding mode in BCD settings. + +## SYNTAX + +### Offline +``` +Disable-SbecBcd -Path [-Id ] [-DismLogPath ] [] +``` + +### Online +``` +Disable-SbecBcd -ComputerName [-Credential ] [-Id ] [] +``` + +### OnlineSession +``` +Disable-SbecBcd -Session [-Id ] [] +``` + +### Local +``` +Disable-SbecBcd [-Local] [-BcdStore ] [-Id ] [] +``` + +## DESCRIPTION +The **Disable-SbecBcd** cmdlet disables the Boot Configuration Data (BCD) */event* flag. +This operation has no effect on the current connections; you must reboot the computer for the settings to take effect. + +You can apply these changes to the local computer, to a remote computer, or to an offline disk image. + +To operate on a local computer, specify the *Local* parameter. +Enabling forwarding on the computer that runs the Collector service makes sense only if it sends the data to a Collector on a different computer. +Otherwise, the in-kernel module is not able to connect to the Collector. +However, you can copy the PowerShell BootEventCollector module to the other computers, where you can use it for local configuration. + +To operate on a remote computer, specify either the *ComputerName* or *Session* parameter. +Windows PowerShell remoting is used to perform the remote operations. + +To operate on an offline (WIM or VHD) image, use the *Path* parameter. +WIM images do not normally contain the BCD files, and there is rarely a need to replace them there. +Instead, Windows Setup creates the BCD settings when it extracts the image from WIM to the hard drive. + +## EXAMPLES + +### Example 1: Disable BCD +``` +PS C:\> Disable-SbecBcd -Session $MyPSSession +``` + +This command disables the BCD settings on a remote session. + +## PARAMETERS + +### -BcdStore +Specifies the full path of the BCD store. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information, see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on TechNet. + +```yaml +Type: String[] +Parameter Sets: Online +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +```yaml +Type: PSCredential +Parameter Sets: Online +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DismLogPath +Specifies the path of the file for the Deployment Image Servicing and Management (DISM) log when mounting images. + +```yaml +Type: String +Parameter Sets: Offline +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Id +Specifies the ID of the entry to disable, without the curly braces. + +The BCD settings may contain entries for multiple boot images (when a computer has multiple operating system versions installed). +When the settings for an operating system other than the currently running one (or the default operating system in an offline image) must be modified, you can use this parameter to select the entry. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Local +Indicates that this operation occurs on the local computer. +This mode also allows the extra control over the BCD store of where the settings are applied. + +```yaml +Type: SwitchParameter +Parameter Sets: Local +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the list of full paths to the offline Windows image files (WIM or VHD) to which to apply the settings. +If a WIM file contains multiple images, all of them are modified. + +```yaml +Type: String[] +Parameter Sets: Offline +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Session +Specifies the **PSSession** objects connected to the remote target computers. +Enter a session object, such as the output of the **Get-PSSession** or **New-PSSession** cmdlet, or an array of these objects. + +```yaml +Type: PSSession[] +Parameter Sets: OnlineSession +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### None. + +## NOTES + +## RELATED LINKS + +[Disable-SbecAutologger](./Disable-SbecAutologger.md) + +[Enable-SbecAutologger](./Enable-SbecAutologger.md) + +[Enable-SbecBcd](./Enable-SbecBcd.md) + +[Enable-SbecBootImage](./Enable-SbecBootImage.md) + +[Enable-SbecWdsBcd](./Enable-SbecWdsBcd.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Enable-SbecAutologger.md b/docset/winserver2025-ps/booteventcollector/Enable-SbecAutologger.md new file mode 100644 index 0000000000..660dfae231 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Enable-SbecAutologger.md @@ -0,0 +1,310 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/enable-sbecautologger?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-SbecAutologger +--- + +# Enable-SbecAutologger + +## SYNOPSIS +Enables the forwarding of the events to the Setup and Boot Event Collector in the AutoLogger settings. + +## SYNTAX + +### Offline +``` +Enable-SbecAutologger -Path [-Logger ] [-PermLogger ] [-NoDefaultLoggers] + [-ForceLogger] [-DismLogPath ] [] +``` + +### Online +``` +Enable-SbecAutologger -ComputerName [-Credential ] [-Logger ] + [-PermLogger ] [-NoDefaultLoggers] [-ForceLogger] [] +``` + +### OnlineSession +``` +Enable-SbecAutologger -Session [-Logger ] [-PermLogger ] [-NoDefaultLoggers] + [-ForceLogger] [] +``` + +### Local +``` +Enable-SbecAutologger [-Local] [-SystemHive ] [-ControlSet ] [-Logger ] + [-PermLogger ] [-NoDefaultLoggers] [-ForceLogger] [] +``` + +## DESCRIPTION +The **Enable-SbecAutologger** cmdlet enables the forwarding of the events to the Setup and Boot Event Collector in the AutoLogger settings in the registry. +This operation has no immediate effect on the currently running log sessions; it takes effect after the operating system reboots and the AutoLogger service restarts the log sessions. + +The changes can be applied to the local computer, to a remote computer, or to an offline disk image. + +To operate on a local computer, specify the *Local* parameter. +Enabling forwarding on the computer that runs the Collector service makes sense only if it sends the data to a Collector on a different computer. +Otherwise, the in-kernel module is not able to connect to the Collector. +However, you can copy the PowerShell BootEventCollector module to the other computers, where you can use it for local configuration. + +To operate on a remote computer, specify either the *ComputerName* or *Session* parameter. +Windows PowerShell remoting is used to perform the remote operations. + +To operate on an offline (WIM or VHD) image, use the *Path* parameter. + +This operation configures the event log session NT Kernel Logger (creating it if it does not exist) and, if present, EventLog-System and SetupPlatform to send events to the Boot Event Collector. +You can configure other log sessions by specifying the *Logger* or *PermLogger* parameter. + +By default for the sessions NT Kernel Logger and EventLog-System, or when using the *Logger* parameter, the event log sessions are configured in such a manner that the event forwarding from them to the Collector becomes automatically disabled once the computer completes the boot sequence and the logging subsystem on it becomes fully functional. +To let a session forward the events all the time, as is done by default for the session SetupPlatform, use the *PermLogger* parameter. + +You can enable forwarding only for the sessions in the real-time mode (as opposed to writing to a file), so by default the file-based sessions are left unchanged. +You can use the *ForceLogger* parameter to change such sessions to the real-time mode and enable forwarding. + +This command also configures the Debug Print filter registry settings to pass, at minimum, Bugcheck messages for a system crash. + +You must enable **both** AutoLogger and BCD settings to forward events to the Boot Event Collector. + +## EXAMPLES + +### Example 1: Enable AutoLogger on a computer +``` +PS C:\> Enable-SbecAutologger -ComputerName "Server01" +``` + +This command enables AutoLogger settings on the computer named Server01. + +### Example 2: Enable AutoLogger for network setup images +``` +PS C:\> Enable-SbecAutologger -Path "boot.wim","install.wim" -ForceLogger +``` + +This command configures the AutoLogger settings in the two images used for network-based setup, and forces the switch of the SetupPlatform session from the file destination to the event collector destination. + +### Example 3: Enable AutoLogger in a VHD image +``` +PS C:\> Enable-SbecAutologger -Path "NanoServer.vhd" -Logger "Microsoft-Windows-Setup" -ForceLogger +``` + +This command configures the AutoLogger in a VHD image, and switches the log session of the post-install setup (as used in Windows Nano Server) to the Boot Event Collector destination. + +## PARAMETERS + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information, see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on TechNet. + +```yaml +Type: String[] +Parameter Sets: Online +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ControlSet +Specifies the control set key for the registry path. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +```yaml +Type: PSCredential +Parameter Sets: Online +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DismLogPath +Specifies the path of the file for the Deployment Image Servicing and Management (DISM) log when mounting images. + +```yaml +Type: String +Parameter Sets: Offline +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ForceLogger +Forces the file-based AutoLogger sessions to real-time mode before enabling event forwading for them. +Without this switch, they remain unchanged. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Local +Indicates to perform this operation on the local computer. +This mode enables control over the registry path of where settings are applied. + +```yaml +Type: SwitchParameter +Parameter Sets: Local +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logger +Specifies the AutoLogger sessions for which to enable forwarding. +The forwarding for these sessions is automatically disabled after the operating system starts. +Specifying a session explicitly in *Logger* or *PermLogger* overrides its defaults. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDefaultLoggers +Indicates that this operation does not automatically add the default set of logger sessions. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies an array of full paths to the offline Windows image (WIM or VHD) files to which to apply the settings. +If a WIM file contains multiple images, all of them are modified. + +```yaml +Type: String[] +Parameter Sets: Offline +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PermLogger +Specifies the AutoLogger sessions for which to enable forwarding. +The forwarding on these sessions remains enabled after the operating system starts. + +Specifying a session explicitly in *Logger* or *PermLogger* overrides the defaults for it. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Session +Specifies the **PSSession** objects connected to the remote target computers. +Enter a session object, such as the output of **Get-PSSession** or **New-PSSession**, or an array of these objects. + +```yaml +Type: PSSession[] +Parameter Sets: OnlineSession +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SystemHive +Specifies the full path to the system hive for the registry. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### None + +## NOTES + +## RELATED LINKS + +[Disable-SbecAutologger](./Disable-SbecAutologger.md) + +[Disable-SbecBcd](./Disable-SbecBcd.md) + +[Enable-SbecBcd](./Enable-SbecBcd.md) + +[Enable-SbecBootImage](./Enable-SbecBootImage.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Enable-SbecBcd.md b/docset/winserver2025-ps/booteventcollector/Enable-SbecBcd.md new file mode 100644 index 0000000000..cec5edfd69 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Enable-SbecBcd.md @@ -0,0 +1,311 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/enable-sbecbcd?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-SbecBcd +--- + +# Enable-SbecBcd + +## SYNOPSIS +Enables and configures the event forwarding mode in the BCD settings. + +## SYNTAX + +### Offline +``` +Enable-SbecBcd -Path -CollectorIp -CollectorPort -Key [-Id ] + [-BusParameters ] [-DismLogPath ] [] +``` + +### Online +``` +Enable-SbecBcd -ComputerName [-Credential ] -CollectorIp + -CollectorPort -Key [-Id ] [-BusParameters ] [] +``` + +### OnlineSession +``` +Enable-SbecBcd -Session -CollectorIp -CollectorPort -Key + [-Id ] [-BusParameters ] [] +``` + +### Local +``` +Enable-SbecBcd [-Local] [-BcdStore ] [-CreateEventSettings] -CollectorIp + -CollectorPort -Key [-Id ] [-BusParameters ] [] +``` + +## DESCRIPTION +The **Enable-SbecBcd** cmdlet configures the Setup and Boot Event Collector settings in the BCD. +This enables the */event* flag, and sets the collector host IP address, port, and the encryption key in */eventsettings* in Boot Configuration Data (BCD). + +This operation has no immediate effect on the current connections; it takes effect after the operating system reboots. + +The changes can be applied to the local computer, to a remote computer, or to an offline disk image. + +To operate on a local computer, specify the *Local* parameter. +Enabling forwarding on the computer that runs the Collector service makes sense only if it sends the data to a Collector on a different computer. +Otherwise, the in-kernel module is not able to connect to the Collector. +However, you can copy the PowerShell BootEventCollector module to the other computers, where you can use it for local configuration. + +To operate on a remote computer, specify either the *ComputerName* or *Session* parameter. +Windows PowerShell remoting is used to perform the remote operations. + +To operate on an offline (WIM or VHD) image, use the *Path* parameter. +WIM images do not normally contain the BCD files, there is rarely a requirement to place them there. +Instead, Windows Setup creates the BCD settings when it extracts the image from WIM onto the hard drive. + +You must enable **both** AutoLogger and BCD settings to forward events to the Boot Event Collector. + +## EXAMPLES + +### Example 1: Configure the BCD settings for a remote session +``` +PS C:\> Enable-SbecBcd -Session $MyPSSession -CollectorIp 192.168.1.1 -CollectorPort "50000" -Key "a.b.c.d" +``` + +This command configures the BCD settings for a remote session. + +## PARAMETERS + +### -BcdStore +Specifies the full path of the BCD store. + +```yaml +Type: String +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BusParameters +Specifies the bus parameters to use to select the NIC of the target computer for communication. +This value overrides the default choice of the first supported adapter. + +This value applies to all the computers that use this image; it can be used only if the hardware of these computers is sufficiently homogeneous. + +To find the value of bus parameters for a specific NIC on a machine, open Device Manager, and in Network Adapters select the desired device. +Right-click the device, select Properties, select the Details tab, and then select Location information. +It will display a string of the form PCI bus X, device Y, function Z. +The bus parameter to specify in this example is "X,Y,Z". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: BusParams + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CollectorIp +Specifies the IPv4 address of the host on which the Boot Event Collector is located. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CollectorPort +Specifies the port number (common for the target and collector). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information, see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on TechNet. + +```yaml +Type: String[] +Parameter Sets: Online +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CreateEventSettings +Indicates that this operation explicitly creates the {eventsettings} key, which is required for the BCD files generated by WDS. + +```yaml +Type: SwitchParameter +Parameter Sets: Local +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Credential +Specifies a user account that has permission to perform this action. +The default is the current user. + +```yaml +Type: PSCredential +Parameter Sets: Online +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DismLogPath +Specifies the path of the file for the Deployment Image Servicing and Management (DISM) log when mounting images. + +```yaml +Type: String +Parameter Sets: Offline +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Id +Specifies the ID of the entry to modify, without the curly braces. +The BCD settings may contain entries for multiple boot images (when a computer has multiple operating system versions installed). +When the settings for another operating system than the currently booted one (or the default one in an offline image) must be modified, you can use this parameter to select the entry. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Key +Specifies the encryption key for the communication. +This value must match the key specified in the collector configuration for this target. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Local +Indicates that this operation occurs on the local computer. +This mode also allows the extra control over the BCD store of where the settings are applied. + +```yaml +Type: SwitchParameter +Parameter Sets: Local +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies the list of full paths to the offline Windows image files (WIM or VHD) to which to apply the settings. +If a WIM file contains multiple images, all of them are modified. + +```yaml +Type: String[] +Parameter Sets: Offline +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Session +Specifies the **PSSession** objects connected to the remote target computers. +Enter a session object, such as the output of the **Get-PSSession** or **New-PSSession** cmdlet, or an array of these objects. + +```yaml +Type: PSSession[] +Parameter Sets: OnlineSession +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Name + +## OUTPUTS + +### Name + +## NOTES + +## RELATED LINKS + +[Disable-SbecAutologger](./Disable-SbecAutologger.md) + +[Disable-SbecBcd](./Disable-SbecBcd.md) + +[Enable-SbecAutologger](./Enable-SbecAutologger.md) + +[Enable-SbecBootImage](./Enable-SbecBootImage.md) + +[Enable-SbecWdsBcd](./Enable-SbecWdsBcd.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Enable-SbecBootImage.md b/docset/winserver2025-ps/booteventcollector/Enable-SbecBootImage.md new file mode 100644 index 0000000000..8c4d63af11 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Enable-SbecBootImage.md @@ -0,0 +1,146 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/enable-sbecbootimage?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-SbecBootImage +--- + +# Enable-SbecBootImage + +## SYNOPSIS +Enables AutoLogger settings in offline WinPE Setup images. + +## SYNTAX + +``` +Enable-SbecBootImage [-Path] [[-Logger] ] [[-PermLogger] ] [-NoDefaultLoggers] + [[-DismLogPath] ] [] +``` + +## DESCRIPTION +The **Enable-SbecBootImage** cmdlet enables the AutoLogger settings and creates the Winpeshl.ini files in offline WinPE Setup images to forward events to the Setup and Boot Event Collector. + +The default event log sessions that are configured for sending events to the Boot Event Collector are NT Kernel Logger, EventLog-System, and SetupPlatform. +You can configure other loggers with the parameters *Logger* and *PermLogger*. +Loggers are always switched to real-time mode, regardless of whether they previously wrote to a file. + +The AutoLogger settings enable event forwarding during the first stage of Setup when it boots from the WinPE image. +The Winpeshl.ini files facilitate the configuration of events on the HDD image through Unattend.xml. + +## EXAMPLES + +### Example 1: Enable Boot Event Collector in a WIM image +``` +PS C:\> Enable-SbecBootImage -Path "C:\Images\Boot.wim" +``` + +This command enables the Boot Event Collector for the Boot.wim image. + +## PARAMETERS + +### -DismLogPath +Specifies the path of the Deployment Image Servicing and Management (DISM) log file to use when mounting images. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Logger +Specifies the AutoLogger sessions for which to enable forwarding. +The forwarding on these sessions auto-disables after the operating system starts. +Specifying a session explicitly in *Logger* or *PermLogger* overrides the defaults for it. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoDefaultLoggers +Indicates that this operation does not automatically add the default set of logger sessions. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies an array of full paths to the offline Windows image (WIM or VHD) files to which to apply the settings. +If a WIM file contains multiple images, all of them are modified. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PermLogger +Specifies the AutoLogger sessions for which to enable forwarding. +The forwarding on these sessions remains enabled after the operating system starts. +Specifying a session explicitly in *Logger* or *PermLogger* overrides the defaults for it. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### None. + +## NOTES + +## RELATED LINKS + +[Disable-SbecAutologger](./Disable-SbecAutologger.md) + +[Enable-SbecAutologger](./Enable-SbecAutologger.md) + +[Enable-SbecWdsBcd](./Enable-SbecWdsBcd.md) + +[New-SbecUnattendFragment](./New-SbecUnattendFragment.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Enable-SbecWdsBcd.md b/docset/winserver2025-ps/booteventcollector/Enable-SbecWdsBcd.md new file mode 100644 index 0000000000..e11844eb93 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Enable-SbecWdsBcd.md @@ -0,0 +1,212 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/enable-sbecwdsbcd?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Enable-SbecWdsBcd +--- + +# Enable-SbecWdsBcd + +## SYNOPSIS +Enables the BCD settings in the offline boot images imported into the WDS server. + +## SYNTAX + +### BcdPath +``` +Enable-SbecWdsBcd -BcdPath -CollectorIp -CollectorPort -Key + [-BusParameters ] [-WdsRoot ] [-SkipNotifyWds] [] +``` + +### WdsImage +``` +Enable-SbecWdsBcd [-Image ] -CollectorIp -CollectorPort -Key + [-BusParameters ] [-WdsRoot ] [-SkipNotifyWds] [] +``` + +## DESCRIPTION +The **Enable-SbecWdsBcd** cmdlet enables the Boot Configuration Data (BCD) settings in the offline boot images imported into the WDS server. + +After importing a boot image (such as one modified by **Enable-SbecBootImage**) into Windows Deployment Services (WDS), WDS automatically generates the BCD configuration for it. +Then, the boot event support must be enabled in this configuration. +Because this BCD file is specially formatted, you must explicitly enable it. + +Because WDS does not support the separate per-client BCD files, sharing of the same BCD files by the clients means that they must use the same secret key for the communication with the Boot Event Collector. +The workaround is to use the common key for the setup, that can be either always be specified in the collector configuration as the second common key for all computers, or can be added to the collector configuration for the computers that are about to be set up, and removed after the setup is complete. + +After modifying the BCD files, the WDS service must be notified (or restarted), to let it pick up the modified files. +This cmdlet performs this notification unless instructed otherwise. + +## EXAMPLES + +### Example 1: Update boot images in WDS +``` +PS C:\> Get-WdsBootImage | Enable-SbecWdsBcd -CollectorIp "192.168.1.1" -CollectorPort 50000 -Key "a.b.c.d" +``` + +This command applies to all the boot images in WDS. + +### Example 2: Update a BCD file +``` +PS C:\> Enable-SbecWdsBcd -BcdPath "c:\tmp\boot.wim.bcd" -CollectorIp "192.168.1.1" -CollectorPort 50000 -Key "a.b.c.d" -SkipNotifyWds +``` + +This command updates the settings on a BCD file copied from WDS. + +## PARAMETERS + +### -BcdPath +Specifies the explicit path of the per-image BCD file(s). + +```yaml +Type: String[] +Parameter Sets: BcdPath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BusParameters +Specifies the bus parameters to use to select the NIC of the target computer for communication. +This value overrides the default choice of the first supported adapter. +This value applies to all the computers that use this image; it can be used only if the hardware of these computers is sufficiently homogeneous. +To find the value of bus parameters for a specific NIC on a machine, open Device Manager, and in Network Adapters select the desired device. +Right-click the device, select Properties, select the Details tab, and then select Location information. +It will display a string of the form PCI bus X, device Y, function Z. +The bus parameter to specify in this example is "X,Y,Z". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: BusParams + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CollectorIp +Specifies the IPv4 address of the host on which the Boot Event Collector is located. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CollectorPort +Specifies the port number (common for the target and collector). + +```yaml +Type: UInt32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Image +Specifies the Windows Deployment Services (WDS) Boot Image object(s) obtained from **Get-WdsBootImage**. +You can also specify a manually constructed hash table instead of an object if it contains the Architecture and FileName properties. + +```yaml +Type: Array +Parameter Sets: WdsImage +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Key +Specifies the encryption key for the communication. +This value must match the key specified in the collector configuration for this target. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipNotifyWds +Indicates that this operation does not notify the WDS service about the changed files. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WdsRoot +Specifies the root of the WDS directory tree. +By default, this value is obtained from the path of the exported SMB share REMINST. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Management.Infrastructure.CimInstance#MSFT_WdsBootImage +This cmdlet takes as input the Windows Deployment Services (WDS) Boot Image object(s) obtained from **Get-WdsBootImage**. +You can also specify a manually constructed hash table instead of an object if it contains the Architecture and FileName properties. + +## OUTPUTS + +### None. + +## NOTES + +## RELATED LINKS + +[Enable-SbecBcd](./Enable-SbecBcd.md) + +[Enable-SbecBootImage](./Enable-SbecBootImage.md) + +[New-SbecUnattendFragment](./New-SbecUnattendFragment.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Get-SbecActiveConfig.md b/docset/winserver2025-ps/booteventcollector/Get-SbecActiveConfig.md new file mode 100644 index 0000000000..dac7ee738a --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Get-SbecActiveConfig.md @@ -0,0 +1,132 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/get-sbecactiveconfig?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-SbecActiveConfig +--- + +# Get-SbecActiveConfig + +## SYNOPSIS +Gets the current active configuration from the running Setup and Boot Event Collector. + +## SYNTAX + +``` +Get-SbecActiveConfig [[-ComputerName] ] [[-CimSession] ] [] +``` + +## DESCRIPTION +The **Get-SbecActiveConfig** cmdlet returns a hash table with two elements, `` and ``. +The `` element contains the text of the active configuration as a single string. +The `` element contains the timestamp when that configuration was set, as a FILETIME 64-bit value. + +You can use the timestamp to verify that the configuration didn't change since the last reading. +You can also use it to get the configuration, modify it locally, and set it back, and ensuring that nobody has modified it during that time. + +You can modify the text of the configuration from the exact text that was last set. +You can normalize it by removing all the carriage return (`\r`) characters and by removing any empty lines at the end of configuration. + +This command throws an error on failures. + +This command is available only to the users having the Builtin Administrator (BA) privilege. + +## EXAMPLES + +### Example 1: Get the active configuration +``` +PS C:\> $res = Get-SbecActiveConfig +``` + +This command gets the active configuration, and then stores it in the $res variable. + +### Example 2: Convert a timestamp +``` +PS C:\> $time = [DateTime]::FromFileTimeUtc($res.Timestamp) +``` + +This command converts the returned timestamp to the PowerShell format, and then stores it in the $res variable. + +### Example 3: Get the text of a configuration +``` +PS C:\> $text = $res.Content +``` + +This command extracts the returned text of the configuration as a single string, and then stores it in the $text variable. + +### Example 4: Print the complete returned information +``` +PS C:\> Get-SbecActiveConfig | Format-List +``` + +This command gets the active configuration and pipes it to Format-List, which formats the results. + +## PARAMETERS + +### -CimSession +Runs the cmdlet on the remote computers through a remote session. +Enter a session object, such as the output of a **New-CimSession** or **Get-CimSession** cmdlet, or an array of these objects. +The default is to run the cmdlet on the local computer. +For more information, see About_CimSession. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on TechNet. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### hash table +This cmdlet returns a hash table with two elements: + +- `` +- `` + +The `` element contains the text of the active configuration as a single string. +The `` element contains the timestamp when that configuration was set, as a FILETIME 64-bit value. +The common way to see the full result is to pipe it through the **Format-List** cmdlet (alias fl). + +## NOTES + +## RELATED LINKS + +[Set-SbecActiveConfig](./Set-SbecActiveConfig.md) + +[Test-SbecActiveConfig](./Test-SbecActiveConfig.md) + +[Test-SbecConfig](./Test-SbecConfig.md) + diff --git a/docset/winserver2025-ps/booteventcollector/Get-SbecBackupConfig.md b/docset/winserver2025-ps/booteventcollector/Get-SbecBackupConfig.md new file mode 100644 index 0000000000..4ee12e3e42 --- /dev/null +++ b/docset/winserver2025-ps/booteventcollector/Get-SbecBackupConfig.md @@ -0,0 +1,143 @@ +--- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +external help file: BootEventCollector-help.xml +Module Name: BootEventCollector +ms.date: 12/20/2016 +online version: https://learn.microsoft.com/powershell/module/booteventcollector/get-sbecbackupconfig?view=windowsserver2025-ps&wt.mc_id=ps-gethelp +schema: 2.0.0 +title: Get-SbecBackupConfig +--- + +# Get-SbecBackupConfig + +## SYNOPSIS +Get the backup configuration files that are available to restore. + +## SYNTAX + +``` +Get-SbecBackupConfig [[-ComputerName] ] [[-CimSession] ] [] +``` + +## DESCRIPTION +The **Get-SbecBackupConfig** cmdlet gets the backup configuration files that are available to restore. + +Whenever a new configuration is set in the Boot Event Collector, the old configuration is saved to a backup file (see Checkpoint-SbecActiveConfig for more information). +Normally, the backup files contain the UTC timestamp in the format YYYYMMDDhhmmssfffffff ("f" being the digits of the fractions of a second) in their names, allowing you to track the history of changes and to restore the older configurations. +If the collector was started with the *noCfgHistory* switch, only one last configuration is kept in a file with the fixed name, and the last modification timestamp on it is used to track the configuration timestamp. +The way to specify the switch for the service is by creating the registry value "HKLM:\SYSTEM\CurrentControlSet\Services\BootEventCollector\Parameters\noCfgHistory" with type REG_DWORD set to 1. + +**Get-SbecBackupConfig** returns the list of the available backup configuration files, in the order from the most recent to the oldest. +You can restore these files explicitly with Restore-SbecBackupConfig, or navigate them sequentially with Undo-SbecActiveConfig and Redo-SbecActiveConfig. + +Even though it's possible to create the backup files with future timestamps (either manually or when the computer's notion of time is moved back abruptly), and these files are listed by **Get-SbecBackupConfig**, they are ignored by the **Undo-SbecActiveConfig** and **Redo-SbecActiveConfig** commands. +You can use **Restore-SbecActiveConfig** to restore them. + +This command returns a hash table with the elements `` and ``. +The `` element contains the original timestamp (that is, the time it was originally set) of the current active configuration. +You can compare it to the timestamps of the backup files to determine which configuration is active, and which configurations would be restored with the Undo and Redo commands. +It is in the binary FILETIME format, as are the timestamps in the other Sbec commands. + +You can convert the binary FILETIME format to the PowerShell time with this code: `\[DateTime\]::FromFileTimeUtc($filetime)` + +You can convert the PowerShell time to the FILETIME format with this code: `$datetime.ToFileTimeUtc()` + +You can convert the PowerShell time (if it is marked as UTC time) to the timestamp format used in the names of the configuration backup files with this code: `$datetime.ToString("yyyyMMddHHmmssfffffff")` + +The reverse conversion can be done with this code: `\[DateTime\]::ParseExact($fnametm, "yyyyMMddHHmmssfffffff", $null, "AssumeUniversal, AdjustToUniversal")` + +To check whether a PowerShell time is marked as UTC time, use this code: `$datetime.Kind -eq "Utc"` + +You can convert a PowerShell time in the local representation to the UTC representation with this code: `\[DateTime\]::FromFileTimeUtc($datetime.ToFileTimeUtc())` + +The `` element contains an array of entries describing the available backup files. +Each entry is a hash with fields Name (containing the file name), Timestamp containing its original timestamp in the FILETIME format, and Time containing its original timestamp converted to the PowerShell DateTime format in local time, for convenience. +The entries in the array are ordered from the most recent to the oldest. + +You must have Builtin Administrator privilege to run this command. + +## EXAMPLES + +### Example 1: Get available backup configuration files +``` +PS C:\> Get-SbecBackupConfig | Format-List +``` + +This command gets the list of available backup configuration files and uses the pipeline operator to pass them to Format-List. + +## PARAMETERS + +### -CimSession +Runs the cmdlet on the remote computers through a remote session. +Enter a session object, such as the output of a **New-CimSession** or **Get-CimSession** cmdlet, or an array of these objects. +The default is to run the cmdlet on the local computer. +For more information, see About_CimSession. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies the names of the computers on which you want to perform the operation. +You can specify a fully qualified domain name (FQDN), a NetBIOS name, or an IP address for each computer. +For more information see [Invoke-CimMethod](https://go.microsoft.com/fwlink/?LinkId=808801) on MSDN. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. + +## OUTPUTS + +### hash table +This cmdlet returns a hash table with two elements: + +- `` +- `` + +The `` element contains the original timestamp (that is, the time it was originally set) of the current active configuration in FILETIME format. + +The `` element contains an array of entries describing the available backup files. +Each entry is a hash with fields: + +- `` +- `` +- `